Why cyber security represents a new cold war

By on
Why cyber security represents a new cold war

Comment: Cyber espionage is a real and present danger for every form of organisation.

The nuclear standoff of the 60s may be behind us, but a new cold war, or rather code war, has started to grip the globe.

Only recently, British Foreign Secretary William Hague said there has been an alarming rise in attacks by criminals on businesses, individuals and states, states on states, and terrorists on states and organisations.

Hague has spoken openly about the rapidly multiplying set of challenges that the Government and other institutions face in cyberspace.

In short, Britain is under attack and the reason is simple: people want to get their hands on our ideas.

Just like during the Cold War, the Code War is being fought by spies, or at least their modern equivalents. Espionage is the driving force in this very modern conflict, and information is the desired target.

These criminal elements in cyberspace have a clear goal – to access and steal IP, whether this is a defence blueprint or a new technical development in the civil sphere. Others seek to disrupt and destroy defence capabilities.

Using new and variant forms of malware that are increasingly subtle, network espionage is moving to another level, where advanced persistent threats can burrow into an organisation, lie hidden and extract data over a lengthy period of time; and the production of malware variants runs into the thousands each month.

The targets are financial institutions, corporations and state organisations, and these threaten to undermine commercial advantages, costing companies, economies and indeed nations billions in lost business.

Take the Night Dragon attacks, which began in late 2009 and lifted corporate secrets from Western energy companies before they bid against the Chinese on major oil deposits. The result: billions of dollars worth of business lost over the next few years.

This is no longer a matter of a few asocial characters or small, self-referring groups seeking status and notoriety in their hacker communities.

The ever-increasing number of security breaches hitting the headlines and compromising companies and countries are the work of organised and sophisticated gangs of criminals who have brought in the brightest and best-trained minds to wage war on businesses and governments.

From the proceeds of cyber crime, these organisations are building the next generation of malware, creating a persistent cycle of cyber attack that's already primed to circumvent the next generation of security measures being put in place.

If reports are to be believed, these organisations aren't acting alone. Many experts believe that hackers benefit from state sponsorship whether indirectly, or directly; a rash of dedicated military and intelligence cyber warfare units have been set up by some 100 countries.

A good example of this is the Stuxnet virus and its sister program, Duqu, which invaded computers in 2010. Researchers concluded that the attack, which predominantly affected systems within Iran, could only have been conducted with nation-state support.

This year, the number of cyber attacks on businesses and government is predicted to grow even more rapidly than in 2011, when security specialists identified a record number of malware variants being released every month.

Cyber crime is estimated to cost the global economy $1 trillion a year, almost 1.75 percent of global GDP, according to Misha Glenny, author and cyber crime expert. It's a staggering figure, but it is ideas, not money, that the Code War is being waged over.

Unlike physical assets, IP is not locked up in a safe protected by bricks and mortar. Instead, research and development worth billions exist on hard drives and IT networks that are increasingly susceptible to cyber attack. As we all know, IP is the lifeblood of any economy, and it seems that the bottom line has become the front line for this particular brand of cyber warfare.

What's the endgame? There is no endgame to the current Code War. This is a continuous and very serious chess game. As one power or organisation launches a new cyber attack, the targets respond and revise their defences.

The UK is at the forefront of the battle in cyberspace, and the solution that the Government and other forward-thinking organisations are rapidly moving towards is based on trusted computing frameworks. Indeed, the UK and the US fully support the adoption of these standards at every level.

Joseph Souren is EMEA general manager of Wave Systems

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?