Just over ten years ago, the existence of Stuxnet first became public knowledge. Aimed at Iran, the sophisticated computer worm destroyed nearly one-fifth of that country’s operating centrifuges, which are used to enrich uranium for nuclear power. The bug, which was widely reported to be a joint creation of the U.S. and Israel, was believed to have slowed Iran’s nuclear program by up to two years.
Eric Trexler is VP Sales Global Governments and Critical Infrastructure at Forcepoint (opens in new tab).
Stuxnet was an outlier at the time, but more and more, in fact almost all, countries around the world are integrating cyber strategies into their overall defense capabilities. Cyberattacks affecting Iran, China, the US, Europe, the Ukraine, and many others, haven’t gone away – they’ve increased in prevalence and their implied acceptance as the new norm.
We should expect that cyber activity impacting not just military targets, but government organizations, communications systems, and all critical infrastructure will be one of the first signs of impending physical, or kinetic operations. Look for increased targeted and significant cyber activity and you will be able to determine likely hostile imminent intent.
We’ve already seen how powerful ransomware (opens in new tab) has become over the past year, and with the backing of a nation state, the tools, techniques and procedures to execute such an attack are perfectly poised to become a central part of warfare. Malicious files (opens in new tab) can be spread around the world instantly, with low cost and an equally lower risk. Not only do many nation states have the capability to do this themselves, ransomware-as-a-service is also rapidly on the rise.
This month we saw Microsoft warning about six threat actors from Iran undertaking professional ransomware attacks. The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September 2021 they have seen more than 400 attacks on US and international organizations involving the Conti ransomware variant alone. This particular variant, while not the most prolific out there, is run as-a-service, which means nation states could pay a third party to carry out attacks on their behalf and cause additional obfuscation and uncertainty.
The UK is no exception. In 2020, the UK government announced its own cyber-attack agency called the National Cyber Force. Drawing on personnel from across UK Government agencies including GCHQ, the MoD and Secret Intelligence Service (MI6), the Force will use cyber operations to disrupt what it sees as hostile state activities, terrorists and criminals threatening the UK’s national security.
Using ransomware or other cyberattack techniques to disrupt governments or critical infrastructure might not seem as directly lethal to citizens as drone strikes or other more physical attacks. However, shutting down hospitals, energy suppliers or food production, all of which has happened this year, can cause great harm and significantly impact people’s lives. In addition, the disruption they can cause in terms of their ability to dictate political outcomes or seed general discontent and confusion in populations should not be underestimated.
A lot of attention is paid to these risks at a national level, but government at a local level can be particularly vulnerable. Without the cybersecurity (opens in new tab) budget or technologies in place to respond effectively to ransomware, they might pay ransoms without addressing the factors that led them to fall victim in the first place. Additionally, local government will almost certainly be targeted in attacks by foreign military forces.
One recent UK example is Hackney Council, which was hit by an attack in October 2020, that continued to impact the organization’s systems for more than six months, and is thought to have cost as much as £10m to rectify. In a recent survey, approximately one-third of local governments reported falling victim to ransomware in the past year. With so much opportunity to quickly copy and automate these kinds of attacks, combined with the lack of risk to the attackers themselves, that figure is guaranteed to increase.
A growing threat surface
The UK’s National Security Centre has blamed cyber-criminals based in Russia – including a group known as ‘Wizard Spider’ – for several significant ransomware attacks, including one that targeted Ireland’s Health Service Executive and disrupted healthcare for several months, forcing the mass cancellation of routine appointments, blocking access to patient records and delaying testing and treatment services. In the US meanwhile, a disruptive and high-profile ransomware attack on Colonial Pipeline earlier in 2021 caused a fuel supply disruption to a large part of the east coast of the United States.
Smart cities are particularly vulnerable to cyberattacks, as the UK’s National Cyber Security Centre has warned. As more aspects of a traditional city—from transportation to lights to resource management—are connected to the Internet, the more they are at risk of cyber disruption. Connectivity breeds convenience for service consumers, but also for attackers. Earlier this year, a ransomware attack on the Pimpri-Chinchwad Municipal Corporation Smart City in India infected nearly 25 of its project servers, thought to be the first known cyberattack on a smart city. Fortunately no data (opens in new tab) was lost and the ransom was not paid, but the servers (opens in new tab) required rebuilding at an estimated cost of half a million pounds.
In addition to local level government targets adversaries will target critical infrastructure supporting cities and military bases crippling not only the local population, but the military’s ability to deploy capabilities to respond to kinetic attacks or project power. We can look no further than modern day hotspots including Ukraine and Taiwan for likely future examples. What does this all mean?
Our expectation is that in 2022 we’ll likely see more cyberattacks from nation states impacting both enterprises and government services globally. Critical infrastructure organizations in particular need protection in order to avoid societal disruption. Calls for a new international treaty to regulate cyber operations – a “digital Geneva Convention” – continue to rumble on. As more governments and governing bodies embark on more regulatory oversight of cyber, the situation is set to evolve further. Diplomacy coupled with strong cyber capabilities will be critical for nation states moving forward to protect their people, their infrastructure, and world peace.
Land and sea borders have historically been the way nation states have protected themselves from direct attack on the homeland, but tomorrow’s conflict will not have that buffer. With all targets only a keystroke away, this is something governments at all levels must take seriously.
- We've featured the best identity management software.