Cyberwar predictions for 2019: The stakes have been raised
https://www.zdnet.com/article/cyberwar-predictions-for-2019-the-stakes-have-been-raised/
Cybersecurity will define many of the international conflicts of the future. Here's an overview of the current threat landscape, UK and US policy in this area, and some expert predictions for the coming year.
Before the internet era, geopolitical tensions drove traditional espionage, and periodically erupted into warfare. Nowadays, cyberspace not only houses a treasure-trove of commercially and politically sensitive information, but can also provide access to control systems for critical civil and military infrastructure. So it's no surprise to find nation-state cyber activity high on the agendas of governments.
Notable cyber attacks launched by nation states in recent years include: Stuxnet (allegedly by Israel and the US); DDoS attacks against Estonia, attacks against industrial control systems for power grids in Ukraine, and electoral meddling in the US (allegedly by Russia); and the global WannaCry attack (allegedly by North Korea). China, meanwhile, has been accused of multiple intellectual property theft attacks and, most recently (and controversially), of secreting hardware backdoors into Supermicro servers.
The global cyber-threat landscape
What does the current threat landscape look like, in broad terms? The 2017/18 threat matrix from BRI (Business Risk Intelligence) company Flashpoint provides a useful overview:
Threat actors are ranked on a six-point capability scale and a four-point potential impact scale, with Flashpoint's cast ranging from Tier 2 capability/Negligible potential impact (Jihadi hackers) to Tier 6/Catastrophic impact (China, Russia and Five Eyes).
It's probably no surprise to find China heading the 2017/18 ranking of threat actors, in terms of capability, potential impact and number of verticals targeted:
In its 2018 mid-year update, Flashpoint highlighted various 'bellwethers' that may prompt "major shifts in the cyber threat environment":
• The tentative rapprochement between the U.S., South Korea, and North Korea fails to result in tangible diplomatic gains to end the North Korean nuclear program.
• Additional states follow the U.S. example and relocate their embassy in Israel to Jerusalem.
• The U.S.' official withdrawal from the Joint Comprehensive Plan of Action (JCPOA) and the subsequent renewal of economic sanctions prompts an Iranian response.
• The ongoing power struggle between Saudi Arabia and Iran for influence in the Middle East leads to kinetic conflict in the region.
• U.S. and European Union-led economic sanctions in place on Russia are extended or tightened.
• The Trump administration adopts a less-compromising approach toward U.S.-China relations or otherwise enacts policies that threaten Chinese core interests. Alternatively, China adopts an increasingly aggressive policy toward securing its vital core interests, including the South China Sea and the questions of Taiwan's and Hong Kong's political sovereignty.
• The situation in Syria further deteriorates into direct armed conflict between major states with differing interests in the region, potentially extending further into neighboring states.
• Other nation-states, such as China, Iran, and North Korea adopt the Russian model of engaging in cyber influence operations via proxies, resulting in the exposure of such a campaign.
Cybersecurity policy in the UK
In the UK, the National Cyber Security Center (NCSC) -- an amalgam of CESG (the information security arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure -- issues periodic security advisories, among other services. In April, for example, it warned of hostile state actors compromising UK organisations with focus on engineering and industrial control companies. Specifically, the threats involved "the harvesting of NTLM credentials via Server Message Block (SMB) using strategic web compromises and spear-phishing". Other recent NCSC advisories have highlighted Russian state-sponsored cyber actors targeting network infrastructure devices and the activities of APT28 (a.k.a. the cyber espionage group Fancy Bear).
In its 2018 annual review, the NCSC said it had dealt with over a thousand cyber incidents since its inception in 2016. "The majority of these incidents were, we believe, perpetrated from within nation states in some way hostile to the UK. They were undertaken by groups of computer hackers directed, sponsored or tolerated by the governments of those countries," said Ciaran Martin, CEO at NCSC, in the report. "These groups constitute the most acute and direct cyber threat to our national security. I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a Category 1 attack."
A Category 1 attack constitutes a 'national cyber emergency' and results in "sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life."
Despite the efforts of the NCSC, a recent report by the UK parliament's Joint Committee on the National Security Strategy noted that "The threat to the UK and its critical national infrastructure [CNI] is both growing and evolving. States such as Russia are branching out from cyber-enabled espionage and theft of intellectual property to preparing for disruptive attacks, such as those which affected Ukraine's energy grid in 2015 and 2016."
The government needs to do more to change the culture of CNI operators and their extended supply chains, the report said, adding that: "This is also a lesson for the Government itself: cyber risk must be properly managed at the highest levels."
Specifically, the Joint Committee report recommended an improvement in political leadership: "There is little evidence to suggest a 'controlling mind' at the centre of government, driving change consistently across the many departments and CNI sectors involved. Unless this is addressed, the government's efforts will likely remain long on aspiration and short on delivery. We therefore urge the government to appoint a single Cabinet Office minister who is charged with delivering improved cyber resilience across the UK's critical national infrastructure."
Cybersecurity policy in the US
In the US, the September 2018 National Cyber Strategy (the first in 15 years, according to the White House) adopted an aggressive stance, promising to "deter and if necessary punish those who use cyber tools for malicious purposes." The Trump administration is in no doubt about who the US is up against in the cyber sphere:
"The Administration recognizes that the United States is engaged in a continuous competition against strategic adversaries, rogue states, and terrorist and criminal networks. Russia, China, Iran, and North Korea all use cyberspace as a means to challenge the United States, its allies, and partners, often with a recklessness they would never consider in other domains. These adversaries use cyber tools to undermine our economy and democracy, steal our intellectual property, and sow discord in our democratic processes. We are vulnerable to peacetime cyber attacks against critical infrastructure, and the risk is growing that these countries will conduct cyber attacks against the United States during a crisis short of war. These adversaries are continually developing new and more effective cyber weapons."
The US cyber security strategy is built around four tenets: Protect the American People, the Homeland and the American Way of Life; Promote American Prosperity; Preserve Peace through Strength; and Advance American Influence.
As far as preserving 'peace through strength' is concerned, the Trump administration states that: "Cyberspace will no longer be treated as a separate category of policy or activity disjointed from other elements of national power. The United States will integrate the employment of cyber options across every element of national power." The objective is to "Identify, counter, disrupt, degrade, and deter behavior in cyberspace that is destabilizing and contrary to national interests, while preserving United States overmatch in and through cyberspace."
It would seem that the stakes in the cybersecurity/cyberwar game have just been raised by the world's most powerful nation.
2019 nation-state / cyberwar predictions
Nation-state activity has been prominent in previous annual roundups of cybersecurity predictions (2018, 2017, 2016), and given the above overview we expect plenty more in 2019. Let's examine some of the predictions in this area that have been issued so far.
see link for more including comments by Fireye.
Outlook
It's clear from the above round-up of predictions that nation states are likely to be more active than ever in cyberspace in 2019. Perhaps we'll even see the sort of 'national cyber emergency' envisaged by the UK's NCSC, with potential loss of life. That's the point where cyber attack moves towards cyberwar.
It's also clear that governments -- in the UK and US at least -- are increasingly, if belatedly, acknowledging the scale of the problem of hostile nation-state cyber activity. It remains to be seen how effectively they can
defend themselves, and even retaliate.=================================================================
After reading Fireye's points in this article it seems crazy that the U.S. and/or other countries are not using the Wave Alternative within their computer infrastructure. The TPM is ubiquitous now and available in 100% of most companies computer fleets (therefore can give entrance to only known computers on the network). The Wave Alternative could be so beneficial to the U.S. and other countries. The other alternatives are not working very well.
=================================================================
https://www.wavesys.com/wave-alternative
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave. It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
