In recent years, we have seen a significant rise in the number of state-sponsored or influenced cyber-attacks. The diverse nature of the digital landscape is such that these attacks come in many forms, from attempts to influence the US presidential elections with misinformation to the hacking of Sony Pictures or the sustained programme targeting Australian government and business entities through the summer of 2020. The sophisticated nature of these attacks makes them both difficult to detect and to prevent. The targets of these attacks, and the rewards sought, should be of significant concern to cybersecurity professionals worldwide.
Believe it or not, there is a set of UN norms established for what is considered “responsible state behaviour” in cyberspace. It comprises 11 fundamental tenets that all states should adhere to:
- Interstate cooperation on security
- Consideration of all relevant information
- Prevention of the misuse of ICT in individual states
- Cooperation to prevent crime and terrorism
- Respect for human rights and privacy
- A commitment not to damage critical infrastructure
- A commitment to protect critical infrastructure
- To respond to requests for assistance from member states
- To ensure supply chain security
- To report ICT vulnerabilities
- To do no harm to emergency response team
A glance through the cybersecurity headlines over the five years since these guidelines were established shows they might not be worth the paper they were written on. Whilst it might be tempting to write off the escalation of state-sponsored cybercrime as a logical evolution of old conflicts and animosities, it’s not just the usual suspects becoming victims. Democratic states like Norway have also fallen foul of cyber-attacks in recent months.
Whether the objective is to destabilise a government, sow misinformation and distrust, steal intellectual property or pose an existential threat, cyber-attacks are increasingly becoming the weapon of choice for digitally enabled states. The question is, what can be done about it?
A digital defence
As the world has become increasingly connected, the adoption of cloud services, mobility and the rapid growth of the IoT have created a vast landscape with multiple points of access. Now, more than ever, it is true to say that it’s not a matter of if a system will be breached, but when.
Even traditionally siloed systems like CCTV networks, command and control systems for aerospace (incl. space and satellite launch & communications) or SCADA networks for critical national infrastructure have become connected, exposing them to a range of cyber-attacks; from theft of data to unauthorised surveillance, rogue data injection or sabotage.
Cybersecurity technologies can loosely be divided into two categories: prevention and protection. Prevention technologies are designed to stop unauthorised access to systems. Protection technologies, like encryption, are the last line of defence against data theft or manipulation in the event of a systems breach.
For critical systems carrying any type of sensitive data, cybersecurity professionals should be looking for solutions that offer high-assurance data protection without compromising on systems performance. It is important to note that not all encryption solutions offer the same level of data protection. In order to meet the high-assurance benchmark, solutions must exhibit four core features:
- Be contained within dedicated, tamper-proof hardware
- Provide authenticated, end-to-end data encryption
- Leverage proven, standards-based encryption algorithms
- Incorporate secure encryption key lifecycle management
Alternatives, such as IPSEC or MACsec based solutions, embedded network devices or solutions that include encryption as an add-on do not provide the same level of long-term data protection.