Category Archives: Nation State

2019 Verizon Data Breach Investigations Report (DBIR) Key Takeaways

The 2019 Verizon Data Breach Investigations Report (DBIR) was released today, and I was lucky enough to be handed a hot off the press physical copy while at the Global Cyber Alliance Cyber Trends 2019 event at Mansion House, London. For me, the DBIR provides the most insightful view on the evolving threat landscape, and is the most valuable annual “state of the nation” report in the security industry.

Global Cyber Alliance Cyber Trends 2019

The DBIR has evolved since its initial release in 2008, when it was payment card data breach and Verizon breach investigations data focused. This year’s DBIR involved the analysis of 41,686 security incidents from 66 global data sources in addition to Verizon. The analysed findings are expertly presented over 77 pages, using simple charts supported by ‘plain English’ astute explanations, reason why then, the DBIR is one of the most quoted reports in presentations and within industry sales collateral.

DBIR 2019 Key Takeaways
      • Financial gain remains the most common motivate behind data breaches (71%)
      • 43% of breaches occurred at small businesses
      • A third (32%) of breaches involved phishing
      • The nation-state threat is increasing, with 23% of breaches by nation-state actors
      • More than half (56%) of data breaches took months or longer to discover
      • Ransomware remains a major threat, and is the second most common type of malware reported
      • Business executives are increasingly targeted with social engineering, attacks such as phishing\BEC
      • Crypto-mining malware accounts for less than 5% of data breaches, despite the publicity it didn’t make the top ten malware listed in the report
      • Espionage is a key motivation behind a quarter of data breaches
      • 60 million records breached due to misconfigured cloud service buckets
      • Continued reduction in payment card point of sale breaches
      • The hacktivist threat remains low, the increase of hacktivist attacks report in DBIR 2012 report appears to be a one-off spike

Cyber Security Roundup for March 2019

The potential threat posed by Huawei to the UK national infrastructure continues to be played out. GCHQ called for a ban on Huawei technology within UK critical networks, such as 5G networks, while Three said a Huawei ban would delay the UK 5G rollout, and the EU ignored the US calls to ban Huawei in 5G rollouts, while promoting the EU Cybersecurity certification scheme to counter the Chinese IT threat, which is all rather confusing.  Meanwhile, Microsoft Researchers found an NSA-style Backdoor in Huawei Laptops, which was reported to Huawei by Microsoft, leading to the flaw being patched in January 2019.
A serious security flaw placed Royal Bank of Scotland (RBS) customers at risk. The vulnerability was discovered by PenTest Partners in the bank provided 'Heimdal Thor', security software, which was meant to protect NatWest customers from cyber-attacks but actually permitted remote injection commands at the customer's endpoint. PenTest Partners said "We were able to gain access to a victim's computer very easily. Attackers could have had complete control of that person's emails, internet history and bank details. To do this we had to intercept the user's internet traffic but that is quite simple to do when you consider the unsecured public wi-fi out there, and it's often all too easy to compromise home wi-fi setups.
 
Facebook made negative security headlines yet against after they disclosed that 20,000 of their employees had access to hundreds of millions of their user account passwords for years.

One of the world’s biggest aluminium producers, 
Norsk Hydrosuffered production outages after a ransomware outbreak impacted its European and US operations.  Damages from ransomware attack on Norsk Hydro reach as high as $40M.

Citrix disclosed a security breach of its internal network may have compromised 6Tb of sensitive data. The FBI had told Citrix that international cyber criminals had likely gained access to its internal network. Citrix said in a statement it had taken action to contain the breach, “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI”.  According to security firm Resecurity, the attacks were perpetrated by Iranian-linked group known as IRIDIUM.

Credit monitoring Equifax admitted in a report it didn't follow its own patching schedule, neglecting to patch Apache Struts which led to a major 2017 breach which impacted 145 million people.  The report also said Equifax delayed alerting their customers for 6 weeks after detecting the breach.

ASUS computers had backdoors added through its software update system, in an attack coined “ShadowHammer”. Kaspersky researchers estimated malware was distributed to nearly a million people, although the cybercriminals appeared to have only targeted 600 specific devices. Asus patched the vulnerability but questions still remain.


The top 10 biggest breaches of 2018 according to 4iQ were:
  1. Anti-Public Combo Collections – (Hacked) Sanixer Collection #1-6, 1.8 billion unique email addresses.
  2. Aadhaar, India – (Open third party device) 1.1 billion people affected
  3. Marriott Starwood Hotels – (Hacked) 500 million guests PII
  4. Exactis – (Open device) 340 million people and businesses.
  5. HuaZhu Group – (Accidental Exposure) 240 million records
  6. Apollo – (Open device) 150 million app users.
  7. Quora – (Hacked) 100 million users.
  8. Google+ – (API Glitch) 52.2 million users.
  9. Chegg – (Hacked) 40 million accounts 
  10. Cathay Pacific Airways (Targeted attack) 9.4 million passengers.
Barracuda Networks reported the top 12 phishing email subject lines, after they analysed 360,000 phishing emails over a three-month period.
BLOG
NEWS

Is Huawei a Threat to UK National Security?

On 19th July 2018 the UK government, through the GCHQ backed Huawei Cyber Security Evaluation Centre, gave “limited assurance” that Huawei poses no threat to UK National Security. Since then the UK, EU, and NATO member government politicians and security services have all raised concerns about the nation-state cyber threat posed by the Chinese telecoms giant Huawei. 

There has been particular political unease around the Huawei provision of network infrastructure devices (i.e. switches and routers etc.) within the UK national infrastructure, devices which controls network traffic and capable of accessing the data that traverses them. Huawei has been operating in the UK market for 18 years, whether its their smart phones or a network devices, Huawei products are generally far cheaper than their competitors' equivalents. This has led to major telecoms providers such as BT, purchasing and implementing Huawei network devices within their telecommunications infrastructure and data centres, some of which are regarded as critical components within the UK national infrastructure. As such, Huawei has been subject to unfavourable security scrutiny, which has recently spilt out into political and media arenas. 


Huawei has always denied its products poses a threat, and there is no evidence of any malicious capability or activity publicly disclosure by any UK intelligence agencies or cyber security firms. But there is also the Chinese 2017 National Intelligence Law, which states that Chinese organisations are obliged to "support, cooperate with, and collaborate in, national intelligence work".

Three nations in the intelligence alliance ‘Five Eyes’, the United States, Australia, and New Zealand, have effectively prohibited the installation of Huawei equipment within their generation telecommunications equipment, namely 5G networks. The remaining two members of "Five Eyes", the United Kingdom and Canada, are expected to state their position within the coming months. The UK's National Cyber Security Centre has published warnings about the Chinese company's security standards. Elsewhere, nations including France, Germany and India have expressed their concerns about the use of Huawei equipment within their telecommunications 5G upgrades.


On 4th February, a leaked draft 'Huawei Cyber Security Evaluation Centre' 2019 report, said the issues and findings it had raised previously had not been fully addressed by Huawei, and was critical about the security of Huawei's technology.

Then on 6th February 2019,  a letter sent to MPs by Huawei was published. In it Huawei said it could take up to five years to address security issues raised by the Huawei Cyber Security Evaluation Centre, at a cost of $2bn (£1.5bn) of their own money. The president of Huawei's carrier business group also said the process of adapting its software and engineering processes to meet the UK's requirements was "like replacing components on a high-speed train in motion".

Huawei also made the following points in the letter to rebut the threat allegations,  "Huawei is a closely watched company.  Were Huawei ever to engage in malicious behaviour, it would not go unnoticed - and it would certainly destroy our business. For us, it is a matter of security or nothing; there is no third option. We choose to ensure security." The letter also addressed the Chinese 2017 National Intelligence Law, stating "no Chinese law obliges any company to install backdoors", a position they have backed up by an international law firm based in London. The letter went on to say that Huawei would refuse requests by the Chinese government to plant backdoors, eavesdropping or spyware on its telecommunications equipment.

The ball is now in the UK government's court, in the next couple of months we shall see if the UK Gov bans Huawei or continues to work with them to help assure the implied national security threat of their products. A ban could well result in Huawei pulling out of the UK market altogether, taking their billions of pounds of investment with them, and would likely negatively impact post Brexit trade deal negotiations between the UK and China, so we can expect the situation to become even more political in the short term.

Huawei Threat News Timeline
Who are Huawei?
  • Chinese multinational conglomerate which specialises in telecommunications equipment, consumer electronics and technology-based services and products.
  • HQ in Shenzhen, Guangdong
  • Founded in 1987 by Ren Zhengfei, a former engineer in the People's Liberation Army
  • Largest telecommunications-equipment manufacturer in the world
  • Overtook from Apple in 2018 as the second-largest manufacturer of smartphones in the world
  • 72nd on the Fortune Global 500 list
  • 180,000 employees
  • Chinese military remain an important customer for Huawei
  • Invests Billions into R&D around world
  • 3 Billions Customers Globally
  • Operating within the UK for 18 years
  • Made a five year commitment (2018 to 2023) to invest £3 billion in the UK.
  • Allegations its equipment may contain backdoors to allow unauthorised surveillance and/or data theft by the Chinese government and the People’s Liberation Army
The 5G Evolution
5G is expected emerge in the UK in late 2019 and early 2020, and will be much faster than 4G. The theoretical maximum speed for 4G is 1Gbps, while the theoretical maximum speed for 5G is 20Gbps, so 5G is potentially up to 20 times faster than 4G. Potentially faster than the UK average broadband speed, which stands at 18.57Gbps.

Mobile networks are changing with the arrival of 5G and the impact of this change will be felt across the industry. Adrian Taylor, regional VP of sales for A10 Networks, provides the follow insight about the impact of 5G on the market and how it will change the enterprise world.

5G and the Evolution of Mobile Networks
Fifth generation networks, just like the preceding 4G LTE and WiMAX networks, are expected to greatly increase available bandwidth, with improved end-to-end performance providing a better end-user experience. In the most basic of terms, 4G LTE was the long-term evolution of Radio Access Networks (RAN); 5G is the next iteration.

Wireless carriers have invested billions into their networks to support the ongoing demand for faster network speeds. They must look for ways to increase revenue while delivering more value to the end user. This continues to drive new devices into the hands of the consumer. The demand for increased efficiencies, bandwidth, and coverage has pushed carriers towards a decentralised deployment model.

Network Virtualisation Remains in The Early Stages
Service providers monitor and review technology for advancements that will help deliver faster and less expensive networks. Recently, they have looked into areas of Network Function Virtualisation (NFV) and automation to support their advancements. Mobile network operators are investing heavily in reducing delays and errors through repetitive processes as they build and add capacity to existing 4G networks.

Virtualisation and Software Defined Networks (SDN) improvements are driving a shift from hardware to software. SDN is promising, but it’s not an instant solution, as purpose-built hardware still remains the preferred choice. NFV and SDN have offered service providers an alternative to existing methods, including dedicated appliances sitting idle. However, it’s safe to say that the age of virtualisation remains in the early stages.


Hardware manufacturers and service providers are now betting on the acceptance and success of virtualised functions. Software development continues at breakneck speed to meet timelines and demands for more integrated solutions, which easily scale and reduce operational overheads at the same time.

The 5G Revenue Opportunity
5G’s impact is expected to extend beyond the typical mobile network carriers/operators such as Virgin Media, EE, O2, and Sky in the UK and overseas. It promises to enable increased connectivity and flexibility, that will drive additional functions throughout all supportive components of a mobile carrier’s network.

RAN access providers face the question of how to support the ever-increasing appetite for cutting the cord. How can we use our mobile devices in more ways than previously thought, as the end user goes about their daily tasks? This mobility, whether it’s tied to a carrier’s technology or even a simple Wi-Fi home network, reaches all corners of our day-to-day life.

This reach extends from the cloud to the data centre environments and continues to drive capacity needs, supported by both legacy appliances and the ever-increasing virtual environments. This continued appetite for consumption has opened up opportunities for all facets of technology and associated vendors.

5G Mobile Network Evolution
The continued expansion of 5G networks will have a revolutionary impact upon every mobile subscriber and business in the world.

The fundamental market forces of network evolution are not based on wired or wireless infrastructure. Companies are currently focused on upgrading existing mobile networks. Whereas at the exact same time, NFV, SDN and the global IoT industry are all preparing to utilise the next generation of mobile networks.

Software solutions are easier to move from concept to production and frequently offer a lower up-front investment cost. This all adds up to help drive increased functionality for all service providers, including the wired infrastructure.

5G and IoT will be demand-driven. As a result, the more the infrastructure expands to meet that demand, the more opportunities will be uncovered. It’s a positive feedback loop that will revolutionise how we think of the internet.

Get ready for a world that will be changed forever with the next generation mobile networks on the horizon.

      NATO’s Cyber Operations Center – Will Russia Feel Threatened?

      According to recent reporting, the North Atlantic Treaty Organization (NATO) announced that its Cyber Operations Center (COC) is expected to be fully staffed and functional by 2023.  The new COC marks NATO’s understanding of the importance that cyberspace plays in conflict, particularly in times of political tensions that has resulted in cyber malfeasance that has targeted elections and critical infrastructure.  The establishment of the COC is a natural evolution in how to address cyber attacks in a more timely manner by integrating cyber actions with more conventional military capabilities.  In early 2014, after notable cyber incidents were a part of international incidents that occurred in Estonia in 2007 and Georgia in 2008, the Alliance updated its cyber defense policy to classify digital attacks as the equivalent of kinetic attacks under its collective security arrangement under Article 5 of the treaty.

      In those particular instances, Russia was suspected in orchestrating or at least tacitly supporting the cyber attacks that afflicted both states.  Since then, Russia’s alleged cyber activities have only become more brazen in their scale and aggressiveness.  From suspected involvement in launching cyber attacks against Ukrainian critical infrastructure to launching a variety of cyber operations to meddle in the elections of foreign governments, Russia has taken advantage of the uncertainty of cyberspace where there is little consensus on key issues such as Internet governance, cyber norms of state behavior, or the criteria by which cyber attacks escalate to a point of war.

      NATO has always provided a strong military counterpoint to Russian influence in the European region and projecting a credible threat in cyberspace is an important complement to NATO capabilities.   However, previously, NATO didn’t have any of its own cyber weapons, a significant problem given Russia’s perceived position of a near-peer level adversary of the United States.  With the establishment of the cyber command, the United States, United Kingdom, and Estonia have offered the Alliance their cyber capabilities.  As described in one news article, the alliance hopes to integrate individual nations’ cyber capabilities into alliance operations, coordinated through the COC and under the command of NATO’s top general. With this in hand, it will be interesting to see if this will serve as the deterrent it’s intended to be and how Russia may adjust their cyber activities, particularly against NATO member countries.

      However, there is still the lingering problem the Alliance faces with regards to the rules of engagement.  Classifying cyber attacks under Article 5 is a start but doesn’t help provide a path forward to how NATO can and should engage and respond to cyber attacks.  While this provides NATO a certain flexibility in addressing cyber attacks allowing the Alliance to take each on a case-by-case basis in determining the extent of its response, it does not provide adversarial states an idea of tolerated and intolerable cyber activities.  This shortcoming serves only to provide states like Russia enough wiggle-room to continue their offensive cyber operations as long as they don’t cross an undefined threshold.  It’s long been hypothesized that attacks crippling critical infrastructures would meet that threshold, but as seen in Ukraine, this bar keeps being pushed a little farther each time.

      The COC is a much-needed instrument in NATO’s overall toolbox, strengthening the capacity of the Alliance to deter, and where appropriate, retaliate against cyber attacks.  That said, the longer there are no clear lines of what will and will not be deemed acceptable in cyber space will keep the status quo pretty much in place.  Once fully operational, the first test of the COC will be how the it will respond and in what proportion to an attack against a member state.  And it’s at this time all eyes will turn to Russia to see how it will react and alter how and where it conducts its operations.

      This is a guest post by Emilio Iasiello

      The post NATO’s Cyber Operations Center – Will Russia Feel Threatened? appeared first on CyberDB.

      National Cryptocurrencies – A Viable State Alternative to the Established Norm?

      Cryptocurrency appears to be gaining traction among governments seeking to establish their own digital currencies, despite questions regarding the potential volatility associated with it.  Currently, the countries that have already created digital currencies include China, Ecuador, Senegal, Singapore, and Tunisia, with Estonia, Japan, Palestine, Russia, and Sweden potentially following suit.  Even a small country like the Marshall Islands has announced its intent to create its own digital currency in order to boost its economy, and will be on part with the U.S. dollar as a form of payment.  What seemed like a novel thought exercise as to whether cryptocurrency could be a legitimate alternative to the established norm appears to be an option that governments are more closely considering.  In fact, some have speculated that further adoption of the country-specific cryptocurrencies could have serious implications for the established international monetary system.

      Whether that transpires remains another intellectual exercise in the possibilities of what “could-be” one thing is clear – states on the receiving end of stringent economic sanctions are turning to cryptocurrency as a way to assuage these penalties.  One of these countries is Iran, who is reported to be very interested in creating a digital currency, a major shift from its initial stance on banning banks from dealing in cryptocurrency .  According to one news source, the Secretary of Iran’s Supreme Council of Cyberspace envisaged the use of cryptocurrencies to “smoothen trade” between Iran and its partners in the wake of renewed U.S-imposed sanctions.  The same individual revealed that a state-backed cryptocurrency was accepted as an industry in the government and related organizations such as the Ministry of Communications and Information Technology, the Central Bank, the Ministry of Energy, the Ministry of Industry, Mining, and Trade, and the Ministry of Economic Affairs and Finance.

      Iran is not alone in this endeavor.  Cryptocurrencies have been leveraged by some countries in order to evade sanctions imposed on them by some in the global community as such transactions may transpire without oversight or tracking.  Venezuela has been a leader in creating a government-supported cryptocurrency to accomplish this objective.  In December 2017, Venezuela created the “the Petro” – a cryptocurrency intended to supplement Venezuela’s bolivar fuerte currency and help overcome U.S. sanctions.  Another example is North Korea.  Although it has not yet created its own cryptocurrency, the North Korean regime has been accused of plundering cryptocurrency exchanges in order to steal vast sums of money to take the sting off of the sanctions that it faces.

      The question remains – how successful are cryptocurrencies in achieving the goals of sanction-relief for penalized governments?  To be fair, the success or failure will largely be tied to a government’s solvency and stability and its ability to effectively be used as a positive instrument.  In the case of Venezuela, all indications point to a failure.  According to recent news reporting, the oil reserve-backed cryptocurrency is hardly used with the government showing no indication of tapping into its oil reserves as it had initially promised.  To date, the Petro wasn’t found on any major cryptocurrency exchanges and wasn’t accepted by retailers, according to the same source.  In this case, the government’s lack of follow-through on its plans has called some to question if the creation of the Petro was nothing more than a stunt or a scam.

      Conversely, the announcement of a possible Iranian cryptocurrency has been met with more optimism.  The Iranian government’s announcement that it was going to legalize cryptocurrency mining led to favorable response, pushing the price of Bitcoin to more than $26,000 on a local exchange.  What separates Venezuela’s reality from Iran’s largely rests in the governments themselves and how they go about planning and executing cryptocurrency.  According to one Venezuelan businessman involved in cryptocurrency purchase, as of late August 2018, there was no evidence of the Petro in circulation, its smart contracts, rules of the token, or its blockchain.  Such developments nine months after its supposed launch is disappointing to say the least.  If Iran wants to embrace a national cryptocurrency it will have to ensure it doesn’t follow Venezuela’s footsteps.

      As more states – in addition to the rogue governments already mentioned – explore the possibilities of adopting cryptocurrencies, there is much speculation as to how it will affect the international monetary system currently in place.  The current system relies on a slew of internationally agreed-upon rules, norms and institutions that let countries trade and invest in each other.  Cryptocurrencies, on the other hand, rely on decentralized control typically using blockchains that serve as a public financial transaction database.  The immediate concern is that if enough countries set up their own digital currencies, they could operate outside the existing framework of global central banks.  Some including the head of the International Monetary Fund believe cryptocurrencies will indeed replace banks and existing financial systems by eliminating the necessity for intermediaries and third party service providers in the future.  Other experts believe cryptocurrencies are going to displace roughly 25% of national currencies by 2030.

      That said, cryptocurrency is susceptible to volatility and risk, and the scalability of mining cryptocurrency doesn’t seem feasible, at least for the present.  However, these challenges can and likely will be addressed over time.  For rogue states seeking sanction relief, cryptocurrency has yet to prove its ability to deliver.  And that maybe the first litmus test for other nation states – seeing if this hot new commodity is the viable alternative so many believe it is.  Venezuela’s experiment has all but ended.  Iran is next up on the block.

       

      This is a guest post by Emilio Iasiello

      The post National Cryptocurrencies – A Viable State Alternative to the Established Norm? appeared first on CyberDB.

      The New Cyber Strategy Frees Up U.S. Cyber Muscle. How Will It Be Flexed?

      The White House has recently published its new National Cyber Strategy, rescinding an Obama-era memorandum Presidential Policy Directive-20 (PPD-20) that laid forth the process by which the United States would undertake cyber attacks against cyber foes, to include foreign state actors.  The Strategy consists of four primary pillars designed to guide how the United States will undergo defensive, and perhaps more importantly, offensive actions in order to preserve its interests in cyberspace.  Per the Strategy, the four pillars are:

      • Protect the American People, the Homeland, and the American Way of Life. The themes in the first pillar focus on key aspects of U.S. homeland security to include critical infrastructure protection, securing federal networks, supply chain management, third party contractors, and improving incident reporting to mitigate the threat of cyber crime.
      • Promote American Prosperity. This pillar focuses on technology that supports the digital infrastructure.  The themes of innovation, protecting intellectual property, designing and implementing next generation infrastructure, and developing and sustaining workforce capability to support the talent pipeline.
      • Preserve Peace through Strength. The third pillar focuses on responsible state behavior in cyberspace and implementing deterrent strategies to influence state behavior. Such activities include building a credible deterrence strategy, imposing consequences to hostile actors, and countering influence operations.
      • Advance American Influence. The fourth pillar addresses collaborating with other governments in order to make the Internet safer and more reliable.  Focus in on a multi-stakeholder approach involving government and private sector to come to consensus on topics such as Internet freedom and Internet governance.

      The Strategy follows in line with the President’s May 2018 Executive Order that called for government agency cybersecurity audits designed to identify “areas of improvement, or areas where specific legislation would be needed.”  The EO primarily focused on defensive aspects of the larger cyber umbrella, focusing on federal agencies need to adopt the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity, largely considered the gold standard for security guidelines.  The Government Accountability Office (GAO) has frequently given poor marks for cyber security to U.S. government agencies, and as observed in the recent U.S. State Department breach, challenges persist in improving agency cyber security postures.

      Nevertheless, the part of the Strategy that has garnered attention – and correctly so – is the language that clearly removes the tethers that has traditionally restrained the United States from engaging in offensive cyber actions.  Where PPD-20 appeared to be hindered by interagency wrangling, the new Strategy makes it clear that the United States is unburdening itself from such bureaucratic wrangling positioning itself to launch counter attacks quickly and resolutely.  This shift in U.S. cyber policy comes at a time when Russian suspected involvement in the 2016 U.S. elections failed to elicit a “forceful response” either by the then-Obama or the current Trump Administrations, a frequent criticism levied by politicians.

      There have been several iterations of a national cyber security strategy over the last decade.  The Clinton Administration had its National Plan for Information Systems, the Bush Administration had its National Strategy to Secure Cyberspace, and the Obama Administration had its Cybersecurity National Action Plan.  While there have been consistent themes in these strategies (e.g., an open and free Internet, the focus on critical infrastructure protection), the latest Strategy shows a more progressive evolution of thinking on how the cyber landscape has changed and how the United States needs to adapt to it.  Noticeably absent in the title is “security”; it is only the National Cyber Strategy, which accurately conveys the fact that “security” cannot be addressed independently without addressing how offensive actions can play a supporting role.  This is not to condemn or criticize past administrations’ strategies; cyber conflict has been evolutionary, and as such, requires each subsequent administration to review the prior one to ensure that it meets the needs and conditions of its environment.

      And indeed, as cyber attacks have grown more prolific and increasingly severe, trying to figure out how to use counter attacks as punishment, retaliation, deterrence, or a combination thereof, is critical for governments.  Acknowledging that cyber threats are more than just disruptive/destructive attacks, but can leverage social media platforms, as well as regular and fabricated media outlets to spread propaganda, misinformation, and disinformation to influence targets, must be considered when determining a cyber retaliatory course of action.  Adversaries have typically not suffered any official punitive cyber response from the United States, which may serve to encourage follow on activities such as cyber spying, intellectual property theft, or undue influence operations.  The Strategy clearly articulates its intention to use all of its domestic and collaborative resources with like-minded states to immediately mitigate the threat.  There is no gray area open for misinterpretation.

      Unquestionably, the ability for agile actions is necessary in a domain in which attacks happen instantaneously, and in which attribution can be murky at best.  Depending on the intent for conducting a punishing cyber retaliation, the ability to respond quickly to demonstrate that cyber hostility is not tolerated is critical.  However, one big caveat is that prior to launching a counter attack, is to ensure that striking back is done in an appropriate, proportional manner.  There is little doubt that the U.S. possesses the means and resources to conduct such counter strikes.  The biggest challenge for U.S. cyber retaliation – guaranteeing that the target is viable and not hiding behind some civilian façade or operating out of a third country.  The more the U.S. counters these activities, the more adversaries will invariably learn and adjust their operations accordingly, thereby balancing the scales again.  And all eyes will be on the U.S. once more seeing how it will react.

       

      This is a guest blog post by Emilio Iasiello

      The post The New Cyber Strategy Frees Up U.S. Cyber Muscle. How Will It Be Flexed? appeared first on CyberDB.