Bolstering Cybersecurity Protocols
February 24, 2022 | Expert Insights
The nature of warfare has changed with technology. When we think about war, it is not only restricted to kinetic action. Cyber threats will play a crucial role in the future of warfare. This can range from the proliferation of malicious propaganda to attacking of critical infrastructure, which can potentially paralyse a country. Nations worldwide have already taken steps to create cyber commands that identify such current and future cyber threats.
Although there is nothing new about states interfering in each other’s electoral processes, after the 2016 U.S. presidential election, this issue had become more mainstream. The U.S. intelligence agencies had concluded that Russian interference had influenced the outcome. They were able to propagate misinformation and disinformation through social media, which also found its way to American mainstream media.
In 2021, the Biden administration had imposed sanctions on multiple Russian companies over their cyber activities. Positive Technologies was a billion-dollar Russian cyber security firm, which worked on finding computer security flaws, spotting technological vulnerabilities and publishing high-quality security research. However, the U.S. government had concluded that it also provided hacking tools and information, sometimes acting as Russian spies.
The Americans believe that Positive Technologies is only one among a large group of private sector players working collectively to aid the Russian government's geopolitical objectives.
The U.S. intelligence has concluded that the firm is running a full-scale hacking operation. Russian firms are allowed to run these types of operations as long as they are in line with Moscow’s interests. This is, however, not permitted in the Western world, where it is illegal for private companies to run their own hacking operations.
What is extremely concerning is the work that Positive Technologies has done in relation to SS7 -an international telecommunication infrastructure. The firm has been able to surpass encryption by finding weaknesses in SS7.
This is an issue much more extensive than just Positive Technologies. Private companies are actively engaged in cyber warfare, and Kaspersky is the largest Russian cybersecurity firm. The Americans have suspected Kaspersky for years; currently, they are banned from U.S. government networks. Kaspersky sells antivirus software all around the world, and the U.S. government believes that Russian hackers have used this software for spying purposes. Antivirus software can be a great spying tool, as it is designed to monitor everything that happens on a computer.
According to a report by Microsoft in October 2021, Russia was behind 58% of all state-sponsored hacking (in that year). The victims were government agencies and think tanks in the U.S., Ukraine and other NATO countries. According to the report, the success rate of Russian-backed hacking had jumped from 21% (in the previous year) to 32%.
The 2020 SolarWinds hack was yet another jarring event that demonstrated the devastating capacity of cyberattacks. In the future, we should be prepared for even worse events. As can be recalled, Russian hackers were able to compromise a software used by Fortune 500 companies and many government agencies, including the State Department, the Justice Department and the Pentagon. This was the second time in recent years that the Russians could penetrate the U.S. government. It was concluded that the organisation behind the attack was Russia’s SVR. We need to remember that SVR works closely with Russian private cyber firms. The NSA has stated that the SVR has been provided with a range of services by Positive Technologies.
An interesting part of the story is that the NSA (national security agency), which is the agency that is in charge of defending the U.S. from cyber-attacks and is actively engaged in hacking the networks of foreign countries, was utterly unaware of the breach until they were informed by
FireEye (a private cyber security company). Given this reality, governments will have to work closely with private companies if they want to be competitive in the space of cyberwar. Private companies can attract high levels of talent that governments need to engage with.
Back in 2016, when the DNC was hacked, they turned to a company called CrowdStrike to find the perpetrators behind the attack. Although working side by side with cyber-security firms is good for the government and for businesses, there are some possible consequences that need to be considered. Private companies have a business incentive to find and name the culprits of cyberattacks. They may come to a conclusion much faster, without sufficient evidence, due to their personal motivations. This could ultimately lead to the government spreading misinformation. It is imperative, therefore, that hackers are correctly identified.
Ransomware attacks are also a serious problem. Unlike state-backed hacking, which seeks out intelligence to gain strategic advantages, ransomware attacks are financially motivated. However, there are concerns that Russia has become a safe haven for hackers, even if the state does not back them directly.
What companies like Positive Technologies do for the Russian government is similar to what American security contractors do for the U.S. government. Although it is illegal in the West for private companies to undertake hacking, military contractors work directly under the supervision of the government. It is widely known that American cyber operators are highly skilled and engage in hacking for intelligence gathering. But in Microsoft's digital defence report, they have conveniently omitted such cases of American hacking.
- Private players will play a more prominent role in cyber warfare, by recruiting good talent that assists governments around the world in fighting cyberattacks. At the same time, they may also be the target of such attacks, require them to bolster their own security protocols.
- Although Russia remains a safe haven for hackers, it is important to note that state-backed hacking is not limited to itself and its private firms. All large countries are actively involved in hacking to further their national interests, and in the future, this issue could trigger further conflict.