Not a week goes by without a "Cyber" event making the headlines. Whether through acts of ransom, massive leaks of information, attempts to influence elections or even acts of sabotage or espionage, events have been happening one after the other and have been accelerating in recent months. From a subject that used to be the domain of specialists, we are slowly but surely moving into the common domain.
In parallel with these events, there has also been a strong regulatory and legal push on the same subjects with the adoption of internal laws in the countries, such as the Military Planning Law, or European directives such as the GDPR or NIS. From there to say that Cyber Security becomes an issue and why not a political game, it's only a step.
CLet's start with the stakes. The work carried out by a group of experts led by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and published by the University of Cambridge through the document Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations are the best example of the challenges associated with cyber security at the global level.
In the same way, the strong commitment of countries, particularly in Europe, to the establishment of a state organisation in charge of the nation's defensive but also offensive approach clearly shows the vital importance that cyber security is taking on today in the life of citizens and in the stability of nations.
The causality or consequence of all this, depending on the case, is to see the disappearance of the border between the real world and the cyber world. In 2017, we have observed a strong symmetry between "real" and "cyber" events, for example:
- North Korea's strong activities in response to the international boycott by using malicious attacks on crypto-currency exchange platforms to raise funds for the ruling party (Link on related BLOG)
- The massive and repeated use of Cyber malicious acts in Ukraine by actors associated with Russia (NotPetya - BlackEnergy - BadRabbit) as tools of war.
- Attempts byAPT28 and APT29 associated with the Russian state during the European or American elections which were used in massive ways and associated with voluntary information leaks (MACRON LEAK) or fake news with the objective of discrediting a candidate or a party.
- Cyber espionage used by groups associated with Iran to catch up on technology in the most important business verticals for the state such as oil and gas or air transport. (APT33).
It is clear that today cyber capability is becoming a tool in the arsenal of states in their ability to protect themselves, to advance or, why not, to attack.
And what about the citizen in all this?, you will tell me... He can unfortunately become a collateral victim of these events. To date we have few or no deaths officially associated with a Cyber event but it can and will surely happen one day, through the destructive use of malicious code as we've seen in cases such as Shamoon 2.0 or APT33.
There remains one point that I think is underestimated in Western countries: the plundering of companies' information assets. In my view, this is a matter of economic and political stability. Unfortunately, this subject is not always in the media spotlight because it is more pernicious, it is not immediately visible; nevertheless, today, we are responding to many incidents throughout the world highlighting this practice of looting. One of the most active groups on this subject is APT10 whose specialty is the recovery of intellectual property in Europe.
In the light of these elements, two conclusions come to me: cyber is and will be more and more prominent in the policies of States and every operation in real life is likely to have its cyber resonance in the coming years.
And finally, the attribution of actions will become a major concern because to defend oneself, one must understand and to respond, one must know who is behind an attack.
A threat in the virtual world is a complex subject and full of grey areas ...
David Grout, Director Technical - PreSales, FireEye South EMEA