The Insecurities of Cyber Security

In the 2016 fictional American television series Designated Survivor, the United States faces a crisis after a domestic terror group targets the entire U.S. government by using internet hacking to devastate American infrastructure. A new president, the “designated survivor” left from the attack, is forced to reconcile with the vulnerabilities of modern dependence on technology. In one scene of the show, the terrorist group hacks into the Pentagon’s intelligence system, stealing every piece of information on American defensive strategy. Although it may seem like nothing more than a dramatized television show, perhaps the possibility of such a disaster in any state is closer than we would like to admit. Our convenient world of instant connection requires acknowledgment of the great susceptibility it brings to our security. This article discusses the current role cyber security plays and the importance of becoming prepared in our societies for a new generation of cyber wars. I illustrate it with recent attacks around the world, as well as note measures being taken and, in my opinion, measures that should be taken to further ensure our security in the cyber realm.

Cyber Attacks

Following the June 8th James Comey hearings before the Senate Intelligence Committee, the reality of cyber crime and its role as the new warfare of the world is continuing to unfold. Comey has been under interrogation over the possibility that U.S. President Donald Trump exerted pressure over the FBI to restrain investigations in relation to Russia. Some believe Trump and his team may have had ties to Russia that resulted in the eventual hacking into many servers, including that of the DNC (Democratic National Committee), which may have played a role in the election results.

Perhaps it is the intangibility of “cyberwar” that reduces its appearance of being a threat, but cyberwar is happening constantly around the world. This has come to the attention of the American people, as they frantically search for answers regarding the hacking during their 2016 Presidential Election. As of now, there seems to be little dispute among Americans over who was behind these attacks on American democracy; the American Intelligence community has collectively agreed that Russian intelligence was to blame for hacked emails, information leaks, and spreading fake news. Even President Trump, who once attributed any “hacking” to poor sportsmanship of the losing Democratic party, has now admitted his belief that Russia was probably behind the attacks[1]. These attacks should not have come as much of a surprise to anyone, particularly Americans. In a 2013 Pew Research Center Poll, 93% of Americans felt cyber attacks were a threat to the United States.[2] Relations between Russia and the United States (or, more accurately, between Russia and a number of countries) have been historically complicated. In Russia’s efforts to become a world power, it has emerged as one of the biggest international security threats from the perspective of many countries.

The Hacks into the 2016 Presidential Election

In June of 2016, reports were released stating two Russian-associated hacking groups had infiltrated the DNC computer network under the names “Cozy Bear” and “Fancy Bear”.[3] One month later, WikiLeaks released the first set of hacked DNC emails. The email hacks continued throughout the rest of the campaigning season, up to the eventual election of Donald Trump as president. After recent discoveries, officials have confirmed 21 U.S. states were targeted by the hackers, although no votes were altered.[4] Subsequent investigations have brought to light many interactions between powerful American and Russian politicians and businessmen and have cast doubt on the legitimacy of the Trump administration. Whether Trump or his associates had anything to do with the hacks, however, is unconfirmed as of now and whether the hacks ultimately had any real impact on the results of the election is inconclusive. Regardless, the hacks have been related to many changes which subsequently occurred in the Trump administration and other American government offices. Some of these include the resignations of Democratic National Convention chair Debbie Wasserman Schultz, former National Security Advisor Michael Flynn, and, of course, the firing of former FBI Director James Comey. Although American intelligence has yet to agree on the intention behind the hacks, many politicians and investigators have concluded that Russia, as explained by Senator John McCain, committed an “act of war.”[5] Indeed, war today is not only fought with guns, tanks, and bombs and the newest battlefront is nowhere reachable by plane—cyberspace is the site for the wars of the future.

Since its founding, democracy has served as the cornerstone of America’s politics. Through Russia’s interference in the 2016 Presidential Elections, they attempted to undermine the very basis of American ideology. The year following the hackings, 31% of Americans saw Russia as the most dangerous country[6] (beating out North Korea and China) as compared to only 5% in 2013[7]. Even after extensive investigation and American intelligence statements of proof, Russia, has steadfastly denied any participation in the ordeal, even turning the blame back onto the U.S. In an interview, President Vladimir Putin said, “Hackers can be anywhere. They can be in Russia, in Asia ... even in America, Latin America. There can even be hackers, by the way, in the United States, who very skillfully and professionally, shifted the blame, as we say, on to Russia.”[8]

The Future of Cyber Warfare

Although the hacks could have affected the Presidential election votes, the most prominent issue arguably lies outside of election results. Russian General Valery Gerasimov suggested that in the future, wars will be fought with a four-to-one ratio of nonmilitary to military measures—including cyber attacks.[9] This is concerning first, because it defies borders. No physical borders exist in the cyber world, completely changing the dynamics of warfare. Second, it is often very difficult to trace back to the exact culprit of a cyber attack. At this point, it is often almost impossible to be completely certain of who is behind a cyber attack. Third, there is no precedent for handling mass internet breaches and cyber attacks. At what point would a country be justified in using military action as retaliation for a cyber attack? Although up to this point, cyber attacks, in nature, have typically denied some sort of service, in the future, they could follow the lead of the American hacks—accessing and leaking classified information, influencing national events, and possibly even creating a crisis for a nation.

Further, specifically in relation to Russia, the Russians have made clear that they are more than willing to interfere with the cyber security (and consequently, democracy) of other nations. Along with the American hacking, this characteristic of Russia was demonstrated by the 2007 Estonian attacks. After a hostile reaction to Estonians moving a Soviet-era statue, Russian outrage was followed by a massive cyber interference hitting Estonian banks, government offices, and media outlets.[10] Unanimity points to Russia as the culprit for the American, Estonian, and most recent (and unsuccessful) French Presidential Election hacks. Perhaps this trend will continue, or at least, Russia will set a precedence for other countries to conduct their own cyber attacks.

Wannacry Attack

Less than a year after the American election hacks (May 2017), another anonymous cyber attack targeted 104 countries, with Russia, reportedly, being hit worst of all.[11] Many health service and business systems were inaccessible because of the ransomware, including Great Britain’s National Healthcare Service and Spain’s Telefónica.[12] Although a culprit was never found, this attack, frequently referred to as the “WannaCry” ransomware attacks, was continued evidence of a concerning trend—groups or states had the ability to access networks of others, creating a mass disruption. And clearly, these groups have the ability to shut down crucial systems in a country which could ultimately lead to mass destruction.

Protective Measures in Latvia and Abroad

The Cyber Security Strategy of Latvia as part of the EU, in its aims and principles, explains the four principles the policy relies on.[13] These four principles are development, cooperation, responsibility, and openness—all important aspects of cybersecurity. This seemingly great strategy, however, may work for interaction between EU members but is flawed if it is to extend outside of the EU (which it could and should be able to do).

This is because it relies heavily on the second principle—cooperation. Although EU states can be trusted to consistently cooperate, Russia, along with other states, will likely defeat this principle, which in turn, undermines each of the other principles. Russia, particularly, as displayed through recent attacks, cannot be relied upon to uphold cooperative efforts in cyber security. In the case that Latvia becomes the next target of a cyber attack, the best possible defense would be further development in cyber defense and a comprehensive defensive strategy.

This defense strategy has already been in progress, as evident through many organizations, including through the NATO Centre of Excellence in Tallinn, Estonia. This institution progresses training and education for NATO state leaders. The specific centre in Tallinn focuses on cyber security, their mission statement explaining they aim, “to enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence by virtue of education, research and development, lessons learned and consultation.”[14] This centre is only part of NATO’s commitment to enhanced cybersecurity measures. NATO has made clear that with the rising threat of cyber attacks, cyberdefense has become part of NATO’s core task of collective defence; NATO’s members also took part in the Cyber Defence Pledge, which entailed they prioritize cyber security.[15]

The Future

As of summer 2017, only 38% of countries have a published cybersecurity strategy[16] with the United States, Norway, Estonia, and Latvia each taking a place in the top 20 most prepared countries against cyber attacks.[17] If anything, the recent cyber-attacks around the world should serve as a warning. While there has yet to be a devastating attack, a future of continued attacks is inevitable. Bill Priestap, the Assistant Director of the FBI’s Counterintelligence Division, has stated his belief that Russians, specifically, will continue efforts to hack into other states’ systems.[18] Though with the cyber world as universal as it is, Russians won’t be the only ones committing future cyber crimes. We must, then, take a closer look at how we can protect ourselves from future attacks. This can be done in two steps: first, we, as government bodies, researchers, developers, and citizens, must continue to acknowledge the real threat that cyber-attacks are in the world today. Often, these attacks are downplayed despite the destructive effect they could have. Second, we must continue development and investment in cyber defense. The best thing we can do for ourselves in the case of attack is to be able to quickly defend and defeat any threat. NATO, as discussed, has taken steps in the right direction in becoming more prepared in cybersecurity. Additionally, the EU has released its own cybersecurity initiatives by setting 5 main priorities, as stated in its Cybersecurity Update[19]:

  • Increasing cyber resilience
  • Drastically reducing cyber crime
  • Developing EU cyber defence policy and capabilities related to the Common Security and Defence Policy (CSDP)
  • Developing the industrial and technological resources for cybersecurity
  • Establishing a coherent international cyberspace policy for the EU and promote core EU values

Perhaps the next step would be to educate smaller organizations and companies within countries on how they can protect and defend themselves from cyber attacks. We also should take steps to ensure general citizens are aware of the risks and vulnerabilities of the cyber world. Citizen pressure can be a great catalyst for state effort in the cybersecurity realm. Technology is only going to become a larger part of our world in the future. As of now, most aspects of our lives are connected to a network: our government systems, our work, our phones, our homes, and even our cars. As innovation and technology grow, so does our vulnerability to these cyber attacks. Why then, would we delay any attempt at preparing ourselves for the susceptibilities of such a crucial part of our lives?

[1] Fabian, Jordan. (2016, June 26). “Trump believes Russia ‘probably’ behind election hacking.” The Hill. Retrieved from http://thehill.com/homenews/administration/339521-trump-believes-russia-probably-behind-election-hacking

[2] Pew Research Center in collaboration with the Roper Center. (2013, October). Pew Research Center for the People & the Press/Council on Foreign Relations America's Place in the World Survey. Retrieved from https://ropercenter.cornell.edu/psearch/question_view.cfm?qid=1842912&pid=50&ccid=50#top

[3] Oliphant, Roland. (2017, May 6). “Who are Russia’s cyber-warriors and what should the West do about them?”. The Telegraph. Retrieved from http://www.telegraph.co.uk/news/2016/12/16/russias-cyber-warriors-should-west-do/

[4] BBC World News: U.S. and Canada. (2017, June 21). “US official: Russia ‘hacked’ 21 US states in election.” BBC. Retrieved from http://www.bbc.com/news/world-us-canada-40357357

[5] Schleifer, Theodore and Deirdre Walsh. (2016, December 31). “McCain: Russian cyberintrusions an ‘act of war’.” CNN. Retrieved from http://edition.cnn.com/2016/12/30/politics/mccain-cyber-hearing/index.html

[6] Pew Research Center in collaboration with the Roper Center. (2017, April). Pew Research Center for the People & the Press Poll. Retrieved from https://ropercenter.cornell.edu/psearch/question_view.cfm?qid=1894664&pid=50&ccid=50#top

[7] Pew Research Center in collaboration with the Roper Center. (2013, October). Pew Research Center for the People & the Press/Council on Foreign Relations America's Place in the World Survey. Retrieved from https://ropercenter.cornell.edu/psearch/question_view.cfm?qid=1842872&pid=50&ccid=50#top

[8] Siemazko, Corky. (2017, June 2). “Vladimir Putin tells Megyn Kelly: U.S. hackers could have framed Russia.” NBC News. Retrieved from http://www.nbcnews.com/news/world/vladimir-putin-tells-megyn-kelly-u-s-hackers-could-have-n767641

[9] Osnos, Evan, David Remnick, and Joshua Yaffa. (2017, March 6). “Trump, Putin, and the New Cold War.” The New Yorker: Annals of Diplomacy. Retrieved from http://www.newyorker.com/magazine/2017/03/06/trump-putin-and-the-new-cold-war

[10] McGuinness, Damien. (2017, April 27). “How a cyber attack transformed Estonia.” BBC. Retrieved from http://www.bbc.com/news/39655415

[11] Goswami, Dev. (2017, May 14). “Wanna Cry ransomware cyber attack: 104 countries hit, India among worst affected, US NSA attracts criticism.” India Today. Retrieved from http://indiatoday.intoday.in/story/wanna-cry-ransomware-attack-104-countries-hit-nsa-criticised/1/953338.html

[12] Hern, Alex and Samuel Gibbs. (2017, May 12). “What is WannaCry ransomware and why is it attacking global computers?” The Guardian. Retrieved from https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20

[13] “Latvian National Cyber Security Strategy.” European Union Agency for Network and Information Security. Retrieved from https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/latvian-national-cyber-security-strategy

[14] NATO Cooperative Cyber Defence Centre of Excellence: About Us. Retrieved from https://ccdcoe.org/structure-0.html

[15] (2017, February 17). “Cyber Defence”. NATO. Retrieved from http://www.nato.int/cps/en/natohq/topics_78170.htm

[16] DeNisco, Alison. (2017, July 6). “UN report: 50% of countries have no cybersecurity strategy in place.” Tech Republic. Retrieved from http://www.techrepublic.com/article/un-report-50-of-countries-have-no-cybersecurity-strategy-in-place/

[17] Santiago, José. (2017, July 22). “Top countries best prepared against cyberattacks.” World Economic Forum. Retrieved from https://www.weforum.org/agenda/2015/07/top-countries-best-prepared-against-cyberattacks/

[18] Lardner, Richard and Deb Riechmann. (2017, June 21). “Intel officials detail how Russians cyberattacks sought to interfere with U.S. elections.” PBS. Retrieved from http://www.pbs.org/newshour/rundown/intel-officials-detail-russian-cyberattacks-sought-interfere-u-s-elections/

[19] (2017, January). “EU cybersecurity initiatives: working towards a more secure online environment.” European Commission. Retrieved from http://ec.europa.eu/information_society/newsroom/image/document/2017-3/factsheet_cybersecurity_update_january_2017_41543.pdf

Publicēts 27. jūlijs, 2017

Autors Dezirē Mičela