Predicting Russian Cyberwar: A Look Back
Information security predictions are ease to make and usually wrong. However, a look at how escalating international tensions combined with nation-state hacking power could cause a significant cyberwar turned out to be pretty precise.
From November to December, the cybersecurity punditry makes it its business to give InfoSec predictions for the year to come.
As Ive noted in my own recent prediction series, these usually come to little more than safe, semi-educated guesses about how obvious trends will continue and that everything will gradually get worse. (See
My Cybersecurity Predictions for 2018, Part 1: Following Trends & the FTC
,
My Cybersecurity Predictions for 2018, Part 2: GDPR Hype Is Hype
,
My Cybersecurity Predictions for 2018, Part 3: Protecting Killer Cars
and
My Cybersecurity Predictions for 2018, Part 4: Regulating Encryption
.)
One such prediction about 2017 from 2016, however, bears special attention and analysis.
In a November 9, 2016,
blog post
, a collection of BeyondTrust Security Experts teamed up to make ten cybersecurity predictions for the coming year. Most of them are pretty bland, tracking tame industry trends -- predictions concerning increased awareness of password issues, industry attraction to alternative authentication solutions, increasing numbers of various types of already popular attacks, and government involvement in IoT security (See
IoT Regulation Could Save the Internet
).
To their credit, however, they led off with a real showstopper -- that a recognized act of cyberwar by a nation-state would occur.
Following trends in eastern Europe
The first nation state cyber-attack will be conducted and acknowledged as an act of war
, read BeyondTrusts #1 prediction for 2017.
(Source:
Steppinstars via Pixabay
)
Justifying the prediction, BeyondTrust cited both the Stuxnet worm -- widely
credited
as a nation-state exploit designed to disrupt rivals of the US and/or Israel -- and cyber attacks that have disrupted power grids.
The latter point is particularly salient. Attacks by Russian actors on essential Ukrainian infrastructure have been seen by the InfoSec community as a collection of cyberwarfare skunkworks projects. The Ukraine, pundits posit, is a sufficiently obscure eastern European nation at sufficient odds with Russia such that it has more or less been safely used for cyber target practice by the latter.
Since 2014, Russia has been engaged in military intervention against the Ukrainian government. A successful 2015 spear-phishing campaign followed by extensive cyber-recon allowed a group linked to Russia to
completely shut down
the Ukrainian power grid for up to six hours -- leaving operational difficulties that persisted for months after the fact. Since then,
additional cyber attacks
have persisted against multiple Ukrainian sectors. German government agencies, too, appeared to have gotten caught in the cyber-crossfire around the time of diplomatic talks between Germany and the Ukraine. In all of these instances, fingers point to Russian nation-state actors, but Russia denies wrongdoing.
Ukraine is hardly the only nation to have seen its geopolitical tensions with Russia erupt into warmongering cyber attacks, however.
In the five-day Russo-Georgian War of August 2008, a massive DDoS attack against 54 Georgian websites (thats Georgia the country, not Georgia the US state)
was apparently coordinated
to coincide with traditional physical attacks involving tanks, soldiers and bombs -- disrupting the Georgians supply of information and transactional abilities while hampering the Georgian governments ability to spread its own propaganda online to attract international sympathy and support. Similar DDoS attacks began against Georgian government sites
as early as July 20
-- less than three weeks before the shooting started. InfoSec researchers theorized that these preliminary DDoS attacks were a dress rehearsal of sorts to help gear up for the real thing.
And yet other cyber attacks against sovereign entities have been to Russian actors even before this 2008 war. (See
Dispatch From the CyberWar: An Interview With Joseph Carson
.)
For what its worth, the Russian government has denied all such cyber involvement -- and
hard proof has been hard to come by
; attribution is notoriously tricky when it comes to tracing hackers. Moreover, private-citizen black-hat Russian hackers going after foreign targets have long received certain degrees of protection from the Russian government. Still, the smart money seems to lie in the Georgian narrative that the 2008 cyber attacks were directed by the Russian government as part of Moscows war effort. Accordingly, information-security and cyberwar experts tend to identify these DDoS attacks as the actual
first recognized acts of cyberwarfare
committed by one nation-state (even if not purely directly so) against another.
Accordingly, BeyondTrusts basic prediction seems to fall on its face as a matter of question-begging; a cyberattack… conducted and acknowledged as an act of war seems to have already occurred.
How large is large?
Perhaps BeyondTrust simply wasnt aware of the details of the start of the Russo-Georgian War. But lets give the security firm the benefit of the doubt by reading their explanation more closely.
2017 will see the first large scale attack by a nation, against another sovereign nation, elaborated BeyondTrust, and be acknowledged as an attack and the techniques used considered as weapons (albeit software, malware, vulnerabilities, and exploits).
If we emphasize the words large scale, we can be a bit more generous in the reading. Sure, Georgia is not a particularly big nation, so those 54 websites might have been enough to wreak
very
large-scale havoc -- particularly because they did not seem to hamper the operation of other vital infrastructure, and especially given that the war in question officially lasted less than a week. Moreover, in all of the above examples, Moscows involvement has not been readily proven.
Russia, of course, is
not the only nation
to be reputed to be engaged in cyberwarfare tactics. Even though Russian officials have apparently been caught and charged with illicit cyber intrusions, so too is the case for the officials of other nations (such as
China
) -- without any talk of acts of war. (See
DOJ Charges Russian Agents in Yahoo Breach
.)
Yet now, with 2017 come and gone, conversations about Russias cyber-warmongering have taken a drastic turn amid accusations that the Russian government engaged in a lengthy and far-flung campaign throughout 2016 to interfere in the US Presidential Election. (See:
The New Nation-State Normal
.)
Cold War 2.0
As usual, Moscow has fervently
denied
any accusations of cyber-meddling -- despite recently released statements to the contrary
by an imprisoned Russian official
. Despite Russias denials, Russian interference in the 2016 US Presidential Election has been generally accepted as fact.
Interestingly, BeyondTrusts blogged prognostication (blognostication?) of an act of cyberwarfare came the day after Election Day in the US -- when Donald Trump was elected President. Might this be what BeyondTrust had in mind?
Indeed, US sanctions against Russia followed -- and, lo and behold, a US State Department official has recently come right out and actually referred to these acts as an act of war.
I will tell you that when a country can come interfere in another countrys elections, that is warfare,
declared
Nikki Haley, US Ambassador, at a forum three months ago in New York as she referenced Russias putative electoral interference. I find it fascinating because the Russians, God bless em, theyre saying, Why are Americans anti-Russian? And why have we done the sanctions? Well, dont interfere in our elections and we won’t be anti-Russian.
It would seem that this satisfies the BeyondTrust prophecy -- except that BeyondTrusts prediction technically reads that the cyber-act of war itself would be conducted in
2017
(well after the US election that Russia is said to have interfered in).
Looking back to Europe
This detail doesnt leave BeyondTrusts prediction dead in the water, however. Consider that Haley further referred to a
massive cyber attack
-- widely attributed to Russian nation-state actors -- on Emmanuel Macrons presidential campaign in France this past spring in an apparent effort to spread propaganda that would swing Frances presidential election in favor of Macrons populist opponent, Marine Le Pen.
We didnt just see it here. You can look at France and you can look at other countries, continued Haley. They are doing this everywhere. This is their new weapon of choice. And we have to make sure we get in front of it.
The attack of Macrons campaign -- in tandem with other headline-grabbing cyber attacks – led Guillaume Poupard, director general of the National Cybersecurity Agency of France (ANSSI), to declare that the world was on the path to a permanent cyberwar.
We are getting closer, clearly, to a state of war, said Poupard, A state of war that could be more complicated, probably, than those weve known until now.
Macron went on to win his countrys election despite the cyber attack -- and,
reportedly
, investigators seem to have found but minimal links between the hack and Russian nation-state actors. Nonetheless, it is fair to say that multiple nations have identified and attributed a cyber attack as an act of war by one nation state against another.
Consequently, we can magnanimously give BeyondTrust a nod of recognition here for making an honest-to-God out-on-a-limb prediction and getting it
right
(kinda). The only real question remaining is if (or when) such a cyber-act of war will lead to an IRL bomb-dropping war.
An unsettling thought. Maybe thats why the pundits play it safe.
Related posts:
IoT Regulation Could Save the Internet
Uber Loses Customer Data: Customers Yawn & Keep Riding
Common Sense Means Rethinking NIST Password Rules
—Joe Stanganelli, principal of Beacon Hill Law, is a Boston-based attorney, corporate-communications and data-privacy consultant, writer, and speaker. Follow him on Twitter at @JoeStanganelli.
Tags:
Predicting Russian Cyberwar: A Look Back