Blogs

The political instability that has resulted from Russian meddling in the 2016 US presidential elections has put the focus on voting machines as a national security vulnerability, Douglas Lute, a former US permanent representative to NATO, said at the Atlantic Council on October 10.

“I don’t think I’ve seen a more severe threat to American national security than the election hacking experience of 2016,” said Lute. There is a “fundamental democratic connection between the individual voter and the democratic outcome” of an election, he said, adding: “If you can undermine that, you don’t need to attack America with planes and ships. You can attack democracy from the inside.”

Russian President Vladimir Putin “added to the political gridlock in Washington today, all at very low cost to him,” said Lute. “In military terms, this is the classic definition of a threat.”
The expectation that US President Donald J. Trump will decertify the nuclear deal with Iran this week raises the question: what would be the implications of decertification?

Trump faces an October 15 deadline to certify to the US Congress that Iran is complying with the terms of the nuclear agreement that the Islamic Republic struck with the five permanent members of the United Nations (UN) Security Council plus Germany in 2015. The deal cuts off Iran’s path to a nuclear weapon.

Despite criticizing the agreement as “terrible,” Trump has twice before certified Iran’s compliance with the deal. The president doesn’t need a reason to decertify the deal. Trump is expected to state that the Joint Comprehensive Plan of Action (JCPOA) is not in the United States’ national security interests.
Recently, there have been a number of articles that explore the important and ongoing debate about the capabilities and policies NATO needs in order to deter and defend against the ever-looming cyber threats.

 While many such articles accurately highlight the urgent need for NATO and its member states to develop a more proactive approach to countering cyber threats, it is worth further considering a significant step the Alliance has already taken towards achieving a more effective posture to counter cyber threats. At the NATO Warsaw Summit in July 2016, the Alliance declared cyberspace an operational domain.

By declaring cyber an operational domain in which the Alliance must defend itself as it does on land, sea, and air, member states gave NATO a mandate to create a dynamic framework that will help the organization to better confront current security challenges. When implemented by 2019, NATO’s decision will empower military commanders to use cyber tools alongside conventional means of defense to confront current security challenges, such as use of cyber tools as part of hybrid operations.
The significant increase in cross-border cyberattacks has been a wake-up call for the global community on the societal and political consequences of an insecure cyberspace. In order to prevent and prepare for future transnational cybersecurity challenges, governments must adopt a “multistakeholder model,” along with international collaboration and open discussions, according to a cybersecurity expert.

While governments have differing views on the role that they must play in the cyber realm, rethinking the role of the public sector in addressing cybersecurity risks is essential for effectively overcoming the challenges these risks pose, said Alexander Klimburg, a nonresident senior fellow at the Atlantic Council’s Cyber Statecraft Initiative and author of the new book The Darkening Web: The War for Cyberspace.

Klimburg participated in a conversation at the Atlantic Council on July 17 along with Laura Galante, founder of Galante Strategies, and Jane Holl Lute, a former deputy secretary in the US Department of Homeland Security who currently serves as chief executive officer of SICPA North America. Tai Kopan, a reporter with CNN, moderated the discussion.
A little over a month since WannaCry spread across the world in an unprecedented cybercriminal attack, not only does the world seem just as vulnerable to a similar attack, another attack has already surpassed WannaCry in virulence and damage using some of the same tools. 

On June 27, this attack, nicknamed “Petya” after a cybercriminal operation using similar code, spread quickly across the world like the first malware attack, and even used the same software vulnerability, but from there the operations differ.

In May, ransomware called WannaCry spread to 150 countries in a day, encrypting victims’ files and demanding payment in return for access. WannaCry was able to spread despite relying on a well-known software vulnerability for which a fix was already available, a situation that prompted many to call WannaCry a wake-up call and hopefully a lesson learned.
The massive cyberattack that crippled public transportation, the central bank, government offices, the state power distributor, and public firms in Ukraine on June 27 serves as a potent reminder of the havoc that can be unleashed by low-level actors, according to an Atlantic Council analyst.

“This is another reminder that low-capability actors can have a profound impact on critical infrastructure like media, finance, energy, and others,” said Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcroft Center on International Security.

Besides Ukraine, which appears to have been hit particularly hard, symptoms of the attack were also reported from the United Kingdom, Russian oil producer Rosneft, Australia, the United States, India, and the Danish shipping company Maersk.

“Despite early indications, it’s unclear whether this attack was targeted against Ukraine or just happened to hit the news cycle there first,” said Woods.
The ransomware attack that shut down a number of hospitals in the United Kingdom (UK) on May 12 should serve as a wake-up call to defend critical infrastructure against cyberterrorism, according to an Atlantic Council analyst.

“I was never worried that ransomware was going to deliberately kill someone,” said Joshua Corman, director of the Atlantic Council’s Cyber Statecraft Initiative. Referring to hacking groups that identify as part of the Islamic State of Iraq and al-Sham (ISIS), he added, “I was worried about adversaries like Cyber Caliphate extremist groups who have the means, motive, and opportunity to take life.”

In a cyber security environment in which low-capability actors can access tools in the public domain to launch a widespread cyberattack, “there are no technical barriers to a sustained attack on any or all hospitals globally,” Corman said.
A cyberattack that has crippled 200,000 computers in more than 150 countries could have been prevented had the victims conducted a simple security update.

“One of the lessons learned here is that people just do not patch their systems,” said Dmitri Alperovitch, a nonresident senior fellow in the Cyber Statecraft Initiative of the Atlantic Council’s Brent Scowcroft Center on International Security.

“The reality is: the vulnerability that was exploited was not a zero-day vulnerability,” he said.
In March of 2003, I commanded an EC-130 Compass Call, an aircraft configured to perform tactical command, control, and communications countermeasures, over the skies of Iraq. My crew’s mission was to jam enemy communications and help allied forces preserve Iraq’s oil infrastructure. During these missions, we positioned ourselves some distance from the intended target, while an electronic warfare officer controlled jamming functions using a keyboard located in the back of the aircraft.

While this mission demonstrates how developments in cyber technology can be used to further US security interests, a little more than a decade later a young man named Junaid “TriCk” Hussain aligned himself with the Islamic State of Iraq and al-Sham (ISIS), and undertook his own form of electronic warfare. Sitting comfortably away from his targets, like my orbiting EC-130, he used a keyboard to launch attacks through cyberspace. Specifically, Hussain built “kill lists” of US military personnel and published them online. He leveraged the increasing power and reach of social media to call for terror attacks against Western interests. These brash moves quickly attracted the attention of the US government. Ultimately, an airstrike from an unmanned aircraft killed TriCk in 2015.
On March 7, WikiLeaks released a large collection of documents from the Central Intelligence Agency (CIA) with a catalogue of technical tools in the agency’s arsenal and the techniques it uses to get around privacy protections. This release has been compared to the ones facilitated by Edward Snowden and Chelsea Manning. While it is comparable in scale, are we premature in comparing their impact?

It should come as no surprise to anyone that the CIA (or indeed any intelligence agency in the world) uses hacking to conduct espionage operations. What is important here is that these methods have been forced into the open. These leaks raise several important questions that must not be derailed by alarmist analyses, mass paranoia, and clickbait content.


    

RELATED CONTENT