Cyber Warfare: The Threat From Nation States
The nature of warfare has shifted from physical to online, seeing a deluge of state-sponsored cyber assaults on the West. The issue was put under the global spotlight last month (April), when the UK and US made an unprecedented joint statement blaming Russia for cyber-attacks on businesses and consumers.
The announcement – which is the first time two nations have come together to show solidarity in this area – saw the National Cyber Security Centre (NCSC), US Department of Homeland Security and the FBI warn businesses and citizens that Russia is exploiting network infrastructure devices such as routers around the world. The aim: To lay the groundwork for future attacks on critical infrastructure such as power stations and energy grids.
It is widely agreed that Russia is one of the most – if not the most – accomplished nations in the world in its ability to perform state sponsored attacks, disinformation and espionage. But China, North Korea and Iran are known to have dedicated cyber arsenals that are of increasing threat to the West.
In April, the US and UK governments hit out at state owned Chinese telecoms firm ZTE, with the NCSC writing to UK telecoms providers to warn that using the firm’s equipment and services could pose a national security risk.
There have also been multiple reports of cyber-attacks targeting the power stations and electrical grids. The US blamed Russia for a recent strike on its electrical grid, while the NCSC held the Kremlin responsible for several attempts to disrupt UK infrastructure.
The physical damage possible as a result of these types of attacks is already clear. In August last year, a petrochemical company with a plant in Saudi Arabia was hit by an assault designed to trigger an explosion.
A similar attack, and one of the most famous examples, is the Stuxnet worm which was discovered 10 years ago after it ravaged an Iranian nuclear facility. The result of the ambush was a toolkit designed to specifically target the supervisory control and data acquisition (SCADA) systems that power critical infrastructure. “Stuxnet created an entire family of weaponised malware,” says Greg Sim, CEO at Glasswall.
Adding to complexity, threats such as this can lurk in industrial systems for years without being spotted, says Emily Orton, Co-founder at Darktrace. “We need to have a better, more sophisticated defense strategy protecting industrial networks from cyber-threats that manage to infiltrate these critical systems – and we must catch them early.”
‘Critical’ services at risk from a cyber-assault also include the health sector and financial institutions. Last year, the WannaCry cryptoworm that tore through the UK’s NHS was another warning of the damage possible from a nation state attack, when hundreds of machines were taken offline and operations cancelled.
At the same time, if an adversary succeeded in manipulating the stock exchange, a nation’s economy could be devastated, Daniel Faraci, director of Grassroots Political Consulting says.
The damage can be considerable, but not all cyber-assaults focus on attacking systems directly. Many, especially those from Russia, aim to disrupt other nations for political gain through disinformation campaigns such as fake news.
Nations are aware of this and are finding ways to fight back, says Dr Jessica Barker, co-founder of Redacted Firm. For example, during the 2017 French election, lessons were learnt from the US presidential race that saw a spike in fake news and disinformation. “Emmanuel Macron’s team were concerned about being hacked, and about fake news, so they put defenses in place including honeypots and fake data to confuse attackers,” Barker says.
Businesses are also making an effort, but sometimes attackers are able to access systems due to simple mistakes. Many cyber-assaults start with employees, who are targeted via so-called phishing emails including a download or link to a malicious site.
“Attacks targeting Government, nuclear, water, energy, aviation and defence CNI are achieved by sending spear-phishing emails to employees or infecting websites in what is called a ‘waterhole attack’,” says Alicia Kearns, independent counter-disinformation and hybrid warfare consultant.
Adding to the risk in critical sectors, she points out: “A great deal of CNI sits in private hands, and attacks are more likely to be successful when targeting CNI supply chains, particularly those based offshore or held by small companies with less developed or sophisticated cyber security policies.”
Kearns advises businesses to train their employees to identify dubious emails, invest in first-class cyber security systems and incorporate air gaps to protect from unsecured networks.
To strengthen the overall resilience of European critical infrastructure, multi-stakeholder collaboration bringing together governments, private sector operators and industry regulators is essential, says Elisabetta Zaccaria, chairman, Secure Chorus.
“This approach would accelerate the development of the required strategies, regulatory frameworks, common standards and tangible capabilities all aimed at achieving a harmonised regime across the relevant sectors.”
It is also helpful for governments and businesses to look to other nations already applying best practice approaches to cyber security. Barker cites the example of Estonia, which has built up robust cyber defenses after a series of distributed denial of service (DDoS) attacks hit the country a decade ago. “They have put their efforts into cyber security and defense, setting up ‘digital embassies’ around the world with data mirrored and backed up.”
Action is being taken but hackers are constantly improving their techniques, so it is important to stay one step ahead. State sponsored cyber assaults will continue and it is likely the threat will elevate further as world super powers continue to develop their war chests.
Faraci says it is only a matter of time before a major attack on the West. “I’m shocked that it hasn’t happened already. I always recommend that people are prepared.”