A report out today from cybersecurity firm FireEye identifies a group of Chinese hackers known as APT41 acting for both Beijing and its own personal financial gain. Operating since 2012 it is described as a creative and well resourced outfit whose cyber crime career began by targeting the video games industry, generating millions of dollars in virtual currency in games which would then be sold on to gamers on the black market. FireEye’s report describes the group as “remarkable because explicit financially motivated targeting is unusual among Chinese state - sponsored threat groups.”
However, today’s news reminds us that cyber attacks, regardless of the motivation, continue to be a major challenge, particularly from both China and Russia. Jim Sciutto, a CNN anchor and chief national security correspondent, has recently released a great new book, “The Shadow War,” that explores how both China and Russia are acting to undermine the US and the West in ways that fall just short of provoking open warfare, (hence the book title). The appearance of new man made islands as military bases in the South China Sea to a new arms race in space provide a fascinating although unnerving portrayal of the challenge that the US is facing.
The book, as you would expect, also deals with the cyber threat, addressing the 2016 presidential election, the Russian hack of the DNC and the ability to manipulate information. However, the chapter that analyzes Russia’s distributed denial of service attack against Estonia caught my attention. It was not so much the method of attack that surprised me but when it happened - 2007! I am no spring chicken but I did raise an eyebrow when it occurred to me that we have been living with, (at least publicly), the threat of a state sponsored cyber attack for twelve years.
Sciutto concludes by interviewing former leading figures within the intelligence community that include General Michael Hayden, ex CIA and NSA Director, Jim Clapper, former director of national intelligence, and ex MI6 chief Sir John Scarlett. Their proposed solutions include knowing the enemy, setting out clear red lines and raising the costs of aggression. But, compatible with Arceo’s own view of cybersecurity, yet again we see the word “Resilience” mentioned in the context of how to bolster defenses.
“In both the cyber and space realms, America’s technological advancement creates a vulnerability because the United States is so dependent on space and cyber capabilities, it is therefore more susceptible to attacks targeting those capabilities.
Reducing such dependency would create economic and social costs the American public would not tolerate.
So today national security officials repeatedly emphasize resilience, that is, building systems that can sustain attacks without shutting down entirely.”
In space, resilience means protecting GPS for example by deploying a greater number of satellites or even building microsatellites. In cyber, it’s the ability of systems to operate whilst under attack and then recover as quickly as possible.
For most organizations, deploying cybersecurity tools will help stop the attack and reduce its impact, allowing an organization to continue to operate. Speed of recovery depends on the organization’s level of preparedness and its financial means to engage appropriate resources in a timely fashion, including security expertise, legal resources, ability to notify customers, and much more. This is where cyber insurance comes into play, especially for small and medium-size businesses that are most likely to not have the right resources on-board.
From nation-states to large corporations and small businesses, developing cyber resilience will define how well we address this challenge in the next decade.