In this five-part series CISO Brian Lozada examines the state of cybersecurity in our nation’s critical infrastructure, what is at risk, what makes it unique and what measures can be taken to bolster its safeguards.
Read Part One
Read Part Three
Read Part Four
In the first article in this series, I addressed the growing possibility of cyberwarfare. In this installment, I will more closely examine these evolving threats, the challenges of cyberwarfare and the key adversaries the United States faces on the digital battlefield.
Part Two
The Growing Cyber Threat
James Clapper, Director of National Intelligence, (2013) states that “the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks,” which results in an increased amount of cyberattacks against the United States by both non-state and state actors (p. 2). Such attacks provide a heightened risk to the nation’s critical infrastructure.
The impact of cyber threats varies in intensity from small-scale, yet potentially damaging, cyberattacks on private organizations to large-scale, extensive hacking activity against the United States. Further, trends in cybercrime suggest that more serious cyberattacks on critical infrastructures are likely to occur in only a matter of time.
In recent years, the United States government has begun to recognize the scale and impact of the cyber security challenges that our nation now faces, and understand that addressing these threats is necessary for the protection of the United States’ economic prosperity. However, the nation is still struggling to implement an effective strategy to protect against such threats.
The threat of cyberattacks has a scope much broader than the civilian and corporate realms; as more critical national infrastructures are becoming computerized, the fear of computer network attacks on government agencies and organizations has become a risk to the nation’s security.
According to Geers (2010), “The urgency with which the FBI views the threat from cyberspace should no longer be surprising: information systems, including client and server computers, databases, and the networks that connect them are now used to facilitate the management of myriad government infrastructures. Many of these…provide the basic services necessary for the functioning of a modern society” (p. 124). Due to the pervasive nature of this threat, the government is not only responsible for its own assets but is also responsible for the cyber protection of the private sector as well.
United States’ national security must account for the growing threat of the cybersphere; how this should be achieved still remains unclear. Cyberwarfare is more difficult to combat because there are no clearly defined borders as to what is right or wrong.
Further, electronic armies are in operation without the formal backing of nation states, so forging alliances with such states may not prove as effective a tactic as it may be for physical warfare. A strategic approach would be for the United States to focus on the development of technology to protect the nation’s critical infrastructure, as the best offense is a good defense, especially in the world of cyber security.
Perpetrators of Cyberattacks
While there is yet to be a clear-cut definition of cyberterrorism, the North Atlantic Treaty Organization (NATO) (2008), attempts to describe it as “a cyberattack using or exploiting computer or communication networks to cause sufficient destruction to generate fear or intimidate a society into an ideological goal” (as cited in Infosec Institute, 2012). Among the perpetrators behind these cyberattacks are terrorist organizations, hacktivists and
cybercriminals. The United States’ most threatening adversaries in the cyberdomain, referred to as Advanced Persistent Threats (APT), continue to originate from China, Russia, and Iran.
China’s sophisticated cyber espionage capabilities and impressive number of cyberattacks “appear to be intended to amass data and secrets…that will support and further the country’s economic growth, scientific and technological capabilities, military power, etc. — all with an eye to securing strategic advantage in relation to competitor countries and adversaries,” including the United States (Cilluffo, 2013, p. 7).
One cyber espionage unit, APT1, which originates from the Shanghai region of China, conducted one of the largest state-sponsored cyberattacks in recent years. According to a report released by Mandiant in 2013, APT1 maintains “an extensive inventory of over 900 command and control servers in 13 different countries” and has conducted attacks on over 150 organizations during the past seven years (as cited in Salane, 2013, p. 2). The APT1 cyber espionage unit employed a packet transmission tool to enable communication between command and control servers.
This technique was also utilized by another Chinese hacker organization, which was responsible for obtaining information that compromised RSA’s SecureID Token, “a device used by organizations around the world to provide secure two factor authentication to highly sensitive systems” (p. 2). It was later confirmed that the compromised tokens were implicated in the breach of systems of defense contractor Lockheed Martin.
The primary interest of Chinese hacker organizations has been related to state sponsored cyber espionage. China remains a threat to our nation as the country continues to develop more sophisticated cyberwarfare tactics and capabilities (Salane, 2013).
Despite the visibility of China’s cyberattacks, Russia’s cyber espionage capabilities are, perhaps, even more sophisticated. Russia’s extensive attacks on the United
States, especially in regard to our nation’s research and development, have resulted in Russia being named “a national long-term strategic threat” to the nation by the Office of the U.S. National Counterintelligence Executive (Cilluffo, 2013, p. 9). As recently as March 2013, Russian hackers released “personal information about the Vice President, the Director of the FBI, and other current and former senior U.S. officials” (p. 10).
Cybercrime perpetrators have been instrumental in increasing Russia’s global crime market to $2.3 billion. These attackers are comprised of patriotic hackers and organized crime organizations with assistance from government handlers and the Russian Intelligence Service; however, Russia denies official involvement in cyber espionage related events (Cilluffo, 2013).
Iran has been currently investing in its cyberwarfare expansion through the purchasing of capabilities, malware, and weapons. Unlike Russia, Iran has openly recruited hackers, such as the Iranian political/criminal hacker group Ashiyane, through the nation’s Revolutionary Guard Corps. Similarly, hacker organization Basij is hired to execute cyber espionage work on behalf of this regime (Cilluffo, 2013).
Since August 2012, Iranian cyber espionage unit Izz ad-Din al – Qassam Cyber Fighters have been engaged in powerful Denial of Service (DDoS) attacks on financial institutions, targeting bank servers and injecting infected applications (Salane, 2013).The Wall Street Journal reported “an intensifying Iranian campaign of cyberattacks against American financial institutions including Bank of America, PNC Financial Services Group, Sun Trust Banks, Inc., and BB&T Corp.” (Cilluffo, 2013, p. 11). Based on recent activity of Iranian cyber espionage organizations, the Los Angeles Police Department has elevated the government of Iran to a Tier One threat (Cilluffo, 2013).
Should this type of nation-state cyberterrorist activity continue to advance, a worst-case scenario could involve a catastrophic cyberattack on the United States’ critical infrastructure, including an attack on nuclear reactors, which would sustain significant damage and result in major threat to the nation (Rutherford, 2013).
As this threat grows, so does the need for a solution to protect our nation’s critical infrastructure. In the next article in this series, I will review past initiatives to address this need, including the Obama Administration’s executive order to improve critical infrastructure cybersecurity.