License to hack: State-sponsored hackers are upping the ante

License to hack: State-sponsored hackers are upping the ante
© Getty Images

At this year’s World Economic Forum in Davos, the threat of large-scale, state-sponsored cyberattacks was top of mind among the government and business leaders in attendance. Many world leaders now fear cyberattacks more than disease, terrorism or food shortages. Warren Buffett famously called cyber threats mankind’s number one problem, even over nuclear weapons. The U.S. military has already formally recognized cyberspace as a new potential battlefield alongside air, land, sea, and space.

A quick walk through the global digital landscape confirms the magnitude of the problem. In December 2015, Ukraine suffered what may be the first known successful cyberattack against a power grid, bringing darkness to more than 230,000 residents in the region for an hour. While investigators could not confirm it was a state-sponsored attack, it exhibited all of its fingerprints: well-planned, sophisticated, with the markings of a dry run for a more prominent and destabilizing assault in the future.

State-sponsored attacks are highly complex, often well-funded, executed through intermediaries and capable of causing widespread disruption. China, Russia, Iran, and North Korea are believed to be key actors in a threat that are estimated to hit $8 trillion in economic impact by 2022.

ADVERTISEMENT

The counter to these threats, referred to as the Third Offset Strategy, involves the combined power of humans and machines working together. Human intelligence assisted by artificial intelligence to outpace and out-think our enemy is fast becoming the new conventional battlefield – and it’s a physical and virtual one.

 

We all have to be 'in it to win it'

The absence of general cyber awareness, sometimes called cyber hygiene, is often identified as the primary source of attacks, leaks, or security incidents. Corporations and governments are starting create a battle rhythm around cyber — often driving from the board level down greater organizational awareness, to add another layer of defense.

Spearfishing remains the most oft-cited entry point. Securing the rapidly expanding set of IoT entities from attack is becoming more critical. Employee behavior and vigilance is at the forefront. Reducing the cyber risk aperture is every bit as important as securing financial assets for companies and agencies. We must complement employee knowledge with automated capabilities like artificial intelligence to assist in identifying potential attacks. In tandem, the tools help employees and enterprises recognize threats on their own and lead to real behavioral changes in the workplace. Government initiatives like the Stop.Think.Connect campaign are working to educate different segments of the American public on cyber threats and the shared responsibility of protecting our critical networks.

Sophisticated state-sponsored cyberattacks raise the stakes. The often interdependent relationship created by the internet requires a level collaboration on this battlefield we rarely needed in analog days. This requires strengthening public/private partnerships to ensure the protection of both the nation and its citizens from large-scale attacks. Although we’ve seen some progress with sharing information and analysis, we have to create a much more trusted relationship between players. Our biggest cyber threats, problems and concerns can only be managed by collaboration rather than working in silos. We need national policy direction (and debate) to improve the combined forces approach demanded by the threats.

Cyber battles will be won on artificial turf

In cyberspace, we live in an asymmetrical era of algorithmic warfare, where AI and machine learning must augment human capabilities. Detecting threats through system logs or a list of already known threats are no longer sufficient. Simply stated, cyber is a data problem.

It starts with the philosophical approach of defense in depth — we must assume bad actors are already inside, instead of the leaning solely on traditional strategy of strengthening the perimeter. Exponential growth of IoT devices generating massive quantities of data from ever-growing sources means we must be able to cut through virtual clutter and observe what is happening in real-time.

To defend against state actors who deploy multi-front innovative approaches to cyber exploits, we must leverage the power of high speed data analytical platforms in combination with behavior-based detection capabilities. Identifying anomalies in our networks, systems, and endpoint devices offers potential to rapidly identify potential penetrations. For example, companies like Countertack, SS8, BluVector and Darktrace are putting AI-driven behavior-monitoring to work to create cyber immune systems within critical infrastructures. These and other tools will play a huge role in prevention — as we must reach beyond enterprises to the door of threats, to make this a game more costly than it is worth to our adversaries.

Despite warnings of AI’s potential dangers, these technologies will play a crucial role in protecting our critical infrastructure, giving us an edge against our adversaries. AI techniques like behavior based detection can quickly identify network abnormalities and inform analysts rapidly for remediation. They will be key as we see increasing amounts of against machine conflict.

Armed with multiple motives and with an increasingly sophisticated set of tools, state-sponsored bad actors will continue to be a serious and viable threat to our national security. Our competitive and strategic edge as both an economy and a nation-state is driven by our advancing technological edge. Public awareness, improved collaboration and leveraging our bedrock technical capacity will enable us to sustain that edge over our competition and adversaries, and win on today’s and tomorrow’s virtual and physical battlefields.

Mark Testoni is the CEO and president of SAP National Security Services.