Security Technology Executive

JUL-AUG 2018

Issue link:

Contents of this Issue


Page 13 of 83

14 SECURIT Y TECHNOLOGY E XECUTIVE • July/August 2018 • www. T he Cold War is alive and well. But what's different today is that when there's a war -- including a war of words -- between coun- tries, there are things most people don't see happening below the surface involving cyberattacks and cybersecurity. There is an immediate manifestation and immediate reaction from Cold War adversaries in cyberspace as a result of rhetoric and geopolitical tension. Today, we're seeing nation-state actors improving their cyber capabilities in dramatic ways. For example, only a few months into the current U.S. administra- tion, tensions were inflamed between North Korea and the U.S. But the economic sanctions leveraged against North Korea do not take into account the efforts of a prolific North Korean hacker group known as the Lazarus Group to pilfer large amounts of money from financial sectors of the world through attacks on SWIFT, attacks on financial institutions, and deploying destruc- tive malware into U.S. systems. The Chinese have become more active as well, as tensions have increased in the South China Sea. Stone Panda Group, for example, has targeted large corpora- tions to learn about what mergers and acquisitions they might be making. And who can forget the Russian hacking of the 2016 Presidential Election? The dramatic escalation of Russian cyber activity comes as a direct response to sanctions. Several NATO members have been targeted, including the Baltics, Ukraine, and more. Last year, when hackers struck an electric transmission station in the city of Kiev, blacking out a portion of the Ukrainian capital equivalent to a fifth of its total power capacity, reports surfaced linking malware on the affected sys- tems to Russian cyber-criminal groups. In addition, "Ukraine has blamed Russia for repeated cyberattacks targeting crucial infrastructure during the past three years, including one on its power grid that left part of western Ukraine temporarily without electric- ity in December 2015," according to the Independent. The rules of warfare have been rewritten. Cyberwar is now being fought on a global scale, American cyberspace has been colonized, and we are all attempting to civilize the environment. To defend our digital domain, the glob- al cyber insurgency must embrace these five realities: Geopolitical Tension Requires Us to Defend Our Digital Way of Life A global cyber insurgency is in full swing and as attacks evolve, so must defenses There are No Hackers, Only Spies As my colleague, Eric O' Neill often says, "hacking is the new espionage." The majority of successful breaches are driven by foreign cyber intelligence units -- cyber spies from other nations -- that use traditional espionage tactics in a digital environment to disable, steal, destroy and disrupt information. Adversaries are intent on colonization. Cyber "burglaries" have evolved into full "home invasions." Gone are the days when cybercriminals will sim- ply leverage a denial of service attack on a website and then leave. More often, we're seeing secondary forms of monetization and secondary forms of espi- onage occurring within systems that have already been responded to by defenders. This method of multi-layered attack is known as "counter incident response." An example of such is the use of reverse business email compromise where a corporate email server is being used to send malicious emails to your customers, partners and advocates. Watering hole attacks are dramatically increas- ing where the website itself (and specific sub-pages) are used to attack visitors with zero-day attack code. We're also seeing effective attacks against mobile users and mobile apps themselves. It is fundamental to understand that your brand may be used against those who trust it most. Policy Must Evolve Policy in the U.S. needs to evolve. Cyber command should have the authority to take its gloves off to defend America against overt cyber colonization and systemic attacks against infrastructure by nation states. The FBI and DHS also need to be empowered with the authority and budget to offer protective services to domestically-owned critical infrastructures. CISOs Should Make the Rules CISOs have one of the most critical jobs in any organization, whether public or private and often have more say over cybersecurity protocol than an organization's general counsel (which traditionally coaches organizations through data breaches and cyber attacks). INDUSTRY VOICE By Tom Kellermann Tom Kellermann is Chief Cybersecurit y Officer at Carbon Black , Inc. A dditionally, Kellermann is the Co-founder and Board member of Strategic Cyber Vent ures. He ser ves as a Global Fellow for the W ilson Center. Prev iously, Kellermann was the Chief Cybersecurit y Officer at Trend Micro. W ithin this role, Kellermann was a trusted ad v isor for Cybersecurit y and was responsible for analysis of emerging cybersecurit y threats and relevant defensive strategies. Tom Kellermann also ser ved as a Commissioner on The Commission on Cyber Securit y for the 4 4th Presidency and ser ved as an ad v isor to the International Cyber Securit y Protection A lliance (ICSPA). Continued on page 16

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - JUL-AUG 2018