Cybersecurity: A Modern Threat

Nowadays, the term of cyber-attack or cybersecurity pops up very frequently on the news and across the internet. As bold as this term sounds, a cyber-attack constitutes a digital crime that very few understand along with the risks that entail for its next victim; whether that be a governmental body, a company or simply an individual. This article aims to analyse this modern threat by breaking down its characteristics through various case studies.

Cybersecurity: the meaning

While interconnection and interdependency grew bigger and bigger across different sectors, cyberspace has become more complex and multi-layered exhibiting the following characteristics: physical, due to its geographic components and physical infrastructure; logical, due to its logical network components; social, due to its persona components (Clemente, 2013).

As a new form of security, this term lacks a commonly accepted international terminology. For the United States, ‘a cybersecurity incident is defined as a violation of an ‘’explicit or implied security policy’’ (Cichonski et al, 2012; quoted in Council of Economic Advisers, 2018: 2).

According to Stevens, the definition of cybersecurity comprises the means to ‘’protecting and defending society and its essential information infrastructure but also a way of prosecuting national and international policies through information-technological means’’ (Stevens, 2016).

Meaning that cybersecurity can also exert political influence on a national and transnational level, as cyberspace knows no borders (Stevens, 2018).On the same way traditional politics focus on the distribution of influence and exertion of force on a national or international level, ‘cyber power’ has become another modern tool for exerting political pressure.

 ‘Introducing the cyberattack’

Making its first appearance in scientific papers around late 1980, the term was mostly conveying a technical rather than a political notion. Throughout time, cybercrime became profit-oriented, gradually extending into the social structures of the society. As a result, modern cybersecurity constitutes a complex issue with social, political and economic aspects. To put it more simply, it affects a wider range of the society, from individuals to inter-governmental bodies with economic, technical and political implications.

Among the 6 most recognisable forms of cyber-attacks, some are quite common while others are less known. The most popular are the malicious software or malware¹, ransomware², spam and phishing³. On the other hand, there are some types of cyberattacks more niche including the Distributed Denial of Service (DDoS)⁴, Corporate Account Takeover (CATO)⁵ and ATM Cash Outs⁶ (Commonwealth of Massachusetts, 2019).

In an era of digitalisation, everyone that uses the internet can become a victim of cyber-attack; from individuals to multimillion organisations and governmental bodies. ‘We all have something of value that is worth something to others’, as the National Cyber Security Centre indicate (NCSC, 2018c). With the evolution of digital technology, cybercriminals have become better skilled and more sophisticated, but also have built a well-structured business model, clearly profit-driven by selling hacking tools online to selling their services to third parties.

Among the most common cyber threat actors, a US report – released from the Council of Economic Advisers (CEA) – categorizes them into the six following groups: (1) nation-states, engaging in espionage; (2) corporate competitors, seeking illicit access at the expense of their competitors; (3) hacktivists, private individuals or groups with political motives, carrying high-profile attacks; (4) organised criminal groups profit-driven; (5) opportunists, amateur individuals motivated by notoriety; (6) company insiders, looking for revenge or financial gains.

Today, nation-states account for one of the fastest-growing categories of malicious cybersecurity incidents, according to a PwC report in 2014 (PwC, 2014; quoted in Council of Economic Advisers, 2018: 4). Based on CEA’s report, there is a citation of Verizon’s 2013 findings where ‘China accounted for 96 per cent of economic espionage cases in its annual dataset of data breaches’.

In a baseline, a low-profile fraudster will seek to gain economic advantage, whereas the objective behind a high-profile cybercriminal will be a political belief or ideology. In relation to the economic motives, the percentage of large companies in the UK that report security breach is quite shocking; around 81%, following the NCSC Common Cyber Attacks Infographic (NCSC, 2018a).

The methodology and tactics that cybercriminals follow constantly evolve and become more intelligent. Today, a cyberattack can be executed via different portals such web and mail; decoding of encrypted data; removable devices; unauthorised activity on security systems; access on lost/stolen devices. Of course, there are tools that can protect us from these malicious attacks such as the use of trustworthy sources; the careful exchange of information; the establishment of security controls on digital equipment (such as malware or firewalls). But most importantly, the contribution of the cybersecurity courses for individuals or companies is vital for assessing threats on the cyberspace.

Looking ahead into the future

Remarkably, cyber threats are socially constructed, as they have the ability to directly harm the social structures of society. Undoubtedly, individual, companies and states have become more vulnerable to external infiltration from groups or states that seek to exert pressure. Not knowing how to assess a cyberattack, panic often prevails due to uncertainty. The following sections focus on the collective attempt to eliminate cyberattacks on the national and next international level.

• On the national level

While cyber-enabled terrorism still constitutes an imminent risk, the most common causes of cybercrime are profit-driven causing low damage under the form of organised crime and/or hacking. According to political experts and analysts, ‘there is little chance… for a massive cyber operation, due to limitations of the weapons and the consequences for action’ (Valeriano and Maness, 2018).

However, policymakers should not fall into the trap of under-prioritising low-level cybersecurity, just because it does not put them under direct risk. On a digitalised and globalised world, public and private sector are more entangled than ever. On both cases, any cyberattack can cause societal harm. From low to high profile threats, policymakers need to think strategically how to protect the public from a cyberthreat.

Here, it is essential to highlight that due to the interdependency and overlaps across multiple sectors, the consequences of a potential hit can easily cause a spillover across other infrastructures of the society. A good example here is a power cut which can cause a barrage of damages on other sectors such as communications, health, financial services, transport and government. Mutual trust and data exchange between the private and public sector is essential for identifying cybercriminals. Therefore, designing security measures that will protect the society from similar threats while compromising the freedom on the cyberspace, is the key to success for optimal balance (Clemente, 2013).

Last but not least, the re-prioritisation of the national security goals is quite essential for the modernisation of the political thinking. Based on traditional politics, natural threats – such as natural disasters and accidents- have been on the frontline of the national security agenda of many countries. Thinking out of the block is essential for catching up with the new technologies and its challenges. By stimulating change, policymakers can attract new talent that will generate new ideas on how to modernise assessment procedures and deploy new methods of broadening our knowledge on the new technologies.

• On the global level

Nowadays, cyberspace overcomes the national borders, which urges all governments to work closely on a multi-level scale by exchanging intelligence.

The first step to counteract cybercrime is the establishment of a universally accepted term that will increase the response rate towards a cyberthreat. Of course, a shared language will also encourage a better adaptation towards the inflation of known or new threats via the implementation of risk- assessment processes that will overstep any bureaucratic impediments. This way, a collective Cyberthreat Intelligence would be able to get ‘a clear picture of the current landscape enabling them to prevent, deter, or, at the very least prepare for future adversarial operations’ (Stevens and O’Brien, 2019).

It’s worth adding here that the UK will be soon on the position of encountering this dilemma; from being a full member of the EU, having access into the EUROPOL systems and allowing the country to have access into a rapid exchange of information, the country will need to seek for future relationship status with the EU, in case that no deal emerges. Possibly, the close partnership between EU and UK cybersecurity will continue to exist, however, it will require hard work from both sides on the basis of aspiration and not legally binding relationship.

On a second note, the establishment of international institutions can encourage a system of justice that will ensure global stability among the main cyber powers. In most cases, the objective of large-scale attacks is mostly offensive than defensive; a low-intense conflict aiming to restrain another country through disruptions or information interception (Jensen et al, 2016; quoted in Valeriano and Maness, 2018: 264). For this exact reason, the formation of mutual agreements between the United States, China and Russia can create a common ground of cooperation and self-monitoring.

In China’s case, US cyber intelligence uncovered the compromise of the US computer networks from hackers associated with China on the ground of seeking information. The potential motive behind these attacks appears to be the uncovering of Trump’s trade policy plans in regard to the bilateral US-China trade deal, which is still under discussions.

Another example stems from Russia, where the model of outsourcing cyberattacks to organised hacker groups seems to be serving well the strategic goals of Russian state actors. By deploying external groups to carry out these activities, this model makes it more difficult for law enforcement and security companies to locate the source of the cyberattacks and link them with state-led actors. On both cases, whether these groups operate independently or in alignment with Russia, the truth is that the spread of malware succeeds in extracting valuable data from the affected computers, causing disruptions to vital parts of the society. In Ukraine’s case, the involvement of Russia’s military intelligence – known as GRU- in Ukraine via cyber operations has caused serious disruptions in the national infrastructure – namely affecting the transport system, banks and media outlets. However, the involvement of GRU is not limited only to this incident. The cyberattacks are conducted globally – even in Russia – costing millions of pounds for national economies while ignoring the framework of the international la (NCSC, 2018b). Another large-scale attack was the attempt to hit the international sporting institution WADA.

Therefore, the cooperation on a national, legal and economic level is quite essential for tackling such phenomena. The exchange of data regarding previous breaches can help other countries or firms become more readily on similar attacks, which of course requires the establishment of a mandatory data breach disclosure framework on a global level. Consequences can be disastrous for the societies as an attack undermines the international law and institutions, destabilise the democratic status in a country and economy with detrimental consequences. For instance, the cost of the malicious cyber activity in the US amounts between $57 to $109 billion in 2016, according to a White House report (Council of Economic Advisers, 2018).

Photo: Blogtrepreneur, Data Security Breach(2016). Source: (flickr.com) | (CC BY 2.0)

Footnotes

[1] Malicious software or malware:

Usually transmitted through removable media or emails as an attachment, the purpose is to compromise a system and cause disruptions. Other forms of malware are spyware – financially motivated – and phishing – aiming at accessing sensitive data.

[2] Ransomware:

Another classification of malware that encrypts files on a computer. Cybercriminals request payment in exchange for the private key that will give again access to the computer owner.

[3] Spam and phishing:

Unsolicited or fake emails disguised under the name of a reputable or trusted organisation with the only goal to obtain personal information.

[4] Distributed Denial of Service (DDoS):

One of the most difficult-to-trace attacks, DDoS is the flooding of digital platforms with traffic with one purpose; to overwhelm computer servers until they become unavailable. This technic can be used as a distraction to plant malware onto a computer. In most cases, state actors employ proxy actors to conduct operations.

[5] Corporate Account Takeover (CATO):

A business entity theft targeting online banking accounts while impersonating a legit organisation or business. This type of hackers uses malware – installed via email or websites – to gain access to a computer.

[6] ATM Cash out:

An ATM fraud executes large cash withdrawals simultaneously from one to several ATMs. By altering the ATM settings, the fraudsters are able to withdraw funds beyond the ATM’s cash limit or one’s account balance. In most cases, stolen cards are used for the withdrawals.

Bibliography

Baines V. and Lusthaus J. (2019) Inside the cyber mafia, Meeting transcript 2019, Royal Institute of International Affairs, Chatham House, London, Available at: https://chathamhouse.soutron.net/Portal/DownloadImageFile.ashx?objectId=2850 (Accessed 19^th November 2019)

Clemente D (2013) Cyber Security and Global Interdependence: What is Critical? Royal Institute of International Affairs, Chatham House, Available at: https://www.chathamhouse.org/sites/default/files/public/Research/International%20Security/0213pr_cyber.pdf (Accessed 17 November 2019)

Commonwealth of Massachusetts (2019) Know the types of cyber threats, Division of Banks, Available at: https://www.mass.gov/service-details/know-the-types-of-cyber-threats (Accessed 23^rd of November 2019)  

Council of Economic Advisers (2018) The Cost of Malicious Cyber Activity to the US Economy, Executive Office of the President of the United States, Available at: https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf (Accessed 24th November 2019)

National Cyber Security Centre (2018a) NCSC Common Cyber Attacks Infographic, Available at: https://www.ncsc.gov.uk/files/NCSC%20Cyber%20Attacks.pdf (Accessed 16^th November 2019)

National Cyber Security Centre (2018b) Reckless campaign of cyber attacks by Russian military intelligence service exposed, Available at: https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed (Accessed 20th November 2019)

National Cyber Security Centre (2018c) 10 Steps to Cyber Security, Guidance: Executive Summary, Available at: https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security?curPage=/collection/10-steps-to-cyber-security/introduction-to-cyber-security/executive-summary (Accessed 16th November 2019)

Segal A. (2019) Cyber Week in Review: November 15, 2019, Council on Foreign Relations, Available at: https://www.cfr.org/blog/cyber-week-review-november-15-2019 (Accessed 19th November 2019)

Stevens T. (2016) Cyber Security and the Politics of Time, Cambridge University Press, Cambridge: 11

Stevens T. (2018) Global Cybersecurity: New Directions in Theory and Methods, Politics and Governance, 6 (2): 1-4, Available at: https://www.kcl.ac.uk/sspp/research/cirrr/output-docs/global-cybersecurity-new-directions-in-theory-and-methods.pdf (Accessed 17^th November 2019)

Stevens T. and O’Brien K. (2019) Brexit and Cyber Security, The RUSI Journal, 164 (3): 22-30, Available at: https://www.tandfonline.com/loi/rusi20 (Accessed 24^th November 2019)

Sullivan J. (2018) Russian Cyber Operations: State-led Organised Crime, Royal United Services Institute (RUSI), Available at: https://rusi.org/commentary/russian-cyber-operations-state-led-organised-crime (Accessed 19^th November 2019)

Valeriano B. and Maness C. R. (2018) International relations theory and cybersecurity: Threats, conflicts and ethics in an emergent domain, The Oxford Handbook of International Political Theory, 20: 259-272, Available at: https://www.oxfordhandbooks.com/view/10.1093/oxfordhb/9780198746928.001.0001/oxfordhb-9780198746928-e-19 (Accessed 16th November 2019)