National security is no longer military defense only but also cyber protection. Learn about the common cyber threats to national security.
Digitalization recalibrates the usual things and endows them with new meanings. The notion of national security is no longer military defense only but also an ability to protect the cyberenvironment. Just as armies physically strike cities and critical infrastructure objects, “cyber forces” can attack virtually. Unlike military conflicts, cyberattacks have no limitations and no borders, and their effects on critical infrastructure objects – such as electrical grids, banking systems, and mobile networks are enormous. Malicious cyber activity targeting critical infrastructure as a means to inflict national security is a new reality of modern times, and nation-states should be ready to resist. Furthermore, as tensions in the democratic world rise, there are real concerns that the state and non-state malicious activities will intensify.
Here are some of the most apparent vectors that state and non-state cyber actors currently use to attack other countries and undermine their national security.
The much-talked-of incidents of the previous year showed how closely critical infrastructure, cyber threats, and national security are connected. We are talking about the hack of IT management firm SolarWinds that occurred in December 2020 and the ransomware attack on the Colonial Pipeline company on May 6, 2021. The first incident compromised hundreds of private companies; the second caused fuel shortages along the Atlantic seaboard. These cybersecurity events became the real “wake-up calls” for strengthening cybersecurity preparedness on a national scale and triggered mandatory incident reporting processes. For this purpose, president Biden published an Executive Order on Improving the Nation’s Cybersecurity on May 12, 2021, and the subsequent federal draft bills – Cyber Incident Notification Act of 2021 and the Cyber Incident Reporting for Critical Infrastructure Act of 2022 – were issued. These legislative efforts aimed to change cybersecurity approach by focusing on critical infrastructure owners and federal supply chain. They also suggested the development of a mandatory reporting mechanism for severe cyber incidents. Read more about these efforts in one of our previous articles, Cyber Incident Reporting for Critical Infrastructure.
Another example of why cyber threats undermine national security is the Russian war against Ukraine. As tanks treacherously invaded Ukraine, so did cyberattacks. In the hours before Russian troops invaded, Ukrainian government agencies and banks were hit by never-before-seen malware designed to wipe critical data. As Ukrainian officials said, this attack was performed “on a completely different level” from previously known attacks. However, cyberattacks are not exclusively a Ukrainian problem.
Ukraine has a similar infrastructure to Western Europe and North America; however, its resources to counter-attack are limited. This means that hackers may “sharpen their skills” and “test” cyberweapons to spread it across other countries and infrastructures, as Harvard Business Review wrote.
Back in 2015, after the Russian annexation of Crimea, Russian hackers knocked out electric power for around 230,000 customers in western Ukraine. In the following years, the list of targets expanded to include banks and government agencies. In 2017 a suspected Russian attack featuring a piece of malware dubbed “NotPetya” disrupted Ukrainian airports, railways, and banks. The virus spread rapidly around the world, infecting many other vulnerable assets. Thus, the attacks against states with limited resources may serve as a testing ground for the next generation of cyberweapons. Other states, such as Iran, China, or North Korea, have also tested their own cyber weapons in a similair way. Thus, governments and corporations should constantly monitor what’s happening around the globe because localized cyberattacks may quickly spread across borders.
Cyberattacks can not only destabilize the cyber environment in the civilized world, but they may also be used as tools to get revenues for supporting physical armies. Ransomware attacks are widely applied in this regard. For instance, as the UN reports, North Korea uses cyberattack earnings to advance its nuclear and missile arsenal. Between 2020 and mid-2021, North Korean cyber-attackers stole more than $50m (£37m) of digital assets obtained through successfully conducted cyberattacks. Thus, based on this information, sophisticated cyberattacks may be considered a weapon of mass destruction or, at least, disruption.
For those unaware the UN Security Council banned North Korea from carrying out nuclear tests. Despite the crippling sanctions, North Korea continues to seek material, technology, and know-how overseas. The UN sanctions monitors said Pyongyang had a “marked acceleration” of missile testing. In simple words, even under sanctions and limited resources, some countries may use malicious cyber activity for their advantage. The North Korean case demonstrates the new level of cyber threats to national security should be able to address them.
The focus of the US cybersecurity efforts is the ability of the US agencies to work with critical sectors and to respond to potential hacking incidents, whether from criminal operations or state actors – as the Department of Homeland Security states. State and non-state actors use digital technologies to achieve economic and military advantage, instill panic and instability, increase control over cyberspace content, and achieve other strategic goals. Unfortunately, these goals are often carried out faster than our ability to understand the security implications and neutralize the threat.
The Department of Homeland Security has identified 16 critically important sectors of the U.S. economy and national security. An attack on any one of the 16 sectors could disrupt ordinary life for months, leaving the United States vulnerable to a wide range of threats. Given their high economic importance, the energy, financial services, and transportation sectors are particularly at risk of malicious attacks. After months of escalating cyberattacks in 2021 that have affected critical infrastructure providers the food supply chain and even disrupted the distribution of COVID-19 vaccines and hospitals at capacity struggling to treat COVID patients, the work on cybersecurity intensified. It is evident that cybersecurity is one of the top national security priorities.
Besides the above-mentioned executive order and draft bills that primarily target critical infrastructure, President Biden recently signed a National Security Memorandum on cybersecurity. The memorandum requires specific network cybersecurity measures for government information systems used for national security purposes. Systems covered include intelligence activities, command and control of military forces, or weapons systems. The main requirements are using multifactor authentication, encryption, cloud technologies, and endpoint incident detection and response detection solutions. Notably, the Memorandum, among other things, requires agencies:
Nowadays, we extended the general notion of national security by adding cyber security to its context. The most apparent vectors that state and non-state cyber actors use to attack other countries and undermine their national security include attacks on critical infrastructure, using “cyber forces” as elements of hybrid wars, and cybercrime activities to get additional revenue sources. Thus, government and private information security experts should keep their eyes on rising cyber threats to national security to adequately respond to them in a timely manner.
For detailed information about national cyber security, contact the Planet 9 team. We’ll be happy to assist: