5 August 2016

DIA cyber officer profiles global threat actor


August 1, 2016 

The cyber threat is all around us, from nation-states to terrorist groups to hacktivists motivated by social change and individuals looking to make a name for themselves. Understanding each group and their motivations is key to defending and responding in cyberspace.

To keep abreast of the threat landscape, the Defense Intelligence Agency’s defense intelligence officer for cyber, Ronald Carback, is charged with keeping the DoD brass informed of the major players and what provokes them to action.

While speaking at the DoD Intelligence Information Systems (DoDIIS) conference in Atlanta, Georgia, Carback offered a glimpse into the threat profiles of major actors and groups operating around the world.

“With the combination and variety of cyber actors and the continuing growth of the threat to national security, our economic security, as well as our defense industrial base, it clearly highlights the need to understand our adversaries,” he said. “Their motivations, their intent, their capabilities at the strategic level, as well as the tactical level.”

Carback split the threat landscape into two groups: Nation-states and non-state actors.
Nation-States

China

Carback cited China as the top threat to U.S. intellectual property — including from the defense industrial base — noting the 2014 indictment of five Chinese nationals, who had been breaching defense contractor systems for more than eight years looking to steal data on advanced military systems.

“China, philosophically, continues to desire to gain information to improve their economic, diplomatic, military and defense industry efforts,” he said. “Their standard goals in warfare is to collect information through an attack, to slow our communications and logistics and to support potential kinetic attack planning.”

“The Chinese are an advanced actor,” he added.

Russia

“Philosophically, [Russia is] an advanced actor that’s continuing to grow their capabilities and developing their own military cyber command,” Carback said, at least according to Russian military officials. “They seem to be assuming a more assertive cyber posture, as they seem to be willing to target critical infrastructure to continue their efforts, even when detected and under public scrutiny.”

Similar to China, Russia’s goals seem to be to “target our interests; assist in their decision-making; split their military and political objectives; and prepare the battlespace for future operations.”

Iran

While not on the same level geopolitically as China and Russia, Iran has shown itself to be a significant player in cyberspace, Carback said, and the most notable nation-state actor in the Middle East.

“Iran seems to be willing to use cyber operations as a non-attributable, asymmetric response based on their perceived threats from the West,” he said. “They use cyber espionage, propaganda and attacks to support their priorities, influence events, disrupt dissidents from reaching out and to counter threats from the West.”

Carback noted Attorney General Loretta Lynch earlier this year released indictments on seven Iranian nationals charged with hacking U.S. infrastructure, including the financial sector and a small dam in upstate New York.

North Korea

The rogue nation came onto the cybersecurity scene with the massive, destructive hack of Sony Pictures Entertainment in 2014. Not only were the assailants able to steal an incredible amount of sensitive information, they were also able to disrupt the entire network, bringing the company to its knees.

As shown with that hack — which ostensibly was in retaliation for the then-upcoming release of “The Interview,” a comedy critical of the regime — North Korea’s prime motivations seems to be political.

“Their propensity is to achieve political objectives,” Carback said. Post-Sony, “North Korea probably remains a capable actor and are willing to launch disruptive and destructive cyberattacks.”

Hacktivism and Cyber Crime

Carback briefly mentioned hacktivism and cyber crime as significant issues. However, these groups tend to be easily identified — along with their motivations — and have been causing trouble in cyberspace since the invention of the World Wide Web.

Terrorist Groups

As social media and cyber tools spread across the globe, terrorist organizations like the Islamic State group (ISIS) are using technology for communications, recruitment and propaganda.

“They have a very diverse social media effort that many of us consider as part of the cyber threat,” Carback said. “Their primary use is to propagandize or recruit new members.”

When asked to comment specifically on ISIS’s offensive capabilities in cyberspace, Carback said he hasn’t seen them conducting cyberattacks as an organization.

For Carback, the real cyber threat comes from…

The Lone Wolf

While ISIS does not seem to have an orchestrated cyber offensive, they have called on individuals with hacking expertise to heed the call.

“I personally am more concerned about the lone wolf hackers that are out there,” Carback said. “Whether they’re tied to hacktivists, whether they’re just trying to reverse course on some ideology that they don’t agree with — because of that low-barrier of entry, it’d be very easy for that to happen, just as it does in terrorism today.”

No comments: