While the idea of additional calamities in 2020 seems almost unimaginable, last week the head of Israel’s National Cyber Directorate made a chilling declaration: a cyber winter is coming. Yigal Unna made these comments after an Iranian attack in April that was designed to subvert the systems controlling chlorine levels in an Israeli water treatment facility failed. If the attack had been successful, the residential water supply would have been contaminated, poisoning hundreds of people and causing a mass water shortage in areas of the nation. In response, Israel undertook a cyber counteroffensive that knocked offline the port of Shahid Rajaee, paralyzing it for days and devastating associated supply chains.
Tensions in the Middle East are playing out against the larger backdrop of rapid escalation of cyber warfare globally with a pivot away from simply denial of service attacks to increased focus on causing harm to civilian populations via compromised critical infrastructure. Much of this has gone unnoticed due to the COVID19 pandemic, which ironically cyber attackers are using as cover to increase their malicious activities.
Just in the last three months:
• Australia has seen growing attempts to deny service or seize control of the electric grid, water treatment facilities and transportation and communication grids.
• In the UK, the infrastructure used to run the electricity market was successfully breached.
• A Russian group called Berserk Bear has been identified by Germany as utilizing compromised supply chains to gain access to IT systems that run major suppliers of energy, water, and power.
• The US, UK and Estonia accuse Russia of a cyber offensive in Georgia meant “to sow discord and disrupt the lives of ordinary Georgians.”
• And nearly every nation has seen a vast increase in attacks on healthcare during the COVID19 crisis, including attempts against vaccine research labs.
Bottom line: governments and criminal organizations have utilized the period of COVID19 focus to take cyber warfare to the next level, and are becoming more sophisticated and brazen in the use of cyber force. “Rapid is not something that describes enough how fast and how crazy and hectic things are moving forward in cyberspace, and I think we will remember this last month and May 2020 as a changing point in the history of modern cyber warfare,” Unna told a digital international cyber conference.
This begs the question: in the midst of all the recent domestic turmoil, is the US ready and able to fight a cyber war that targets critical infrastructure and associated supply chains as a means of inflicting large amounts of civilian causalities? According to a recent survey of industrial IT professionals, the answer is no. Claroty gained the opinions of 1000 practitioners from the United States, United Kingdom, Germany, France, and Australia as to the state of operational technology security. Seventy-four percent are more concerned about an attack on critical infrastructure than an enterprise data breach. Over half of US respondents believe that today’s industrial networks are not properly safeguarded, and 55% think that US critical infrastructure is vulnerable to cyber attacks. As to the likelihood of a major attack, 63% believe it will happen in the next five years. Current events signify that this timeline is accelerating.
As to what this attack might look like, a 2018 World Economic Forum report states that, “…in a worstcase scenario, attackers could trigger a breakdown in the systems that keep societies functioning.” Because so many of critical infrastructure systems are interconnected or interdependent, the ripple effect of a successful attack on one could bring down several others like a house of cards, causing damage, shortages, monetary loss and disruptions orders of magnitude greater than COVID19. We’ve seen pieces of such an attack and its economic impact. Most can remember what has been described as the “first” use of cyber force in an armed conflict during the Russia-Georgia war in 2008, when Russia targeted various pieces of Georgian infrastructure and news outlets. A year prior, Russia hit Estonia with a series of denial of service attacks. While these are generally considered low grade uses of cyber force, Russia significantly raised the stakes in 2015 with Ukraine, when a cyber attack on the Ukrainian grid left over 200,000 without power. Russia followed that up with attacks in 2017 against Ukrainian energy, financial, government targets, as well as the Kyiv metro and Odessa airport.
In the same year, a ransomware cryptoworm known as WannaCry struck governmental entities, health service providers, banks, energy and global companies in Russia, Spain, the UK, India, China, Italy, Ukraine, the USA, South America, and over 100 other countries. The US and other nations formally accused North Korea of executing the attack. The cost: estimate $4 billion. Also in 2017, the world was exposed to Petya and its variants, ransomware that struck global infrastructure domains and cost an estimated $3 billion. Russia, in part, has been connected to the use of the Petya strain in Ukraine, where it then jumped to commercial facilities.
While the ransomware was hugely disruptive and very costly, it was not overly sophisticated or targeted. And the Russian use of cyber force, though crippling at times to the Eastern European states, can be categorized as more of a test run than an actual full scale deployment of capabilities. In other words, Russia meant to injure in its cyber attacks, not kill. What makes recent uses of cyber force so unsettling is the emergence of a paradigm shift, with adversaries crossing over the line of utilizing cyber attacks to disrupt or deny services, to intentional actions to harm civilians. In short, nations are using cyber as a primary weapon for lethal force rather than to simply support kinetic operations, or as part of an information operations campaign.
But with intensification of cyber warfare across the globe, and the hugely destabilizing impact of the COVID19 pandemic on already tense international relations, what is the likelihood of the US becoming caught up in this “cyber winter” and what might this do to US infrastructure and the economy? Former NATO Supreme Allied Commander, retired Admiral James Stavridis, famously tried to answer this question in predicting that, “…we’re headed toward a cyber Pearl Harbor… we need to think about this cyberattack as a pandemic.” Therefore, the US may indeed be in for a “second wave” but this will not involve COVID19. The next existential threat very well could be all-out cyber war. The positive in this otherwise bleak forecast is that there are proven ways to mitigate the impacts of this type of pandemic; proven strategies and methodologies that will not only help critical infrastructure survive in a state of cyber war, but allow stakeholders to embrace emerging technologies simultaneously to improve business.
In September 2020, Talon Cyber Tec LLC will be sharing these insights and helping critical infrastructure providers get on cyber war footing during the American Society for Industrial Security (ASIS) and InfraGard National Membership Alliance annual conferences in Atlanta. These organizations combined have over100,000 members, and represent every critical infrastructure domain, and many sectors responsible for the defense of US cyber assets.
With over 150 years of experience in cyber conflict, Talon Cyber Tec LLC will showcase how critical infrastructure can become a hard target against nation-state level adversaries, instructing on areas ranging from strategies on defeating ransomware to stopping the types of mass causality cyber attacks akin to the attempted poisoning of the Israeli water system.
Do not be confused: cyber security and cyber warfare are dramatically different. If your organization has not discussed or planned for cyber warfare, attendance is highly recommended. If you cannot make it to Atlanta, Talon Cyber Tec LLC would be pleased to offer a private briefing to discuss the current state of cyber war, and support preparation to fight and win in this evolving environment of cyber conflict. Please contact Talon Cyber Tec LLC at firstname.lastname@example.org or email@example.com to schedule a special session.
Over 2000 years ago, Sun Tzu noted, “…victorious warriors win first then go to war.” If US critical infrastructure and business are to avoid a prolonged, expensive and ultimately catastrophic cyber war, they must take these early cyber aggressions of 2020 as harbingers of a coming storm. Otherwise, a COVID19 Spring may pale in comparison to an interminable cyber winter.