Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/9/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Navigating the Security Maze in a New Era of Cyberthreats

Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.

As we look forward to the new year and the potential for a return to some measure of normalcy, we have the opportunity to consider how we might tackle the new challenges of the rapidly evolving cyber-threat environment going forward.

In particular, as cyber defenders in both the public and private sectors assess our posture and consider how our approach should shift going forward, it is strikingly clear that while we have made significant progress in strengthening our defenses and are getting better at raising the cost to our adversaries. However, we have yet to fundamentally shift our paradigm to account for the threats we face and to keep up with our adversaries' capabilities.

Related Content:

Cybercrime: Nation-States Go Prime Time

The Changing Face of Threat Intelligence

New on The Edge: BECs and EACs: What's the Difference?

In 2017, we saw two cyberattacks that have fundamentally shifted our understanding of the threat environment. NotPetya, a cyberattack aimed at Ukraine by Russia, spun out of control, causing $10 billion in damages worldwide. That attack taught us that collateral damage is a real thing in cyberspace and one need not be the direct target of a cyberattack to suffer significant harm. 

Likewise, the WannaCry ransomware attack conducted by North Korea, also in 2017, demonstrated the crippling effect such attacks can have on the public and private sector, including healthcare institutions. Less noticed by the public, but perhaps even more critical to the American economy, is the continued theft of core intellectual property by nation-states, principally China, which undermines the global competitiveness of American companies and directly threatens American jobs, particularly as we seek to grow as an innovation-focused economic power.  

This effort undercuts not only the work of large enterprises but also small startups that are highly dependent on the creation of new and unique intellectual property and which are increasingly at the heart of American economic growth. 

More recently, as the global COVID pandemic has spread, we've seen a marked increase in malware attacks taking advantage of the situation and targeting the response and recovery infrastructure, including international organizations and vaccine manufacturers. We've likewise seen attacks on medical facilities resulting, indirectly, in patient deaths, financial institutions and governments being robbed or defrauded of hundreds of millions of dollars, continued efforts by adversaries to put privately owned critical infrastructure at risk, potentially to shape or modify government behavior. 

This all takes place as we continue to see nation-states like China not only siphoning off billions of dollars of intellectual capital from across the globe as noted above but also extracting massive amounts of data to train sophisticated machine learning algorithms. Furthermore, China, Russia, and Iran are engaged in efforts to manipulate popular opinion and undermine the rule of law and confidence in elected leaders and key institutions.

Unfortunately, the threat landscape is likely to get worse before it gets better. With the broad rollout of 5G networks globally and increasing capabilities and use of mobile and Internet of Things devices, not to mention the new work-from-home environment spurred by the COVID pandemic, we are operating in a target-rich environment for both nation-state and private cyberattackers. And the lines between the two are increasingly becoming blurred. While we've long known that the Russians operate through criminal proxies, the advent of such double-dipping in China is troubling given the massive scale and sophistication of attacks that collusion between criminal and nation-state actors in China can bring to cyber-threat landscape.

Moreover, this rapid growth in infrastructure and threats also means that the workload facing cybersecurity personnel is growing faster than we can possibly develop talent. There simply will not be enough people to solve this problem and, as such, we must crowdsource the knowledge we need and leverage advanced technologies to address this shortfall. 

The good news is that the private sector and the government have been improving defenses. The cybersecurity conversation has made it into nearly every boardroom, even if directors and risk committees aren't always prepared — or equipped — to fully grapple with the myriad threats they face.

Corporate cybersecurity leaders are increasingly gaining a seat at executive leadership meetings and seeing budgets more aligned to the threat. And the government has finally started to get serious about the threat by taking the fight to cyber adversaries overseas under new authorities with advanced capabilities and working across traditional lines. We should preserve and expand on these efforts by doubling down on the defend forward strategy and persistent engagement mission of US Cyber Command overseas, and by expanding partnerships and joint training, exercises, and planning among our cyber defenders in government and the private sector.

Yet more needs to be done. Government and industry continue to operate in traditional silos, focused first on defending individually, rather than protecting collectively. To be sure, industry and government have done more to share information recently than perhaps ever before, but such sharing is simply one aspect of the larger effort. The real key is to be able to collaborate defensively at speed and scale across companies, industries, states, and national boundaries. 

As the Cyberspace Solarium Commission noted earlier this year, we need a paradigm shift to collective defense, with shared situational awareness and broad collaboration across the board. As we look to the next year, and think about change we need, when it comes to the cyber realm, it's worth remembering the old adage that united we stand, divided we fall.

Gen. (Ret) Keith B. Alexander is the former director of the National Security Agency and founding commander of the US Cyber Command, and currently serves as chairman, president, and co-CEO of IronNet Cybersecurity. Jamil Jaffer served in senior national security roles in the ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mikehamilton
50%
50%
mikehamilton,
User Rank: Author
12/9/2020 | 10:11:47 AM
What aren't we considering economic sanctions?
It seems to me that the time has come to look at other options besides 'defending forward' - specifically the use of market forces to change behaviors. If we started denying legitimate business traffic from governments that overtly or tacitly support cyber crime, my feeling is that the business community would put pressure on leaders to curtail the activity. Said another way, let the oligarchs go stand on Putin's desk and behaviors will change.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.