Cyber criminals operating in our increasingly digitized world have an abundance of online opportunities to exploit unsuspecting victims and make a profit, cause destabilization or both. Threats are so rife that MI5 head, Ken McCallum, recently cautioned (opens in new tab) the public to be vigilant of cyber-attacks (opens in new tab), misinformation, espionage and political interference, like they would with terrorism risks, as part of an annual threat update.
He said dependence on digital infrastructure (opens in new tab) in 2021 is a job for all. “Disruptive cyber-attacks such as ransomware can bring down everything from national institutions to your local hospital,” McCallum flagged. “If it ever was, cyber is no longer some abstract contest between hackers in it for the thrill or between states jockeying position in some specialised domain; in the 2020s, cyber consistently bites on our everyday lives.”
Although the British intelligence agency’s alert advises the public to take care, it also reinforces the point that governments have both an opportunity and responsibility to ensure they’re building a strong and secure network across the board.
And there was no time like last year to affirm how vital a strong cyber security foundation is for a nation. The assault on Ireland’s Health Service Executive in May exemplified the risks MI5 boss McCallum detailed. Radiology services, elective surgeries and more were brought to a halt in the immediate discovery of the attack.
Thankfully emergency services, pharmacy systems, and the coronavirus vaccination appointment system were unaffected. Even though many systems have been brought back online in the weeks since, according to the HSE’s chief executive, it could take many more months for hospitals within the network to fully recover from the incident.
Centrally organized security
To counter cyber-attacks on a national level a multitude of tactics need to be implemented. One way that governments can improve overall cyber resilience is to use defensive techniques that are centrally coordinated and can operate at scale, across multiple organisations and environments.
Every organization uses the Domain Name System (DNS (opens in new tab)) protocol, making this a relatively easy way to deploy security. By adding a protective layer to the DNS, many of the low-level attacks that would cause significant disruption – such as ransomware – can be eliminated.
This use of a consistent layer of protection across many organizations and environments has numerous additional benefits. It reduces risk of human error and makes deployment simpler, reducing issues with integration and the management overhead associated with new solutions. It also means common security threats that may affect multiple public sector organizations can be blocked at scale.
Specifically with regards to the Protective Domain Name Service (PDNS), created by the National Cyber Security Centre (NCSC), its objective is to negate the use of DNS for the distribution of malware.
If a domain is known to be bad, PDNS can intervene and prevent access, through the DNS query not being resolved. PDNS logs can also be used to understand and evaluate the level of risk posed by an attack.
Once a vulnerability is exposed, connections can be searched to give visibility into where and when vulnerable software was in use, which can then inform remediation.
The need for governments to collaborate
Having the right technology is only part of the solution, however, and sharing intelligence and collaborative response is just as important to improve worldwide cyber defence.
Firstly, on an international level. When cyber defence efforts are coordinated across borders, they can drastically hinder cyber-criminal operations and work towards a safer environment for all nations. This was the case with the takedown of EMOTET, for example. The cybercrime (opens in new tab) service that acted as a platform of choice for criminals to launch attacks had its infrastructure dismantled after security authorities in the UK, US, Netherlands, Germany, France, Lithuania, Canada and Ukraine collaborated alongside Europol. The result was an end to numerous threats which spanned ransomware, data threats and more.
Secondly, collaboration between government and the private sector. Most recently this was seen in the Biden administration following a cyber security summit at the White House. The US Government announced that it would work alongside major tech companies including Apple, Amazon and IBM. While Google and Microsoft have pledged billions of dollars in cyber spending to improve the cyber posture of the US.
Following a year rife with attacks, there’s undoubtedly still a battlefield that lays ahead, but in forging such extensive public-private collaborations, the scale of the ambition to improve security has seemingly been realised and the appropriate level of resources committed.
With governments collaborating on attack response and relationships being built with global firms, we face a real opportunity to improve cyber defences worldwide. Changes need to happen at scale if we’re going to stem the tide of cyber-attacks and these partnerships will allow us to evolve protection deep within the infrastructure and broadly across the world.
Most importantly, as we start to make small steps towards recovery post-pandemic, we need to firm up our cyber defences and ensure that the critical services we rely on continue to be protected. From a technical perspective, we need more layers of defence.
From an international relations perspective, tackling cyber security on a global level will make it harder for cyber criminals to continue to succeed as their operations are taken down. It’s by pulling these common threads within our defence that we can enhance protection at scale, across multiple industries and geographies. It will allow us to generate the most value from our cyber defence efforts possible, creating a more secure environment both now and in the future.