Cyber Attacks: what we know and what we can do about it

Cyber-attacks, by definition, are socially or politically motivated attacks carried out primarily through the Internet. As the internet has grown and as more devices access the web, the number and severity of cyber-attacks has grown.  US federal agencies reported over 5 thousand attacks in 2006, nearly 12 k in 2007, 17k in 2008, 30k in 2009, growing to 48,562 in 2012. Cisco reported attacks rising 12% from 2013 to 2014.   Hannah Kuchler wrote in the Financial Times that pharmaceuticals, chemicals, agriculture, mining and electronics all saw increases in the malware targeted at them of more than 600 per cent, while attempts to breach security in the energy, oil and gas industries rose by more than 400 per cent. Levi Gundert wrote that increased cyber-attacks correspond to increases in geopolitical events or other news.  For example, cyber-criminal attempts to hack retailers and wholesalers rose by more than 100 per cent after news that Target had lost data from over 70 million customers.

The phenomenon is world-wide. The security firm, Kaspersky, maintains an online threat tracking map http://cybermap.kaspersky.com/  
Based on Kaspersky data, cyber-attacks occur most frequently in Russia, followed by the US, Germany, India and Vietnam.  The UAE comes in at #24 of the countries suffering the greatest number of attacks and the number is increasing.

Not only are cyber-attacks growing in number, they are becoming more sophisticated and difficult to detect.  On average an organization takes six months even to detect an intrusion.   In 2014 Kaspersky Laboratories uncovered the most sophisticated cyber threat it had ever seen, called The Mask. The Mask has evidently been around since 2007 and has taken over thousands of IP addresses in dozens of countries. Experts say that The Mask most likely originated in a Spanish-speaking country and seems to be targeted at oil and gas companies, presumably including those in UAE.  Discovery of The Mask, and other threats led President Obama in early 2014 to make cybersecurity a priority, saying, “Cyber-threats pose one of the gravest national security dangers…”

“Cyberspace is not just a domain where information can be stolen — it is a place where sabotage and disruption could be geared toward a strategic end,” according to Stratfor Global Intelligence.  Furthermore, determining the perpetrator's identity and intent is next to impossible.  Since cyber-espionage provides the cover of anonymity and safety with lower risk than traditional tactics, perpetrators find it rewarding to deploy more and more personnel against more and more targets.  A broader base of targets widens the sphere of defense decreasing defenders’ ability to concentrate resources on the most precious and vulnerable assets.

In actuality there is little that can be done to discourage cyber-attack, despite US blustering about economic sanctions or declaring that cyber-attacks constitute an act of war.

Possibly more fruitful will be recent US indictments for officers of China's People's Liberation Army over alleged state-sponsored industrial espionage.  The teeth in a criminal indictment means that individuals indicted risk extradition to the US if they travel to a country with extradition treaties. Indictments feed a more general strategy of attempting to set some boundaries and rules of conduct in cyberspace analogous to the written and unwritten rules that govern physical war and espionage with a goal to reduce the chance of strategic miscalculations.

Another fruitful approach is to tackle cyber defense across a broad array of targets by sharing information. InfraGard is a non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation to collaborate on National Infrastructure Protection. The organization encourages information sharing and analysis among businesses, academic institutions, state and local law enforcement agencies, and others.  InfraGard has mutual nondisclosure agreements among its members and the FBI to promote trusted discussions of vulnerabilities and solutions that companies and individuals may be hesitant to place in the public domain.

Local chapters regularly meet to discuss the latest threats or listen to talks from subject matter experts.  As of July, 2012, the organization reported membership including the FBI was over 54 thousand, including experts in cyber protection of these sectors: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials and Waste, Transportation Systems, Water and Wastewater Treatment Systems.

Despite criticism, fear-mongering and hacking by misguided libertarians who content that InfraGard constitutes some super spy network for the government, the truth is simpler.  Facing the awesome challenge that cyber-security presents to millions of technicians, each working alone on a keyboard to guard data network servers, information sharing may just be any nation’s final best line of defense.