Combating threats in the Cyber Space - I

by Sohini Bagchi    Feb 04, 2013

cyber security pic

There was a time when state wars were fought by the brave soldiers with only physical weapons. However, in the past decade, the concept of war had undergone a sea change – moving from the conventional physical space to the cyber space. Today cyber attacks and cyber espionage activities on governments and private organizations have become rampant with massive technological development. At a recent Kaspersky Cyber-Security Summit in New York City, security experts agreed that if the government and businesses do not take action promptly, cyber war attacks can have disastrous consequences.

According to Costin Raiu, Director of the global research and analysis team, Kaspersky Lab, “What works well for cyber threats is that the technologies used are several times cheaper than physical attacks and are far more effective. As against a conventional attack, a cyber attack is often conducted stealthily, without any notice, which turns out to be even more precarious. This is a key reason such threats require a high level of alertness. The Stuxnet virus, the first example of a cyber attack in the real sense, has demonstrated the impact that cyber attacks can have on critical infrastructure of government and organizations. This was followed by several others such as Duqu, Gauss, Flame, Shamoon and many more.

Threats to government
As governments all around the world are concerned about the security of their digital infrastructure, they are increasingly investing in cyber warfare capabilities to support offensive operations destroying enemy defense infrastructures. The other objective is to meddle with the technological capabilities of the enemy thereby infecting their critical infrastructures.

A cyber attack can cause similar damage of a conventional attack and its spectrum is very wide, believes Eugene Kaspersky, founder and CEO Kaspersky Lab. In general, a cyber weapon could hit every critical infrastructure and vital system of a country such as the industrial control systems, electric power supply grids and utilities, communications network, defense and military systems, healthcare, banking and financial systems, among others.

Urging government to decline from using cyber weapons Kaspersky mentions that often the victimized nation can modify any cyber weapon that is used against them and hit the attackers even harder, which he describes as the ‘boomerang’ effect. In contrary, there is room for greater cooperation between nations to share information about threats and attackers in cyberspace, he believes.

Agrees Howard Schmidt, former cyber security coordinator for the Obama Administration. He believes that cyber weapons are often reverse engineered and should be regulated just like nuclear or chemical attacks in the conventional war. He pointed out that a key challenge for the government and enterprises is to find out the constantly changing the nature of crime and espionage in the cyber space. “It all started with stealing state and military secrets. Then it started to move to the private sector, which is now under tremendous attack,” he says adding that the current situation requires partnership between nation states as well as public and private sector collaboration.

Enterprise under attack
The sophistication of cyber attacks is growing in the private enterprise segment. Expert opines that the growth of mobile devices and apps, especially smartphones and tablets, are leading to greater chances of cyber threats at workplaces. The trend known as bring your own device (BYOD) has transformed the entire business landscape, opening up a greater potential gateway for attackers. “The issue of trust comes to questions with most businesses struggling to come up with the right mix of technologies and policies in BYOD,” says Lawrence Orans, Research Director, Gartner. At the same time, with more enterprises moving their critical information to cloud and leveraging social and big data, the need for greater security continues to grow.

Hactivism is also another area of concern for companies. Orans believe that cyber criminals will continue to take advantage of Advanced Persistent Threat (APT), Social engineering tactics and spear phishing attacks to garner more critical information.

Cyber threats demand attention…
Whether it’s the government or the private enterprise, cyber threats are inevitably disruptive and demand greater attention. Kaspersky urges government and private security professionals to think beyond traditional risks. There should be greater efforts by governments and companies to promote education in cyber security space.

Another international cyber security summit held in Dublin in autumn 2012 also focused on greater collaboration between business and IT security so that they are ready to mitigate cyber risks with the help of specialist skills and training. The training should focus on the ethics and protocols that organizations are expected to follow while treading the cyber security space, according to Schmidt.

On the whole, combating threats in the cyber space requires tremendous international cooperation and treaties, coupled with training, education and awareness before we begin to witness larger scale global cyber catastrophe.