December 23, 2014
TSG IntelBrief: Cyber Bomb Threats and the Hacking of Geopolitics
The recent Sony hack and the ongoing fallout—to include a possible December 22 attack on North Korea’s limited internet infrastructure—is less important for what has happened than what will. The coming age of cyber conflict—be it cyber warfare or vandalism—will be marked by escalating attacks on corporate and government interests that will seek neither information nor money but actual influence over decisions and operations. These attacks will increasingly invite counter attacks that seek to diminish an opponent’s capability but that also run the risk of hitting the wrong target due to unclear attribution. The interconnectedness of global corporations and geopolitics will ensure widespread collateral damage stemming from increasingly aggressive cyber offenses and defenses.
The capability of nations and advanced criminal groups to engage in sophisticated cyber espionage and theft is nothing new; and the capability of these actors to impact components of critical infrastructure is also nothing new (the 2012 Saudi Aramco attack comes to mind). What is new is their willingness to actually launch attacks not for intelligence or commercial gain but to impact corporate or geopolitical decisions. Whether it’s having its data stolen or even held hostage via malicious encryption, or having its operations and personnel threatened with physical violence and damage, corporations and governments will find the Age of the Cyber Bomb Threat to be as costly and frustrating as the age of counterterrorism and counter-violent extremism.
Much as in terrorism, cyber conflict runs the spectrum of ideology and motivation. And as with terrorism, cyber conflict’s impact goes far beyond the point of attack. The ubiquity of the Internet means that anyone and everyone is a potential target—which is the point of all forms of terrorism. On December 21, 2014, unidentified attackers (assumed, rightly or wrongly, to be associated with North Korea) hacked into the non-operational computer systems of a functioning nuclear power plant in South Korea. The operator of the plant, Korea Hydro and Nuclear Power (KHNP), stated that at no time were plant operations at risk since those are on a closed and independent system, but that sensitive personnel and plant design data were stolen. In what will become the standard modus operandi for cyber bomb threats, the attackers threatened to destroy the plant if it wasn’t shut down. The threat of additional cyber attacks will be paired with threats of physical attacks.
While North Korea could very well be behind the nuclear reactor hack as well as the Sony hack, so could a range of other actors, given that the malware tools are available online to anyone with sufficient expertise and knowledge of where to look. It is the lack of true certainty that makes cyber attacks so difficult to respond to with counter-attacks. IP addresses are misleading and the tools and the capabilities are widespread enough that “the usual suspects” are now too large to count. With the stakes so high and the public and private players so poorly accounted for, the risks of attacks once thought unlikely will increase with cascading repercussions.
When presented with cyber bomb threats, corporations and governments face exceedingly difficult choices: capitulation is as risky as defiance in the face of quickly changing vulnerabilities and capabilities. Given the success, however short-term, of the Sony hack (regardless if North Korea or other actors were involved in the attack), 2015 will see more attempts by hackers to influence or disrupt private and public operations. The range of targets is simply too large to create a stereotypical prime target, meaning all systems and personnel need to be hardened against the expected attacks on data and operational systems. Public and private protocols and procedures—and recurring training—will need to be updated as well as rigorously tested for weakness just as one would with computer network defenses. There will be nothing virtual about the potential disruption and damage inflicted by this new style of cyber attack.
TSG wishes Happy Holidays to all our readers.
The IntelBrief will return on Monday, December 28.
For tailored research and analysis, please contact: firstname.lastname@example.org