Practically all businesses are vulnerable to cyberthreats, and national security is not an exclusion. Learn how this tendency affects the decision-making process in national and business environments.
Digitalization recalibrates the usual things and endows them with new meanings. The notion of national security is no longer the economic and military defense only but also an ability to protect cyberenvironment. Just as armies physically strike cities and critical infrastructure objects, “cyber forces” can attack virtually. Unlike military conflicts, cyberattacks have no limitations and no borders, and their effects on critical infrastructure objects – such as electrical grids, banking systems, and mobile networks are enormous. Malicious cyber activity targeting critical infrastructure as a means to inflict national security is a new reality of modern times, and nation-states should be ready to resist. Furthermore, as tensions in the democratic world rise, there are real concerns that the state and non-state malicious activities will intensify.
Here are some of the most apparent vectors that state and non-state cyber actors currently use to attack other countries and undermine their national security.
The much-talked-of incidents of the previous year showed how closely critical infrastructure, cyberthreats and national security are connected. We are talking about the hack of IT management firm SolarWinds that occurred in December 2020 and the ransomware attack on the Colonial Pipeline company on May 6, 2021. The first incident compromised hundreds of private companies; the second caused fuel shortages along the Atlantic seaboard. These cybersecurity events became the real “wake-up calls” for strengthening cybersecurity preparedness on a national scale and triggered mandatory incident reporting processes. For this purpose, president Biden published an Executive Order on Improving the Nation’s Cybersecurity on May 12, 2021, and the subsequent federal draft bills – Cyber Incident Notification Act of 2021 and the Cyber Incident Reporting for Critical Infrastructure Act of 2021 – were issued. These legislative efforts, among others, aimed to mandate national cybersecurity changes by focusing on the critical infrastructure owners and federal supply chain. They also suggested the development of a mandatory reporting mechanism for severe cyber incidents. Read more about these efforts in one of our previous articles, Cyber Incident Reporting for Critical Infrastructure.
Another example of why cyber defense is crucial for national security is the Russian war against Ukraine, which started on 24 February 2022. As tanks treacherously invaded Ukraine, so did cyberattacks. In the hours before Russian troops invaded, Ukrainian government agencies and banks were hit by never-before-seen malware designed to wipe critical data. As Ukrainian officials said, this attack was performed “on a completely different level” from previously known attacks. However, cyberattacks are not exclusively a Ukrainian problem.
Ukraine has a similar infrastructure to Western Europe and North America; however, its resources to counter-attack are limited. This means that hackers may “sharpen their skills” and “test” cyberweapons to spread it across other countries and infrastructures, as Harvard Business Review wrote.
Back in 2015, after the Russian annexation of Crimea, Russian hackers knocked out electric power for around 230,000 customers in western Ukraine. In the following years, the list of targets expanded to include banks and government agencies. In 2017 a suspected Russian attack featuring a piece of malware dubbed “NotPetya” disrupted Ukrainian airports, railways, and banks and spread rapidly around the world, infecting many other vulnerable assets. Thus, the attacks on Ukraine as well as on other countries that have limited resources for counterattack are likely to serve as a testing ground for the next generation of cyberweapons. Other hostile states, such as Iran, China, or North Korea, have also tested their own cyber weapons in countries with less developed cybersecurity. Thus, governments and corporations should constantly monitor what’s happening around the globe because localized cyberattacks may quickly spread across borders.
Cyberattacks can not only destabilize the cyber environment in the civilized world but they may also be used as tools to get revenues for supporting physical armies. Ransomware attacks are widely applied in this regard. For instance, as the UN reports, North Korea uses cyberattack earnings to advance its nuclear and missile arsenal. Between 2020 and mid-2021, North Korean cyber-attackers stole more than $50m (£37m) of digital assets obtained through successfully conducted cyberattacks. Thus, based on this information, sophisticated cyberattacks may be considered a weapon of mass destruction or, at least, disruption.
For those unaware, North Korea has been banned by the UN Security Council from carrying out nuclear tests and launching ballistic missiles. Despite the crippling sanctions, North Korea has been able to continue developing its nuclear and ballistic missile infrastructure and continues to seek material, technology, and know-how overseas, including through cyber means and joint scientific research. The UN sanctions monitors said Pyongyang had a “marked acceleration” of missile testing. In simple words, even under sanctions and limited financial opportunities, some countries may use malicious cyber activity to get additional revenue sources to support their military programs. The North Korean case demonstrates the new level of cyberthreats and national security should be able to address them.
The focus of the US cybersecurity efforts is the ability of the US agencies to work with critical sectors and to respond to potential hacking incidents, whether from criminal operations or state actors – as the Department of Homeland Security states. State and non-state actors use digital technologies to achieve economic and military advantage, instill panic and instability, increase control over cyberspace content, and achieve other strategic goals. Unfortunately, these goals are often carried out faster than our ability to understand the security implications and neutralize the threat.
The Department of Homeland Security has identified 16 critically important sectors to the U.S. economy and national security. An attack on any one of the 16 sectors could disrupt ordinary life for months, leaving the United States vulnerable to a wide range of threats. Given their high economic importance, the energy, financial services, and transportation sectors are particularly at risk of malicious attacks. After months of escalating cyberattacks in 2021 that have affected critical infrastructure providers the food supply chain and even disrupted the distribution of COVID-19 vaccines and hospitals at capacity struggling to treat COVID patients, the work on cybersecurity intensified. It is evident that cybersecurity is one of the top national security priorities.
Besides the above-mentioned executive order and draft bills that primarily target critical infrastructure, President Biden recently signed a National Security Memorandum on cybersecurity. The memorandum requires specific network cybersecurity measures for government information systems used for national security purposes. Systems covered include intelligence activities, command, and control of military forces, or weapons systems. The main requirements are using multifactor authentication, encryption, cloud technologies, and endpoint incident detection and response detection solutions. Notably, the Memorandum, among other things, requires agencies:
The first two decades of the XXI century extended the general notion of national security by adding cyber security to its context. The most apparent vectors that state and non-state cyber actors use to attack other countries and undermine their national security include attacks on critical infrastructure, using “cyber forces” as elements of hybrid wars, and using cybercrime activities to get additional revenue sources. Thus, government and private information security experts should keep their eyes on rising cyber threats to adequately respond to them in a timely manner.
For detailed information about the national cyber security contact the Planet 9 team. We’ll be happy to assist: