According to President Obama, cyberespionage has crossed the threshold from "nuisance" to "national emergency." As reported by National Journal, the president signed an order allowing the treasury secretary, attorney general and secretary of state to impose financial sanctions on the groups and people behind cyberattacks that "create a significant threat to US national security, foreign policy, or economic health or financial stability of the United States." But what has the government so worried? According to the New York Times, nations such as Iran are increasing both the sophistication and frequency of their attacks.
A decade ago, the threat of nuclear war loomed large in any dispute between the United States and Iran. The United States held its warheads in reserve, ready to launch if Iranian nuclear programs became too aggressive or if Iran attempted a first strike. But the specter of a post-nuclear world — coupled with the advancement of cyberespionage technologies, which can be targeted to specific industries or groups and come with the benefit of plausible deniability — provided an alternative attack path. This February, Director of National Intelligence James R. Clapper, Jr. revealed Iranian hackers were behind a devastating cyberattack on the Sands casino in Las Vegas last year. The attack came in response to statements made by Sheldon G. Adelson, chief executive of Sands, who suggested going nuclear was an effective way to deal with "the Iran problem."
Now, a new study by security firm Norse and the American Enterprise Institute (AEI) argues Iran has been working hard to increase its cyberattack capabilities. According to Frederick W. Kagan, director of the AEI's Critical Threats Project, "Cyber gives them a usable weapon, in ways nuclear technology does not." What's more, he claims that if sanctions are lifted on Iran in a proposed nuclear agreement, the country will pour money into developing cyberattack efforts. According to Norse, the number of malicious acts originating from Iranian IP addresses is up 115 percent since January 2014. Even more worrisome is that attacks from nations such as Iran and North Korea tend to focus on destruction more than espionage; the security firm worries about "an Iranian effort to establish cyberbeachheads in crucial US infrastructure systems — malware that is dormant for now but would allow Iran to damage and destroy those systems if it chose to do so later."
Amid talk of increasing frequency and evolving threats, it's worth considering what's really at risk. According to CIO Journal, the US power grid remains vulnerable; late last year, ICS-CERT found evidence of the BlackEnergy malware in several human-machine interface (HMI) products used by electrical utility companies. While no attempts to damage or destroy were detected, the ICS-CERT team warned that these infected HMIs could easily act as a gateway to deeper network systems.
The Department of Financial Services (DFS) for New York state, meanwhile, just released a white paper warning banks to be wary of third-party software, especially when it comes to handling high-risk functions such as check cashing or data processing. Why? Because without complete knowledge of underlying code and development methodology, banks using third-party software could be at the mercy of backdoors, critical vulnerabilities or malware. Even the White House isn't safe; as noted by Securelist, the "CozyDuke" malware infected White House systems and State Department computers in 2014.
Bottom line? No system is truly "safe" from determined hacker groups and nation-states; if they want a way in, they'll find one.
While it may not be possible to stop all cyberespionage, there are ways for citizens and companies to defend American interests. According to NSA head Admiral Michael S. Rogers, one solution is the creation of a single digital "key" that could unlock any system on demand. Rather than handing the key to the NSA or any other agency, he says it should be broken into smaller pieces, distributed to multiple authorities and only used when absolutely needed.
"I don't want a backdoor," says Rogers, shying away from the fear of many citizens in a post-Snowden world. "I want a front door. And I want the front door to have multiple locks. Big locks." It's not a bad idea — government agencies frequently cite the need for speed when it comes to dealing with terrorist activities or cyberattacks, and his suggestion offers a way to protect privacy while still providing expediency when required.
Protection must also come from within. As discussed by the DFS, financial institutions use a host of third-party applications and software, and they're not alone: Nearly 80 percent of enterprises use some type of third-party application. These apps are ideal vehicles for nations looking to infect critical US systems, given the level of interconnection between banks, energy providers, government regulatory bodies and even Internet service providers. Infecting just one system could provide access to critical infrastructure at large. Here, the solution lies in targeting apps themselves, both before they're active on company networks and throughout their lifecycles. Continual, cloud-based monitoring gives enterprises the ability to detect problems at the source, before they cripple networks.
Cyberespionage is on the rise. Nations such as Iran and North Korea are stepping up investment and effort in cyberweapons, and the United States has declared it won't take such attacks lightly. Industries and infrastructure of all types are now under threat; it pays to know what's coming.
Want to learn more about the evolving world of cyberespionage and its impact on your bottom line? Check out Gearoid O'Connor at the SC Magazine eSymposium.
Photo Source: Flickr