In a recently released report sponsored by HP, Nation States, Cyberconflict and the Web of Profit, Dr. Mike McGuire, senior lecturer in criminology at the University of Surrey, claims a 100% rise in nation-state cyberincidents between 2017 and 2020. Furthermore, the report notes there have been 27 known nation-state supply chain attacks in this same timeframe.
“Nation-states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence gathering capabilities and military strength through espionage, disruption and theft,” McGuire said. “Attempts to obtain IP data on vaccines and attacks against software supply chains demonstrate the lengths to which nation-states are prepared to go to achieve their strategic goals.”
There are three major takeaways from the report, according to Ian Pratt, global head of security for Personal Systems. They are:
- The innocent are caught in the crossfire – when nations are involved, boundaries cease to exist and companies and individuals with tangential contact and engagement with a targeted entity find themselves in the crosshairs of the adversary nation as a means to the end.
- A cybersecurity treaty won’t be coming overnight – the global appetite and desire for a global cyber treaty to help address the potential of cyber warfare and the evolution of cyber weapons does not exist. Furthermore, the attribution of entities behind various advanced persistent threat (APT) actors and nation-states continues to be shrouded in the veil of plausible deniability.
- The endpoint remains the most common point of infection – individual users and their devices continue to be the weakest link in the protection of both data and network. Pratt highlights the need to embrace least-privileged access and zero-trust architecture.
Interestingly, McGuire points to nation-states being active in the illicit marketplace supporting cybercrime, known as the “web of profit.” Nations, he notes, are both the purveyor of digital tools for the cybercriminal community, as well as purchasers of such tools for their own operations. Furthermore, McGuire advises use of a Nation States in Cyberspace (NSiC) analysis using four key variables: strategy, objective, target and tools and techniques (SOTTT), to map various nation-states’ conduct and provide granular insight into the strategy and desired outcomes.
Of particular note is the targeting of enterprises. The report highlights the fact that enterprises are the number one target of nation states, followed by cyber defense entities, media/communications, governmental entities, critical infrastructure and individual citizens. Indeed, 35% of analyzed enterprise cyberattacks have been attributed to nation states.
The “long war” is at hand, writes Paul Kolbe, director of the International Project at Harvard’s Belfer Center for Science and International Affairs (and a former CIA operations officer), in The Cipher Brief. Kolbe embraces the philosophy that a good offense is a means to the best defense. He advocates for the means to limit “the potential harm adversaries can impose on us, while retaining the ability to inflict asymmetric damage.” Doing so, he continues, offers the “best hope of bolstering U.S. national security and creating a world of cyberdeterrence and restraint.
In a nutshell, nation-state cyberattacks will continue for the foreseeable future as a means to achieve national short and long term goals.