By Larry Bell
A February Department of Defense Science Board (DSB), Task Force on Cyber Deterrence reports, "The United States faces significant cyber threats from a number of potential adversaries, most notably from Russia, China, Iran, North Korea, and terrorist groups including the Islamic state of Iraq and Syria (ISIS)."
It further warns, "A large-scale cyberattack on civilian-critical infrastructure could cause chaos by disrupting the flow of electricity, money, communications, fuel and water. Thus far, we have only seen the virtual tip of the cyberattack iceberg."
The DSB study determined, "In one sense, the United States has a campaign underway today to deter cyberattacks — but to date, that campaign has been largely reactive and not effective." Its task force counselled, "Although progress is being made to reduce the pervasive cyber vulnerabilities of U.S. critical infrastructure, the unfortunate reality is that for the next decade, the offensive cyber capabilities of our most capable adversaries are likely to far exceed the United States’ ability to defend critical infrastructures."
These threats will rapidly become worse "in coming years as adversary capabilities continue to grow rapidly." Making matters worse: "The introduction of massive numbers of digital sensors (the so-called Internet of Things), processors and autonomous devices of today’s Internet will only exacerbate an already tenuous posture and make defense even more challenging in the coming years."
The DSB report attaches particular concern to rogue nations such as North Korea and Iran. Since attacks on critical infrastructures would clearly constitute an act of aggression and likely an act of war, the U.S. and Russia, and the U.S. and China, share extremely strong stakes in avoiding inadvertent misperceptions which could trigger major conflicts. It notes, however, that increasingly aggressive “regional powers (e.g., Iran and North Korea) have a growing potential to use indigenous or purchased cyber tools to conduct catastrophic attacks on U.S. critical infrastructure."
Both of these nations are demonstrating growing capabilities and willingness to launch cyber assaults against private U.S. and at international targets. In 2012-2013, Iran conducted distributed denial of services attacks on Wall Street firms, disrupting operations and imposing tens of millions of dollars in remediation and cyber hardening costs.
In 2014, North Korea hacked Sony Pictures in an effort to suppress the release of a movie depicting a plot to assassinate its leader Kim Jong-un.
Pyongyang’s headline-grabbing hack on Sony Pictures Entertainment is widely suspected to be same hacking unit linked to cyberattacks at banks in Vietnam, the Philippines, 20 Polish banks, and a $81 million cyber heist at Bangladesh’s central bank.
James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies (CSIS) in Washington, D.C. reports, "North Korea was always a state criminal, sheltered behind sovereignty, and now they’ve moved into cyberspace."
Choe Sang-Hun, Paul Mozur, Nicole Perloth and David Sanger reported in a May 16 a New York Times-Asia Pacific article that North Korea has been training cadres of digital soldiers to engage in international electronic warfare and profiteering exploits ever since the 1980s. Whereas South Korea and America are prime targets, they even appear to be targeting China.
Many of North Korea’s cyber operatives were reportedly selected as math prodigies when they were 12 or 13 years old and trained to become software developers, online psychological warfare experts, and hackers. Some with foreign language skills are sent abroad to learn techniques used in Russia, China and India.
North Korea’s global cyber network is expanding to Southeast Asian countries such as Malaysia where government monitoring is less intense. There, hackers work undercover at technology and other jobs, run online gambling sites, or use ransomware to raise money both for themselves and to fund the military and lifestyles of government elite.
Overall, the hacking enterprise comprises three "teams." An "A Team" often referred to as "Lazarus" targets foreign banks and companies, a "B Team" focusses on South Korea, and a "C Team" specializes in email and data pirating assaults.
The U.S. Department of Defense's Science Board Task Force on Cyber Deterrence emphasizes that, "the United States could — and must — aim to deny North Korea and Iran the ability to undertake catastrophic attacks on U.S. critical infrastructure via cyber, just as the United States aims to deny them the ability to attack with nuclear weapons."
While unfortunately there are no easy or sure-fire cyber deterrence strategies, the task force points out that prospective perpetrators must be put on advance notice that any attack will cost them dearly. This will require "credible response options at varying levels of conflict using full range of military responses (symmetric and asymmetric) — as well as diplomatic, law enforcement and economic."
Stressing extreme urgency, the task force concludes, "It is no more palatable to allow the United States to be held hostage to catastrophic attack via cyber weapons by such actors than via nuclear weapons."
Larry Bell is an endowed professor of space architecture at the University of Houston where he founded the Sasakawa International Center for Space Architecture (SICSA) and the graduate program in space architecture. He is the author of “Scared Witless: Prophets and Profits of Climate Doom”(2015) and “Climate of Corruption: Politics and Power Behind the Global Warming Hoax” (2012). Read more of his reports — Click Here Now.
No comments:
Post a Comment