Cyberattacks from everywhere…

Gloom about the number of serious, undetected cyberattacks is matched by lack of confidence amongst those charged with defending against them.

A gloomy article in New Eastern Europe Quarterly, written from the viewpoint of Piotr Borkowski, a Polish academic, points out that these days cyber-espioane attacks come not only from the NSA but also from Russia (SORM and PAK) but also from China (APT1), North Korean (Cyber Offensive Division of Military Forces. ) and Iran. (Did he perhaps forget Israel?)

Whilst some attacks seem to be little more than annoyances (eg DDoS attacks), recent news stories suggest that the Finnish Ministry of Foreign Affairs has also been losing sensitive political information as a result of a cyber attack, and that the Red October attack has been targetting NATO and EU encrypted documents since 2007. (Acid Cryptofiler, though this seems to be a relatively low-level cypher system.)

In addition, the two recent cases of insider leaks (Chelsea Manning and Edward Snowden) show that even the best external defences dont guarantee security. In the good old days of espionage, you recruited your spy and he or she periodically brought home (at great risk) a briefcase full of documents, which you photographed and returned. Then your staff spent a long time encoding them on one-time pads and sending them back home. Sometimes (as in the case of Klaus Fuchs) what was sent was truly important, sometimes not. The problem now is that information is so highly concentrated, and multiple attacks so easy, that even one breach quickly becomes an avalanche. Taking data out is easy; publishing it is so easy that you dont even need a friendly espionage serivce if you want to do your employer down. (Manning and Snowden appear to have been detected only after they themselves told other people what they had done.)

A report commissioned by Red Seal says that only 44% of 350 UK IT professionals surveyed said they could truthfully tell the board at their organisation they are secure from cyber-attack. (36% said they couldn’t, and 20% didn’t know.) 60% thought the boardroom and IT departments ‘speak different languages’ with mutual incomprehension on all sides. 45% of companies don’t know if they are being hacked because their systems are so overloaded with data they cannot quickly pinpoint cyber-attacks; only 32% of respondents can print a map of their current network topology.

When you know that an attack may be coming from a well-resourced government cyber attack facility, how do you defend against it?

Leave a Reply

Your email address will not be published. Required fields are marked *