Pages

2 June 2019

To Win The Cyber War, A Great Defense Is The Best Offense

Edward Wood

In their recent 2019 Worldwide Threat Assessment, the United States Intelligence Community (IC) predicted expanded and diversified threats to U.S. national security, driven in large part by China and Russia. This same report revealed that cyberattacks are one of the fastest-growing crimes in the United States, and they are increasing in size, sophistication and cost. One could say the U.S. is fighting wars at home and abroad, having to address vulnerabilities on diverse fronts.

For example, Marriott is estimated to have exposed 500 million user accounts. The Yahoo breach affected three billion user accounts (up from an earlier estimate of one billion). And the Equifax breach in 2017 affected nearly 150 million users.

These incidents -- alongside the WannaCry and NotPetya cyberattacks, which occurred in 2017 -- were far larger in scale and more complex than previous attacks. This begs the question: Are foreign adversaries supporting these attacks on many of the U.S.'s largest corporations as part of a new way to wage war?


Given the intense economic competition and a growing desire for technological and military superiority, foreign adversaries are disrupting politics, business and supply chains and targeting mission-critical networks that are increasingly being used to connect everything from electricity and IP-based communications to smart cities, smart factories, smart cars and smart homes.

The advantages new technologies bring, including the internet of things (IoT) and industrial IoT, by making resources more efficient, healthcare more accessible, communities safer, the environment cleaner and life simply more convenient are being offset by invasions of privacy and the potential for bad actors to take control of our most critical assets.

“China and Russia are more aligned than at any point since the mid-1950s, and the relationship is likely to strengthen in the coming year as some of their interests, and threat perceptions converge, particularly regarding perceived US unilateralism and interventionism and Western promotion of democratic values and human rights,” the IC report says, indicating that the drive to mastermind how our hyper-connected world works goes beyond greed and extends into belief systems.

Are we already in World War III?

Post-World War II alliances, international diplomacy and cross-border trade agreements are evolving rapidly. With increasingly sophisticated software designed to outwit traditional network, cloud and application security measures, intelligence professionals in the United States are transforming and investing, knowing that without a great digital defense in place today, the country risks massive threats to U.S. economic competitiveness.

Historically, wars have been driven by geographic dominance, but in today’s world, access to the internet has created a more level playing field -- or digital war zone -- and a “digital military-industrial complex” that has turned hacking into a multibillion-dollar business, resulting in trillions of dollars of losses. Cybersecurity Ventures predicts that cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.

At the intersection of private and public security vulnerabilities, it may be difficult to determine who is funding what. However, with the investigation of Russian interference in U.S. elections, finding evidence is possible. With stronger defenses in place, we can harden the networks connecting critical infrastructure (including communications networks themselves, along with the energy grid, air traffic control systems and more) so we can prevent attacks well before we have to prosecute the offenders who are more sophisticated and fully funded than any other traditional military organizations.

The situation has deteriorated so much that a supervisory special agent with the Federal Bureau of Investigation who investigates cyber intrusions told the Wall Street Journal that every American citizen should expect that all their data (personally identifiable information) has been stolen and is now on the dark web.

“Our adversaries and strategic competitors will increasingly use cyber capabilities -- including cyber espionage, attack, and influence -- to seek political, economic, and military advantage over the United States and its allies and partners,” the IC report concludes.

We are, indeed, at war. And given that what could be World War III is already happening in ways we never could have imagined after the United States helped liberate Europe in the 1940s, we need to crack the code and advance what helped us win the war, including the use of encryption to protect transmission networks, clouds, applications and devices. Is there a more important focus than conquering the growing threat landscape and addressing the exponentially expanding attack surface?

Building a powerful defense 

It is imperative to go beyond the traditional way of securing networks and standard encryption. The stakes are getting higher, and the adversaries are getting smarter. For example, many are concerned about the implications when quantum computing may be able to break algorithms, the foundation for many encryption solutions. This is driving intense interest in advanced approaches, including quantum key exchange (QKE).

An article in the MIT Technology Review listed “breaking encryption using quantum computers” as one of the top five threats in 2019, saying “Security experts predict that quantum computers, which harness exotic phenomena from quantum physics to produce exponential leaps in processing power, could crack encryption that currently helps protect everything from e-commerce transactions to health records."

Quantum machines are new, so there have only been few a breaches so far. But imagine what could happen when connected cars, with over-the-air updates, will be used over the next few years. Encryption that is good enough today won’t be good enough tomorrow when quantum attacks mature.

In short, traditional encryption and even today’s most advanced encryption will not be enough in the future. We need to get smarter to outsmart the bad guys.

Enterprises and organizations should constantly follow security breaches and be aware of new technologies that can be applied. Board members should also be aware and encourage regular security audits while reviewing the enforcement of policies that will protect against dramatic losses of revenue and reputation.

To quote Sun Tzu, “The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.”

No comments:

Post a Comment