In the future, historians will look back at this time and say, “This is the time when cyber warfare pitching nation against nation truly started.” While the United States itself is behind some of the nation state attacks, these have either been launched as part of a broader spying or homeland security operation, or to derail an unfriendly country from a course harmful to the US, eg launching Stuxnet at the Iranian uranium enrichment program.
But it is not just the US that is operating and launching Nation State Attacks – the Russians, Chinese, North Koreans, British and others are all doing the same too.
Targets include not only other nation states, but businesses and organizations in the private sector too. We all remember the recent issue with North Korea hacking into Sony pictures as retaliation for making and releasing the movie, The Interview, which made ample fun of their dictator. That is just one small example of data theft and data destruction caused by a Nation State Attack.
Nation State Attacks are very different from the more frequently encountered cybercriminal or hacker making an effort to steal something. Nation State Attacks have unlimited resources and time available, and even if detected, there are little if any repercussions for the offender available. Victims of Nation State Attacks are effectively left with nothing to do except to learn from a bitter experience.
Nation State Attacks are likely to increase too, not least because by compromising a private sector network, this may give the Nation State attacker access to other data which may provide commercial or intelligence advantage. For instance, both the US National Security Agency (NSA) and the British spying agency, GCHQ, successfully hacked into the state telecom company of Belgium and then sought to intercept cell phone traffic. There is some evidence to suggest that other telephone and cellular networks have also been compromised – all in the name of national security of course.
Another problem with Nation State Attacks is actually identifying who is performing the attack. There is a great deal of misconception over how IP addresses actually work, and it is all too easy to identify an IP address as being in Country A, and therefore A is the perpetrator. The reality is more complicated, with the IP address in Country A only being the last stop in a chain of IP addresses used by the attackers.
Another feature of Nation State Attacks is that they are complex from a psychological point of view too. If detected, it is frequently the case that the approach is to isolate and remove the identified threat, and then to monitor for further attacks of the same form. However, Nation State Attacks frequently use backup methods for regaining or continuing access in the event the primary method is discovered or closed. In short, Nation State Attacks deploy multiple attacks to gain access to data, critical infrastructure and networks.
There is also the issue of what to do when a Nation State Attack is discovered – simply closing the attack down may not be the best move. After all, if you are able to allow an attacker access to your data without letting on that you know they have such access, then there is an opportunity to feed false intelligence to them. In essence, the response to Nation State Attacks must be strategic and coolly measured, and by ensuring IT infrastructure and architecture are designed and deployed to protect the most valuable data and applications and mitigate any losses.
Jensen Carlyle is a data security and business technology writer, and he is currently researching data security threats for Swift Systems.