Are warfare and cyber-attacks the same thing?
Why aren’t people viewing nation-state attacks the same way they do missile launches and attacks on villages?
Turn on the news any night and you are most likely to see graphic footage from war zones — images that elicit immediate, horrific reactions. Yet when it comes to a cyberattacks, there’s very little, if any, emotional response.
Certainly, people get shocked at the levels of nation-state hacking. Take, for example, last year’s WannaCry cyber-attack, allegedly launched by North Korea. (North Korea has denied any involvement.) WannaCry successfully masked itself as ransomware only to fool the United Kingdom’s national health-care service, along with the country’s largest pharmaceutical company. The loss of money and productivity from this nation-state attack made global headlines, yet the reallife impact inside British hospitals is harder to measure but no less real.
What if someone died because WannaCry disrupted medical services? What would people’s reactions be then?
Or consider the reported nation-state attack on the U.S. electrical grid in 2009. What if it had been successful? Would massive power outages change the perception people currently have towards cyber-attacks?
Greg Young, vice-president of cybersecurity for Trend Micro Inc., says most people treat cyber-attacks as a shortterm phenomenon, but in reality it’s just another part of warfare.
“In this decade, launching a cyber-attack or troops on the ground should be treated as a hostile act,” Young adds. “The difference between the two will be closing and today it seems to be more of an annoyance — almost at a permissible level unless it impacts the citizenry.”
Young, who spent the past 14 years as Gartner Research’s top security analyst and has a military background, notes that cyber-attacks from nations have been always linked to spying but they should now be viewed through a different lens.
“Hacking is a pyramid,” he says, “and nation-state hacking is at the top. Most of what they want to do is similar to other hackers. Nation-state hackers are part of a large organization and have a huge amount of resources that can help them target countries and organizations.”
For example, nation-state hackers will work on advanced malware to halt the production of equipment for nuclear weapons. One of the more successful cases of a nation-state attack was in 2007, when the U.S. developed the Stuxnet worm that disrupted Iran’s nuclear program. (Yes, the “good guys” do nation-state attacks, too.)
The threat is getting bigger. Young found that countries have increased the size of their cyber organizations to more than 10,000 people. The only difference between the good guys and the bad guys is some of these organizations take a defensive stance, while others go on the offensive.
One of the more common attacks from nation states is called Zero-Day. “Most hacking is based on backdoor vulnerabilities,” Young says. “Zero-Day is an attack that is not discovered and is able to surprise the cyber defences of countries or organizations. It has huge value because it’s not known, and they have become powerful tools for nation states.”
Making matters worse is that these nation states don’t tend to pay their cyberwarriors very well. So many of these talented individuals end up freelance hacking after hours, conducting mostly ransomware attacks — but with the use of the advanced tools supplied by their nation state employers.
“Sometimes you think you are being attacked by a country,” Young notes, “but it’s often an individual.”
This is where things could get dangerous, as a country that believes it’s been attacked by a rival nation and is working on its own aggressive response might not know the country in question had nothing to do with it. “Some individuals can even cloak an attack and make it look like someone else was behind it,” Young says.
The unknown-assailant challenge also leads to people having mixed reactions to cyber-warfare. Young says that people can point fingers in the direction of Eastern Europe and Asia, but it’s difficult to validate and therefore hard for citizens to understand who is doing the attacking. The same goes for corporate targets.
Then there is the corrosive factor. Young says that people have a significant level of trust in technology when it comes to their own privacy. People continue to leave themselves vulnerable to all forms of hacking. Over the last decade, criminal groups have not had too difficult a time infiltrating computer systems and data centres, and this slows down business and helps to corrode the trust people have in their technology.
“That’s dangerous, and it will hold up people going to the cloud and onto social media,” Young says. “On the positive side, being skeptical and looking to educate yourself is a healthy thing.”
More education could have another benefit, too. People might begin to see nationstate cyber-attacks for what they really are: another form of warfare.