Cyber warfare refers to actions by a nation-state or international organization that attack or damage another nation’s computer systems or information networks. As LiveScience author Mark Smith points out, a cyber attack can be an even greater threat than a traditional military strike: “With an invasion, there are signs of military build-up: tanks need building, pilots need training. With cyber attacks, they can come at any time with the press of a button, devastating a whole country’s economy or power grid in an instant.”
Cyber warfare tactics are often thought of as computer viruses, ransomware, or Distributed Denial-of-Service (DDoS) attacks, some of which have been very large scale, such as last fall’s massive 2.4 terabits/second (TBPS) DDoS attack on European Microsoft Azure users. As we’ve seen even more recently, such attacks can be preemptive measures to a military strike, such as the data-wiping malware that showed up on devices of Ukrainian government agencies at the same time websites of government agencies were being defaced ahead of the air assault and ground invasion by Russia this past January.
While attacks on critical systems remain a concern, smaller-scale breaches can be alarmingly effective. Political warfare, which has long ranged from sabotage and subversion all the way to silencing and assassinations, has found a robust platform for “active measures” and other misinformation, disinformation, and malinformation (MDM), along with efforts to leak data, influence policy-making, sow confusion, spark division, undermine elections, disrupt markets, raise fear, and manipulate public perception—yes, in digital spaces, but in ways that can impact physical battlefronts and human life itself.
Suit Up For CyberWar
While no single organization or government agency will quickly solve the risk of state-sponsored cyber war, starting dialog among your organization’s leadership, IT teams, vendors, and consultants along the following lines may help prevent or at least reduce the negative impact of a calculated external attack:
1. See the big and little battlefields. As Wilde & Sherman explain in Atlantic Council, a broader view of “information security” that goes beyond firewalls and into social and political realms could help the west draw clearer distinctions of acts of cyber war, and thus faster lines in the sand when crossed by nation-states exploiting the current “gray zone.” That being said, as technology evolves and connected systems expand, vital details of internal account access and credentials must also be kept in view via good cyber hygiene. This includes an annual assessment scope that addresses passwords, wireless configuration, mobile devices, network and facility security, remote workers, and other aspects of an organization’s daily functioning, as well as the ability to scan as-needed between annual audits for real-time insights
2. Keep alert for being targeted. The Cybersecurity Infrastructure Security Agency (CISA) recently released guidance to help organizations take coordinated steps to assess and mitigate their risks for information manipulation. CISA encourages organizations to monitor specific MDM that may be targeting your industry, educate staff on social media privacy and phishing tactics, and to develop a response plan in the event of public defacing, such as website compromise. You can also report MDMs in real-time to [email protected].
Get serious about cyber defense.
3. Inspect your troops. A comprehensive risk management approach governs both your internal team as well as your external partners. You can’t afford to wait for a cyberattack to validate the security policies and practices of your Technology Service Providers (TSPs). Be proactive by assessing your vendors’ security and privacy practices based upon the National Institute of Standards and Technology (NIST) Cyber Supply Chain Risk Management Practices for Systems and Organizations. Ensure they align with what you expect from your own team.
4. Stage for battle. To paraphrase Robert Burns from 1779, “the best laid plans of mice and men often go awry.” Intention is scarcely the shortcoming. Instead, it’s reality that thwarts untested plans. While a nation-state attack may be challenging to simulate, skilled Red Teams can be effective preparation for various scenarios, awakening your team’s sensitivity to malicious attempts and helping improve your chances of preventing one in the real world. Additional helpful tips are available as part of CISA’s Shields Up initiative.
5. React resiliently. Your organization’s ability to mitigate damage and move forward in the wake of a cyberattack is the stuff of cyber resilience. Whether you’re a small start-up, mid-sized bank, or large healthcare enterprise, developing a strategy and rehearsing steps to manage malicious cyber incidents will help your team respond in ways that significantly reduce damage and costs—up to $2 million per incident.
Fortify With The Best
When it comes to assessing your readiness for cyber war, it’s all about exposing your vulnerabilities on your own terms. To that end, the security expertise of your assessors, as well as the class of assessment tools used to evaluate your organization’s environment, will significantly impact the depth and accuracy of findings, and thereby your ability to remediate and fortify your defenses.