According to recent reporting, the North Atlantic Treaty Organization (NATO) announced that its Cyber Operations Center (COC) is expected to be fully staffed and functional by 2023. The new COC marks NATO’s understanding of the importance that cyberspace plays in conflict, particularly in times of political tensions that has resulted in cyber malfeasance that has targeted elections and critical infrastructure. The establishment of the COC is a natural evolution in how to address cyber attacks in a more timely manner by integrating cyber actions with more conventional military capabilities. In early 2014, after notable cyber incidents were a part of international incidents that occurred in Estonia in 2007 and Georgia in 2008, the Alliance updated its cyber defense policy to classify digital attacks as the equivalent of kinetic attacks under its collective security arrangement under Article 5 of the treaty.
In those particular instances, Russia was suspected in orchestrating or at least tacitly supporting the cyber attacks that afflicted both states. Since then, Russia’s alleged cyber activities have only become more brazen in their scale and aggressiveness. From suspected involvement in launching cyber attacks against Ukrainian critical infrastructure to launching a variety of cyber operations to meddle in the elections of foreign governments, Russia has taken advantage of the uncertainty of cyberspace where there is little consensus on key issues such as Internet governance, cyber norms of state behavior, or the criteria by which cyber attacks escalate to a point of war.
Cryptocurrency appears to be gaining traction among governments seeking to establish their own digital currencies, despite questions regarding the potential volatility associated with it. Currently, the countries that have already created digital currencies include China, Ecuador, Senegal, Singapore, and Tunisia, with Estonia, Japan, Palestine, Russia, and Sweden potentially following suit. Even a small country like the Marshall Islands has announced its intent to create its own digital currency in order to boost its economy, and will be on part with the U.S. dollar as a form of payment. What seemed like a novel thought exercise as to whether cryptocurrency could be a legitimate alternative to the established norm appears to be an option that governments are more closely considering. In fact, some have speculated that further adoption of the country-specific cryptocurrencies could have serious implications for the established international monetary system.
Whether that transpires remains another intellectual exercise in the possibilities of what “could-be” one thing is clear – states on the receiving end of stringent economic sanctions are turning to cryptocurrency as a way to assuage these penalties. One of these countries is Iran, who is reported to be very interested in creating a digital currency, a major shift from its initial stance on banning banks from dealing in cryptocurrency . According to one news source, the Secretary of Iran’s Supreme Council of Cyberspace envisaged the use of cryptocurrencies to “smoothen trade” between Iran and its partners in the wake of renewed U.S-imposed sanctions. The same individual revealed that a state-backed cryptocurrency was accepted as an industry in the government and related organizations such as the Ministry of Communications and Information Technology, the Central Bank, the Ministry of Energy, the Ministry of Industry, Mining, and Trade, and the Ministry of Economic Affairs and Finance.
The White House has recently published its new National Cyber Strategy, rescinding an Obama-era memorandum Presidential Policy Directive-20 (PPD-20) that laid forth the process by which the United States would undertake cyber attacks against cyber foes, to include foreign state actors. The Strategy consists of four primary pillars designed to guide how the United States will undergo defensive, and perhaps more importantly, offensive actions in order to preserve its interests in cyberspace. Per the Strategy, the four pillars are:
There has been recent focus on alleged Iran cyber activity the past few weeks, spurned on by the publication of a vendor report on Iranian operations. Per the vendor’s findings, not only was Iran likely behind the activity that was targeting government and private sector in the Middle East, it was implementing National Security Agency exploits that were stolen and dumped into the public domain by the Shadow Brokers group in April 2017. As recently as late August 2018, Iran is suspected of trying to launch influence operations ahead of the midterm elections. The conclusion is that Iran is increasingly using asymmetric attacks, particularly via cyberspace, as part of its tool box to conduct retaliatory attacks.
The new reporting comes at a time when Russia’s cyber malfeasance has largely dominated the press, due to its influence operations efforts and election shenanigans, not just in the United States but in other countries as well. Prior to the Russia focus, North Korea was the focal point with its suspected cyber activities targeting cryptocurrency, and the SWIFT banking transactions before that. Iran was propelled onto the scene with Operation Ababil
Space Force picture, an independent military branch by 2020. The move is designed to counter the weapons that China and Russia have already developed that threaten U.S. satellites. The U.S. Vice President quickly assured that the force did not and would not be created from the ground up, but would leverage the personnel and material resources already existing in the service elements. The goal is to streamline efforts and maximize efficiency, a noble endeavor given the difficulties that invariable arise when mission responsibilities traverse and overlap so many different organizations.
The protection of U.S. civilian and military space assets are considered a national security concern. In December 2017, U.S. Department of Defense officials expressed concern that the United States’ anti-satellite capabilities were not up to par as some of its adversaries. In contrast, adversary adoption of anti-satellite weapons been documented in the news. In April 2018, a report detailing global counterspace capabilities (that include direct ascent weapons, co-orbital, directed energy, electronic warfare, and cyber warfare) underscores how adversarial nations are actively pursuing the development of such weapons and the threat that they pose to U.S. space interests. The report reveals that such investment by these states started in the mid-2000s.
Thus far, there has been no confirmed retaliatory cyber strikes conducted by a victimized government against a suspected aggressor state. There has been some speculation that after the Sony Pictures attack, the United States “knocked” North Korea off the Internet for a brief period of time, although this has never been corroborated. Despite being a cyber power, the United States has demonstrated restraint in punishing against those transgressor states it believes to have been orchestrators of cyber attacks against its interests, preferring to level sanctions as a punitive alternative.
The question that governments ask is how to deter hostile acts in cyberspace? And while an important question to raise, perhaps the reality is that there is no viable answer. There is a reason why international efforts continually fail when trying to gain consensus on cyber norms, Internet governance, and the legalities and criteria of hacking back – there is lack of a fundamental desire to actually find a solution. Governments willing to agree to the standards and principles of any of these issues are stating their willingness to abide by them, and while that may fit the current situation, the dynamism of cyberspace has proven unpredictable. Being cuffed to such an agreement that no longer has relevance while other governments operate without constraints is not an ideal situation. Therefore, without an agreement in place, the status quo remains.
Nowadays the cyber security is essential for individuals, companies, economies, governments and nations as a whole. The reality is that all of them are trying to stay on track against the latest cyberattacks, but there are some countries committing most to cybersecurity.
One of the best ways to determine where most of the cyber attack really come from in real time is by using the map created by Norse.
Another great alternative if you want to find out which are the countries best prepared against cyberattacks is to use the Global Cybersecurity Index (GCI) created by the International Telecommunication Union (ITU). As described by them it is “…a survey that measures the commitment of Member States to cybersecurity in order to raise awareness.” The GCI covers the five pillars of the ITU Global Cybersecurity Agenda (GCA): legal, technical, organizational, capacity building and cooperation.
In May 2018, the White House eliminated the position of National Cybersecurity Coordinator. The move has been met with much pushback from some in the cybersecurity community and even politicians. Democratic lawmakers were seeking to propose legislation to restore the position. In a statement made by the National Security Council the move was to “streamline management in order to improve efficiency, reduce bureaucracy, and increase accountability.” Nevertheless, given the fact that many security officials including the Director of National Intelligence have identified cyber threats as a national security priority, the removal of this position is largely considered a step backward and not forward. However, this may be more of a kneejerk reaction than an honest assessment of the roles and responsibilities that have been undertaken by those individuals appointed to the position.
With roots starting as early as 1997, the position first emerged in 2009 and has had three individuals in the role of Cybersecurity Coordinator – Howard Schmidt (2009-2012), Michael Daniel (2012-2017), and Rob Joyce (2017-2018), who is looking to return to the National Security Agency (NSA). The Cybersecurity Coordinator has been primarily a policy position lacking any day-to-day authority over any of the groups working on cyber security. Critics have pointed out that while the Cyber Coordinator can make recommendations, the position has no direct authority as far as budgeting is concerned, nor can the position compel agencies to comply with guidelines. This has been a systematic problem with the position – it can make all of the recommendations it wants, but if it cannot compel agencies to implement them within a specified amount of time, the title becomes largely ceremonial. Government Accounting Office reports on government cybersecurity efforts consistently find shortcomings in the federal government’s approach to ensuring the security of federal information systems and cyber critical infrastructure.
The online activities surrounding the 2016 U.S. Presidential election revealed a swath of suspicious postings on social media outlets that ranged from deliberate false information (e.g., one candidate running a child sex ring; another candidate’s followers making anti-Islam chants at a rally) to purchased ads on social media platforms like Facebook (e.g., promoting gay rights, issues related to the African-American community, immigration, to name just a few). In some instances, candidates were attacked via purchased ads. While there has been much furor about this, the truth is that this type of online content is nothing that people haven’t already seen.
During any campaign, negative print and media ads are often directed against political opponents, and the Internet is not bereft of millions of users willing to promote their viewpoints or engage in vociferous debate with people holding alternative or opposing viewpoints. Social media has facilitated the ability for anyone with an Internet connection to express themselves and put forward a message to a widely dispersed audience within a specific geography. People can either listen, ignore, support, or push back on what’s being transmitted. The big fear that the mastermind behind all of these ads was intent on swaying constituents to vote for a particular candidate is a concern that has yet to be fully verified.
According to recent reporting, a suspected nation state hacker group with alleged ties to the Iranian government issued death threats to researchers that had detected their cyber espionage activity. The researchers were checking a server that they believed to be associated with a specific data breach when they received the message “Stop!!! I Kill You Researcher.” According to the same report, the server was apparently attached to the attackers’ command-and-control infrastructure. Active since 2015, the group known as “MuddyWaters” has been observed targeting organizations in Georgia, India, Iraq, Pakistan, Saudi Arabia, Tajikistan, Turkey, and the United States. Recently, MuddyWaters has been observed targeting oil and gas entities in the Middle East. Notably, the group is believed to employ “false flag” operations – similar to what was believed to have been done during the recent Olympics – in which it adopted some of the tactics, techniques, and procedures (TTP) of suspected Chinese hackers to obfuscate the group’s true identity.
On the surface, the threat made against the researchers can be viewed as knee-jerk reaction to being tracked by the private sector. But this does raise the possibility of what hostile actors may resort to in the future. The private sector computer security has been aggressively investigating the activities of suspected nation states actors since 2004 when the first report published the activities of a Chinese state entity. Since that time, several subsequent reports have been provided to the public detailing “advanced persistent threat” operations detailing TTPs and targeting that have ultimately been attributed to specific nation state actors. While the standard public reaction of these governments has been to refute or deny the claims, citing the difficulties in providing adequate evidence that supports attribution, sanctions and alleged retaliatory strikes have been know to occur as a result of these accusations.