Tag Archive for: cyberwar

6 historical threat patterns suggest that cyberwar could be inevitable

/in


We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Predicting cyberthreats has been an elusive goal. Unlike in healthcare, where early diagnostics can be used to predict and hopefully prevent disease, cybersecurity has never had a reliable means for determining that an attack is coming. This is especially true for isolated cyberbreaches, such as data theft, which are often decided on a whim. 

That said, it’s been noticed by this author recently that certain historical patterns do exist that can be used to predict large-scale cyberthreats. Sadly, as will be shown below, analysis and extrapolation of the patterns suggest an uncomfortable progression toward a major global cyberwar. Let’s go through the relevant patterns.

Threat pattern 1: Worms

In 1988, the first worm was created by a student with the innocent goal of determining whether such a program might work. This was followed by a long period of minimal worm activity, only to be broken in 2003 by a major rash of worms such as Slammer, Blaster and Nachi. These worms caused significant disruption to major business operations.

The pattern here was that an initial small-scale attack occurred in 1988, followed by 15 years of relative quiet, which ended with a significant large-scale attack in 2003. Worms still represent a cyberthreat, but not much change has occurred in their design since 2003. Worms are now in a period of relative quiet once again.

Threat pattern 2: Botnets

In 1999, the first botnet appeared, followed by a similar attack in March of 2000. This was followed by a period of relative quiet in terms of DDoS attack design innovation. Attack volumes, for example, remained relatively constant until 13 years later when Iranian hackers launched a series of massive layer 3/7 DDoS attacks at US banks

Again, the pattern was that an initial small-scale attack occurred in 1999, followed by 13 years of quiet, which ended with a large-scale event in 2012. Like worms, botnets are also still a security problem, but they have not experienced much…

Source…

I do read your comments. Interview with Russian hacker and techie // Russia Ukraine Cyberwar

/in



How to conduct a cyber-war gaming exercise

/in


Defenses are in place, and a cybersecurity strategy has been designed. But how does your organization know they work? Conducting a cyber-war game can expose any shortcomings a real attacker may uncover.

Most cybersecurity professionals are aware they need to conduct cyber-war gaming exercises to ensure overall cybersecurity readiness. But questions remain about how to conduct this exercise, including the following:

  • What should the cyber-war games include?
  • How often should they be conducted?
  • Who should participate?
  • What documentation is required?
  • What should the end results and deliverables look like?

Let’s look at what’s needed for successful cyber-war game exercises, starting with what they are and why businesses should conduct them.

Characteristics of an effective cyber-war game

Cyber-war games are creative exercises in which an incident response team reacts to a hypothetical set of scenarios.

The military has long conducted war games, also known as tactical decision games, because they work. Participants learn to understand the unintended consequences of decisions in the context of the chaos of warfare. As the military adage attributed to Prussian Field Marshal Helmuth von Moltke the Elder goes, “No plan survives first contact with the enemy.”

Now, take those lessons, and adopt them for cyber-war gaming. One important element to conduct effective cyber-war games is to develop scenarios that incorporate multiple unplanned events and generate perfect-storm scenarios. For instance, what if the attack vector is an IoT network and an attack on the connected HVAC system brought the data center down? Or what if a Session Initiation Protocol man-in-the-middle attack compromised sensitive voice calls, while a DDoS attack took down the email server? Or what if a key person is out with the flu?

Another important element is how often the exercises are held. Conducting cyber-war gaming on a regular basis is key — ideally, quarterly but minimally annually. It’s less important to craft the perfect game than it is to conduct cyber-war gaming early and often, learning and improving as you go.

Critical cyber-war gaming roles

The two most important roles in cyber-war gaming are…

Source…

Forget Cyberwar: We Need Cybersecurity First

/in


Russia’s invasion of Ukraine has shattered many illusions. One of them is the idea that skill in offensive cyber operations can ever be a substitute for reliable computer and information systems.

There are lessons for the United States. Cybersecurity is not about who can do the flashiest hacks but about how to keep our networks safe. This is difficult because it requires powerful interests in the government and the private sector to invest resources and make trade-offs they would rather not make. An offense-based strategy that appears “tough” hides these trade-offs while actually making U.S. cybersecurity worse.

Illusions of deterrence

Cyberwar strategists have described cyber conflict as a kind of asymmetric warfare that puts advanced societies at a strategic disadvantage. Offense is easy, while defense is hard. The United States is in a uniquely tough position. Multiple skilled adversaries—Russia, China, North Korea, Iran— are ready to attack the United States’ modern, internet-dependent society. Meanwhile, U.S. political and economic culture is hostile to the regulation and public spending that are needed to stop data breaches, protect online privacy, and make networks safe.

Enter the siren song of offensive cyber operations. If the United States can make its adversaries fear its cyber warriors, then it can take its time with upgrading government systems, protecting its critical infrastructure with voluntary frameworks instead of mandatory rules, and allowing Big Tech to continue to monetize Americans’ sensitive data. U.S. adversaries will be deterred by their fear of some massive response if they cross U.S. red lines. Defense, the story goes, is simply too hard— perhaps impossible—so why bother?

Offense has dominated the conversation for decades. President Barack Obama launched the Stuxnet attack on Iran and created United States Cyber Command. His plan for legislation to require greater protection for critical infrastructure was blocked by Congress under heavy industry pressure. President Donald Trump’s national cyber strategy sought to “preserve peace through strength” by maintaining “United States overmatch in and through cyberspace.”…

Source…