A New Cold War – with Many Sides

August 28, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

A New Cold War – with Many Sides  There’s a lot we still don’t know about the FBI’s investigation of the data theft at JP Morgan Chase & Co. Criminal hackers based in Russia were targeting U.S. financial institutions long before Russia annexed Crimea or the West responded with sanctions. Is this truly a state-level act? Is it more than a coincidence that the attacks on our financial institutions follow a series of relatively effective sanctions against Russian financial interests? Or is it just another money-making venture by a Russian hacker network?

At some level, the truth is that it doesn’t matter. We have been in a low-grade cyber war for several years. On the U.S. side, Edward Snowden has disclosed just how extensive the country’s offensive cyber war capabilities are. In some cases, he even revealed actual U.S. infiltration of critical systems.

To date, only the Stuxnet attack on Iranian nuclear sites can be confirmed as an offensive cyberattack.  Other infiltrations and probing has not yet been confirmed as active cyber warfare. We can be sure, however, that the U.S. owns systems in foreign countries that can be used to launch local offensive cyber weapons.

In the case of the Russians, there is clear evidence that the government and criminal organizations blur. It would also be naive to think that the Russians have not also developed substantial offensive cyber capabilities.

When nation states get into the cyber-attack business, we have to look at things through an intelligence filter.  The Russians certainly would use criminals to execute attacks on their behalf, but at this time we don’t know if they have.

The take away is that all operators of critical infrastructure should dust off their cyber risk management plans and take a fresh look at their assessments. Are your protections and abilities commensurate with an environment of potentially escalating nation state involvement in attacks? Or are you “just good enough” for the relatively unsophisticated threats of a few years before?

We are in a period of a new Cold War. All bankers, retailers, healthcare organizations, insurers and critical infrastructure operators should already be on notice. Our adversaries are advanced, dangerous, and coming after you. If we do not engage in cyber risk management at the level justified by known global capabilities, we are only fooling ourselves. When evaluating their own businesses, executives need to begin by assuming the worst. Get a truly independent assessment now and act.

Rick Dakin

Author

Rick Dakin — CEO, Co-founder and Chief Security Strategist

Recent Posts

Post Topics

Archives

Tags

2.0 3.0 access Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff cloud CoalfireOne Compliance credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS
Top