International cyber relations don’t feel very warm, safe and fuzzy these days. This past week Robert Mueller, the U.S. special counsel to the Justice Department’s investigation into Russia’s possible meddling in the 2016 American elections, indicted 13 Russian nationals of creating information warfare propaganda campaigns. In the same week, Dan Coats, the United States Director of National Intelligence, issued his agency’s annual Worldwide Threat Assessment of the Intelligence Community. In that report the agency stated,
“The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected—with relatively little built-in security—and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits. The risk is growing that some adversaries will conduct cyber attacks—such as data deletion or localized and temporary disruptions of critical infrastructure—against the United States in a crisis short of war.”
The report names Russia, North Korea and Iran as nation states that are most likely to launch cyber attacks on the United States. It also notes, “We expect the line between criminal and nation-state activity to become increasingly blurred as states view cyber criminal tools as a relatively inexpensive and deniable means to enable their operations.” Similarly, the Washington Post recently published an article on this subject of how hostile nations can hide behind “independent” hackers for hire to carry out their cyber war dirty work. It’s become difficult to discern who is a cyber terrorist acting on his/her own accord, and who is a mercenary of a hostile nation-state. Finding and punishing the perpetrators of course is a monumental task.
The concerns outlined by the intelligence report echo the concerns that we’ve written about in previous blog posts. We’ve written on the topic of cyber threats to critical infrastructure, and we’ve often noted how the technology to launch attacks has become cheaper, faster and simpler. In terms of distributed denial of service (DDoS) attacks, even “script kiddies” can launch a fairly serious attack.
Critical infrastructure organizations have to take steps to mitigate the possibility of DDoS and other cyber threats. The European Union Agency for Network and Information Security, the European Union’s cybersecurity agency known as ENISA, is also concerned about potential attacks on critical infrastructure. The agency, founded in 2004, equips the European Union (EU) to prevent, detect and respond to cybersecurity problems. According to Signal, “ENISA emphasizes in the “2017 Threat Landscape” report. “Cyber war is entering dynamically into the cyberspace creating increased concerns to critical infrastructure operators, especially in areas that suffer some sort of cyber crises.”
It’s worth noting that all 28 European Union member nations require that organizations that provide critical infrastructure must comply with a new European Union Network and Information Systems (NIS) Directive that have to be in place by the 9th of May 2018. The UK draft legislation and related guidance has just been published and the UK government is seeking input on the proposal from industry members, infrastructure providers, regulators and other interested parties. The UK will be imposing fines against critical infrastructure organizations (healthcare facilities, electricity, water, energy, digital and transportation utilities) whose lax security standards result in loss of service. For more on this subject, see Corero Vice President Scott Taylor’s blog post on The Energy Industry Times.
Is the US prepared? Some experts think we aren’t. An opinion piece published on February 14, 2018 is titled, “Our critical infrastructure isn't ready for cyber warfare.” It was written by Michael Myers, a lieutenant colonel in the U.S. Air Force and the deputy director and instructor at the Joint Command Control & Info Ops School at the Joint Forces Staff College.
Understandably, IT security teams are often overwhelmed with assessing the constantly evolving cyber threat landscape and prioritizing which security solutions. Overall however, DDoS mitigation must be part of network defense because 1) volumetric DDoS attacks are becoming more common, and can effectively cripple networks and 2) low-threshold, sub-saturating DDoS attacks often mask more surgical security breaches, such as malware and ransomware attacks. (Data breaches and network disruptions often go hand in hand, launched by the same hackers).
When considering which cybersecurity tools to deploy, critical infrastructure organizations should put automated DDoS protection high on the priority list.
Corero is the leader in real-time DDoS defense, if you need expert advice, contact us.