Protect and Survive: Dealing with Adversarial Nation States

Attacks in cyberspace can have serious physical consequences, such as Stuxnet cyberattack showed. Believed to have been carried out jointly by the United States and Israel, the infamous cyber assault crippled Iran’s nuclear program after taking control of systems and causing the destruction of centrifuges.

More than a decade later, there has been an increase warnings of a similar attack targeting critical infrastructure such as utilities and water, following Russia’s invasion of Ukraine. Alerts from US and UK officials describe how Russia constantly scans trading systems, looking for weaknesses through which to attack.

The increasing sanctions imposed on Russia make the country a significant cyber threat to the West. So far, Russian cyberattacks have remained basic, consisting mostly of basic distributed denial of service (DDoS) – flooding websites with traffic to render them unusable – although Ukraine claims attempts to hit its power grid took place.

But more broadly, the war heightened the awareness of governments and corporations of the threat posed by all adversaries of nation states. Besides Russia, several other major nation-state actors are actively committing attacks on the West, each with different objectives.

The main hostile nations are China and Russia, closely followed by Iran and North Korea, says Philip Ingram, MBE, a former colonel in British military intelligence. “They use a mix of state and criminal capabilities, many of which are state-sponsored.”

Some nation-state aggressors seek financial gain through government-sanctioned organized crime. An example is the North Korean group Lazarus, recently related to a $625m (£492m) cryptocurrency heist. “Economic constraints limit North Korea’s efforts in bitcoin heists and ransomware attacks – something the West is getting a little better at thwarting,” says Ian Thornton-Trump, CISO of China. threat intelligence firm Cyjax.

Other nations seek to steal business and state secrets. China wants to gain economic advantage through intellectual property, which helps the nation “save billions in development costs,” Ingram said.

China has a “very capable” cyber section within its military, says Jamal Elmellas, chief operating officer of security consultancy Focus on Security. “They see cyber as an additional weapon in their arsenal.”

Following the Stuxnet attack, Iran’s cyber strategy is focused on the region and defence. Thornton-Trump believes the country is now in standby and learning mode as events in Ukraine unfold. “They desperately want the sanctions lifted and running a big Iranian cyber campaign would be counterproductive to facilitating those talks.”

Meanwhile, Russia is focusing on diplomatic and military targets as well as influence through disinformation. “That was evident in Ukraine, and after election interference around the world,” Ingram says.

At the same time, the Russian threat comes from organized crime. It’s not necessarily government-sanctioned but is “very capable,” says Elmellas.

Hostile nation states are a threat to all businesses, especially if they operate in critical sectors such as utilities, financial services or healthcare. In general, companies developing and fielding new technologies should be on high alert, Ingram says.

The most successful nation-state attacks are those we don’t see or know about

People involved in a supply chain are also more likely to be attacked as an entry point to large organizations such as governments. This happened in the year 2020 Violation of SolarWindswhich saw Russian adversaries gain access to US government departments after attacking a computer software vendor.

It is a growing risk for businesses to become part of the fallout from a major global cyberattack, even if they are not a target themselves. “The SolarWinds attack provided adversaries with inadvertent access to many other companies that were not themselves targeted,” said Gemma Moore, director of information security consultancy Cyberis.

Other attacks that see companies part of the collateral damage include the 2017 NotPetya incident and want to cry ransom attacks. Perpetrated by North Korea, WannaCry crippled the NHS after hitting several organizations through outdated Windows XP systems.

Dealing with the nation-state threat requires a strong cybersecurity strategy. That means having “a solid foundation,” including the basics, says Ian Usher, deputy global head of the strategic threat intelligence practice at cybersecurity consultancy NCC Group. “Correction, access controls, evaluation of defensive measures, logging, backups and incident planning.”

Threat intelligence also plays a critical role. “It helps organizations understand their unique place in the landscape so they can tailor intelligence gathering to the threats most relevant to them,” he said.

Moreover, corporate culture is integral to protecting against the threat of the nation-state. Businesses need to understand what business data is critical and ensure it’s protected against all risks, Ingram advises.

Within this framework, cybersecurity should be part of a broader enterprise risk management strategy. “Threats must be properly understood so that risk can be mitigated in the most cost-effective and cost-effective way possible,” Ingram says, adding that a strong cybersecurity profile is “a real marketing asset.”

Investing in technology is also important. Legacy technical debt will overwhelm companies that have underinvested in IT and security controls, says Thornton-Trump. “Some nation states and cybercriminals will no doubt exploit these opportunities as victimized countries struggle to manage the basic needs of their citizens in an increasingly polarized political climate.”

Beyond that, governance is essential, says Elmellas. “It’s there for a reason: as the organization grows, so should its security capability. You need to know where the boundaries are and secure them – which is even more critical than ever, as boundaries have shifted with the rise of working from home. Test your defenses; you have to see security as a functional resource.

Opponents of nation states will continue to react, especially in light of sanctions such as those imposed on Russia by the United Kingdom and the United States. For this reason, it’s important to be vigilant – after all, the most damaging attacks are those that go unnoticed.

“The most successful nation-state attacks are those we don’t see or know about,” Ingram warns. “Adversaries can sit quietly in a network, watching, listening and stealing what is wanted, rather than carrying out attacks designed to cause nuisance or damage.”

About Thomas Brown

Check Also

Exit polls: What voters think as America heads to the polls

CNN — Read below for an analysis of CNN’s 2022 preliminary national exit polls. According …