14 January 2017

*** 2017 Preview: Cyber power presents new prospects and perils

by Azhar Unwala

Cyber power presents new risks to global politics, security, and commerce. Analyzing the emerging cyber-threat environment is crucial to contain those risks in 2017.


In 2017, cyberspace will penetrate the globe at a greater scale and scope. Nearly half of the world’s population will possess Internet access by 2017. Global information technology (IT) spending is projected to reach $3.5 trillion, up nearly 3 percent from 2016. Governments and private enterprises will continue to migrate their services to the cloud to improve data-sharing and generate greater operational efficiencies. The 2017 global public cloud market alone is estimated to grow by almost 22 percent, topping $146 billion. More and more objects across various industries will also become network-enabled and interconnected, making their functions intelligent and automatic. The number of these Internet-of-Things (IoT) devices is forecasted to reach 20.35 billion in 2017 — up 30 percent since 2015.

These cyber developments will enable and correspond with developing cyber threats. Cyber power was ubiquitous in 2016; it included an $81 million electronic heist from a Bangladeshi bank, an unauthorized breach of the U.S. National Security Agency network, Russian cyber operations against U.S. Democratic Party members and institutions, and the exposure of 500 million private Yahoo! accounts. The prevalence and magnitude of 2016’s cyber operations suggest that cyber power will present more advanced and frequent risks to global security, politics, industry, and infrastructure in 2017.

Nation-states will lead

Nation-states will remain cyber dominant in 2017. The United States, Russia, China, the United Kingdom, Israel, Iran and North Korea retain some of the globe’s most advanced cyber abilities. Many of those countries also possess government institutions that unify and direct their nation’s cyber capabilities with budgets in the billions of dollars.

In warfare, cyber power will continue to provide asymmetric advantages against traditionally stronger adversaries. Advanced, interconnected military platforms and communications are all accordingly susceptible to being short-circuited. China and Russia have been preparing to disrupt U.S. military and intelligence satellites and unsettle American command-and-control to achieve information dominance in future conventional conflict with the United States.

Outside conflict, state-sponsored cyber espionage will intensify in 2017. Phishing, spear-phishing, and whaling operations — where broad swaths of individuals, specific groups of individuals, or a single high-profile individual are respectively targeted with malware — will be espionage’s primary enabler.

Wombat Security’s 2016 State of the Phish report indicates that 85 percent of private organizations worldwide suffered phishing operations, primarily through email attachments. Political institutions were also targeted, such as the U.S. government’s Office of Personnel Management, members at the 2016 G20 summit, and Hillary Clinton’s U.S. presidential campaign chair John Podesta. These end-users’ prominence and established vulnerability suggests that cyber espionage will be bolder in 2017.

States will aim to glean insight into adversary government’s decision-making as well as acquire knowledge of private companies’ trade secrets, intellectual property, or global business operations. Espionage’s benefits may further outweigh its costs as governments and multinational organizations increasingly move toward cloud computing and storage architectures. Since cloud data is easily shared and accessible across numerous devices, one proper breach could provide access to an entire enterprise.
Non-state actors will follow

Non-state actors armed with cyber power will reach new sophistication in 2017. Criminal organizations will be the primary threat; European police claim those organizations already conduct 80 percent of cyber-crime. Criminal networks’ complex transnational hierarchies, partnerships, and operations also make targeting them difficult. Cyber-criminals — whether tied to traditional criminal networks or not — have also begun to commodify their services worldwide. This suggests that they will be often commissioned by terrorist organizations, cyber-inept rogue governments, or nation-states seeking anonymity to disrupt foreign commerce and politics.

The tools available to cyber-criminals will also make their actions more lethal. Constant upgrades to exploit kits targeting basic services Adobe Flash Player and Microsoft Windows will provide a steady means for criminals to overcome security protocols. New releases of IP anonymizers like Tor and anonymous cryptocurrencies like Bitcoin and Zcash will also impede organizations and law enforcement’s ability to locate and prosecute cyber-criminals. Zcash in particular offers a new trajectory for cyber-crime in 2017: its greater anonymity than Bitcoin will enable criminals to compromise foreign devices with malware and exploit those devices to mine currency for themselves — all at the cost to the foreign devices’ users.

All this also indicates that ransomware may reach unprecedented levels in 2017. Cyber-criminals will compromise public and private systems, services, and files to demand ransom payments in exchange for ceasing their activity. In 2016, malware locked 2,000 ticketing systems of San Francisco’s subway and the perpetrators demanded a ransom of $70,000 before they would release control. Future ransomware will aim to compromise hundreds of machines extremely quickly, perhaps through self-propagating malware. This is due to the high average cost of a single breach to an organization — $5.83 million if identified within 100 days, according to the Ponemon Institute. Those high costs will incentivize compromised organizations to pay ransoms, making the criminal practice more attractive.

Industry will be a key target

More significantly, cyber power will target industry in 2017. It is likely that private companies will become greater targets for politically-motivated cyber operations related to complex geopolitical rivalries in which they do not participate. This trend is already apparent: in the past two years, the Chinese military hacked into Westinghouse Electric, North Korean hackers targeted Sony Pictures, and cyber operations linked to Russia triggered Ukrainian utility outages. In these cases, cyber power linked to states or patriot hackers aimed to acquire intelligence, demonstrate cyber capabilities, project strategic influence, or frighten populations—often with huge media impact. While many companies in unstable regions already analyze geopolitical risk for their operations, extending that analysis to the cyber realm is difficult and can leave those businesses uniquely vulnerable.

Along those lines, cutting-edge cyber-attacks against industry infrastructure are now probable. Nation-states above all have been attempting to compromise adversary infrastructure, and the necessary skills and technology to do so is becoming increasingly widespread. The past year exhibited attacks in this regard: breaches against health organizations like the Central Ohio Urology Group resulted in thousands of patient records being leaked, and a large-scale distributed denial of service (DDoS) attack against the domain service Dyn compromised and shut down parts of the U.S. Internet.

The growing importance of IoT devices in energy production, healthcare, manufacturing, transportation, and other sectors will augment this threat. Many smart devices do not include inherent security protocols and do not permit installation of third-party security software. They also allow users to maintain default passwords and permit unauthenticated communication with other devices. These vulnerabilities will make IoT devices a significant target from cyber power in 2017, and possibly lead to loss of life absent robust security standards and norms deterring their use.
Information warfare will be routine

In 2017, information warfare will be employed against a wide array of public and private targets to generate uncertainty towards truth. The 2016 U.S. presidential election displayed how disinformation and fake news can sway public perceptions of political institutions and politicians. That model is likely to be replicated in a variety of contexts worldwide. In Indonesia, hardline Muslim groups have been utilizing fake news to propagate anti-Chinese sentiment accordingly.

Information warfare will also aim to project influence among specific targets. Publication of a high-profile individuals’ emails can upset political, diplomatic, or business strategies by fomenting distrust and controversy around those individuals. It can also incite fear and violence: ISIS has frequently gathered personal information online about U.S. military and law enforcement personnel and published that data to threaten those personnel virtually and physically.

Containing cyber power’s risks

Cyber power will undoubtedly pose greater risks to global politics, security, and commerce in 2017. As more devices, individuals, and institutions become interconnected, actions to ensure the costs of connection will be necessary.

Interstate dialogue and informal international arrangements around cyber threat intelligence, critical infrastructure protection, and security measures will likely become more prevalent. Bilateral and trilateral dialogues around cybersecurity have already occurred among countries like the United States, China, Japan, India, South Korea, and France. These discussions will likely shift to improving law enforcement intelligence-sharing against cyber-crime, as well as calls for greater international norm-building around the uses and limits of cyber power.

The political implications of cyber power targeting public and private sectors will provide greater collaboration between government and industry at the national level. Industry and government may improve threat intelligence-sharing as well as cooperate in setting more robust national standards and procedures for cybersecurity, data protection, and censorship.

Yet end-users will remain the weakest link in cybersecurity. International and national policy developments in cybersecurity will be slow-moving, and none of that progress will be effective without security improvements at the software, hardware, and user level. This requires greater security standards for IT products and services, adoption of innovative technologies like artificial intelligence and machine learning into organizations’ security procedures, frequent updates to organizations’ security strategies, and greater cyber awareness and vigilance from individuals. Whether 2017 cyber risks can be managed along these lines remains to be seen.

No comments: