Nation-State Threat Actors
There has been a rise in the number of cyberattacks attributed to nation-states. Whether this increase is due to a rise in nation-state activity in this domain or more accurate law-enforcement detection is uncertain; however, it is time to take a look at nation-states as a serious threat actor and start to look at what we know about them. Nation-states’ motivations and capabilities differ from traditional hackers and cybercriminals and as such may require a different response in mitigating threats.
When a nation-state launches a cyberattack against another nation, we call it cyber warfare. There may be little difference in the malware used, the vulnerability exploited, or the ending result between a cyber attack by a nation-state or a cyber attack by a traditional cybercriminal. If your organization is the recipient of such an attack, you may never know who was behind the attack, and because the methods and results are the same, you may never know if it was cyberwarfare or cybercrime. The difference between cyberwarfare and cybercrime then is in the threat actor.
The motive might be an indicator of who is behind an attack, but determining motive is tricky. A cybercriminal’s motive is typically money; they attack if they can get paid. However, a nation-state could also launch a cyberattack for a monetary motive—to destabilize a foreign economy as a part of economic warfare or to help fund its programs. Money as a motive might not be proof that cybercriminals are behind the attack.
Often people assume a nation-state will seek to destroy or take down systems rather than seek monetary gain from an attack; however, if an attack is classified as exclusively destructive and not financially driven, this does not automatically mean a nation-state was behind the attack; a hacker could have an ax to grind, or an activist could be trying to make a statement. The motive of destruction without financial gain also does not clearly indicate who is behind an attack.
Of course, nation-states have always been engaged in espionage activities and have used the cutting edge of technology for their craft. I have heard people use the term cyber espionage, but really it is the same old espionage using new technologies.
Gone are the days of thinking that nations only conduct espionage against other nations. Maybe movies are to blame for the naïve thinking, where nations are portrayed as spying on other nations to gain intelligence on military matters. Today we know that often companies are the targets of intelligence gathering from other countries. Generally, gaining intellectual property is one of the objectives of spying on organizations. If a nation can save money on research and development to gain an edge over another nation, it will put their organizations at a competitive advantage. The organizations and economies that did the initial research are now at a disadvantage. The theft of intellectual property is more closely comparable to economic warfare than it is to traditional espionage.
Aside from cyber warfare and cyber espionage, you have cyber terrorism, the goal of which is to create fear and destabilization. Typically, it is small terrorist organizations that have an ideology that is opposed to Western culture. Nation-states may augment terrorist cyber terrorist activities by supporting “common” enemies. Nation-states may also pretend to be terrorist organizations in order to start wars or sway public opinion as part of psychological warfare.
In a series of recent webinars, I covered more on this topic including:
Known nation-states engaged in cyber attacks
Recent cyberattacks by nation-states
Motives or goals of nation-state attacks
Known attack methods
Advantages of a nation-state
In the past, nations became superpowers by having nuclear bombs that could be delivered around the world. Today this is seen as a bad strategy because of the mutual destruction of every nation that results from such an attack. No nation would survive unharmed if there were a nuclear war. Nuclear arms are more of a deterrent superpowers have in order to maintain “some” balance. Today to be an apex nation you need cyber capabilities. Instead of mutual destruction, the aim is to weaken other nations. Imagine a list of nations ranked in power and influence from top to bottom; cyberwarfare is now being employed to move a nation up or down the rankings.
Generally, this ranking of nations is closely tied to the economy. We could call it economic warfare or cyberwarfare; however, not all cyberwarfare is economically driven and not all economic warfare uses cyberattacks. However, there are nations that view this a competition for the best nation, and “winning” is a long-term project of those who seek to undermine the United States and Western nations.
Technology is definitely a key factor when it comes to who is and who will be the future superpowers. Not only does technology give a nation an upper hand in conventional warfare; it also gives it an advantage in cyberspace. Technology is often the deciding factor today, so much so that Putin predicts the nations that have artificial intelligence will be the new superpowers. No doubt the weaponization of artificial intelligence is the next arms race we will face.
An interesting twist to this technological arms race is that while nations try to horde information or classify technology that gives them an advantage in warfare, companies are actively seeking to democratize technology. The idealistic notion is that we can level the playing field if everyone has access to technology. Somehow this is seen as a path to enriching the lives of everyone on the planet. The problem is giving technology to everyone to enrich everyone assumes everyone will put it to use for good and not bad. Unfortunately, this will destabilize the status quo and potentially get technology in the wrong hands.
One last note, nation-states are not to blame, we have a tendency to post too much information online. It is estimated that 98 percent of the information nation-state intelligence organizations are looking for is on the Internet. Mining the “BIG data” of the Internet and correlating what is found to paint an accurate picture is becoming easier. A recent study found 27,000 people working in the intelligence sector have information on LinkedIn including the code names for projects. We seem to be making the job of espionage even easier.
There is a long history of technology intersecting with warfare and espionage. A great book on the topic is Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage by Gordon Corera.
Cyber Intelligence Sharing and Protection Act 2012