We are now starting to see the emergence of Nation State cyber attacks. Why now and what to expect? Read on and find out…
Well, we are now starting to see evidence that North Korea had a hand in the Ransomware attack that occurred a few days ago. Both Symantec and Kaspersky Labs have found hints in the Ransomware code from previous malware that is known to have come from North Korea.
For those of you keeping track, I can think of 4 very conspicuous instances of Nation States attacking other Nation States using cyber technologies. The original, Stuxnet, was launched by the US against Iran to take down their nuclear centrifuges. Iran retaliated by attacking the US banks. All that was back in 2010 but things have slowly been escalating.
You had the Russian hacking of the DNC computers and intentionally impacting the US election. And we are all paying as a result. You’ve had the attack on Sony by North Korea in 2014 because of the Sony film “The Interview”.
And now you have what appears to be another attack based in the Ransomware events.
So, why are we seeing these attacks now and what can we expect moving forward? Well, I would suggest that the reason for the “why now” question can be answered by looking at history back when the Air Force came into being.
Remember, the original armed forces were the Army and the Navy. The Air Force was originally split between the two with the Army being responsible to air attacks over land and the Navy being responsible for air attacks over the sea. The Air Force as a military branch didn’t come into being until 1947 even though airplanes were being used all the way back in World War 1. So, basically, it became a formal structure some 44 years after the first powered flight.
Things don’t move quickly, as much as we would like to think that they do. As technology advances and information becomes more easily dispersed, the march of “progress” will speed up but it will never become instantaneous even though technology development itself happens fast. Just look at some of the technologies we use today. I remember the cell phone was envisioned in the original Star Trek TV series. How long did it take for cell networks to take off?
So if you look at the history of cyber attacks, you are probably right in line with when these attacks should start to occur. The first hacking instances started, when? Probably in the ’80s which is roughly 35 years ago. Seems like the timeframes are right.
So what can we expect? Well, let’s take a look at who has been active in this. We’ve seen the big powers such as the US, Russia, and China involved. But we’ve also seen the smaller powers involved such as Iran, Syria, and North Korea. Why? Look at how cost effective it is.
A small Nation State can’t afford a large military presence to compete with the US or China. But cyber? Hell, Cyber is something that just involves smart Techies. And there are a lot of those. So it becomes a simple Supply/Demand equation. And with small Nation States able to get involved, that means there will be a whole lot more of these attacks simply because of the sheer volume of Nation States that can do them.
If there are only two countries that can launch Nuclear attacks, they can end up talking and negotiating things out. But the cyber situation looks more like the United Nations than a bilateral negotiation. And how well is the UN working?
I don’t think we’ll see a whole lot of very specifically targeted attacks by Nation States on specific companies unless those companies will impact a Nation as a whole. While the Russian cyber attack on the DNC was against one organization, the goal was to impact a whole country. The exception to that is the Sony attack but that felt more “personal” than Nation vs. Nation.
So, for your planning, look to see how you would be impacted by a large scale “attack”. How would you deal with your communication network going down? How would you deal with your transportation mechanisms not able to deliver because traffic patterns are disrupted? How would you deal with your stocks being disrupted by the Stock Market being attacked?
These are indirect issues that you need to consider. Unless you are a critical infrastructure organization, you need to look at the “indirect” consequences rather than a direct attack.
Hope that helps …