Experts in and out of government generally agree that it’s an act of cyber war when a nation-state (or a sponsored group) digitally attacks another nation-state’s infrastructure with the intent of damaging, disrupting, or destroying its operations and equipment, let alone inflict harm on its people.
In 2007, in what is considered the first known cyber war strike, Estonia suffered a widespread DDoS attack on its web, email, and DNS servers. Part of the Ukrainian power grid was taken down in 2015 and many NATO countries – including the US – have suffered cyber attacks in which their power grids have been infected, but not taken down. Yet.
Though in many ways an extension of traditional warfare, cyber warfare has some big differences. Cyber attacks can be launched without warning or buildup, from anywhere, and can strike widely and simultaneously. And cyber warfare imposes few barriers to entry, and relatively little risk.
“Engaging in cyber warfare doesn’t require as many people or skills, or as much capital, as building a world-class Air Force or Navy,” said Petros Efstathopoulos, Senior Technical Director at Symantec Research Labs. “And because you can more easily cover your tracks following a cyber attack than a ground force invasion, nation-states may think they won’t be targeted for an overt counterstrike. Which could embolden them to act.”
Some industries may appear as more likely targets, but you really never know what makes for an attractive, or soft, target. No web-connected entity anywhere in the world is immune. So, what can you do about it?
If you implement an integrated cyber defense that’s much better than the average security for your industry, there is a chance attackers will simply choose an easier target.
“So, one hopes, when the cyber attackers come, they aren’t coming after you,” says Efstathopoulos. “This of course requires excellent security hygiene—not merely compliance, but an embrace of cyber security best practices.”
From Symantec’s perspective, that means a complete integrated cyber defense providing advanced threat protection (containment, investigation, and remediation) and information protection (assets kept safe, in compliance, and available only to authorized users) on a platform that unifies cloud and on-premises security.
That’s the ideal. But small or budget-strapped companies can start with whatever they can afford and proceed incrementally—say, by implementing endpoint security while leaving their legacy systems in place. Obviously, Symantec customers using our integrated endpoint, network, mail, and cloud security are off to an even better start.
In cyber war, however, organizations need to look beyond their own protection.
Strengthening Mutual Defense
Virtually every company is a link in a chain, part of a really complex, fragile ecosystem. And no matter how tightly you lock down your organization, it’s subject to multiple dependencies.
Some dependencies are obvious, such as a power grid kept humming by the coordination between separate power generation, transmission, and distribution companies. But many dependencies are hidden, like the little-known DNS service provider whose outage in 2016 took dozens of other services offline—from Amazon, Box, and CNN to Wired, Xbox, Yelp, and Zillow.
“Yes, you want to armor up,” said Efstathopoulos. “But it’s also in your best interest to collaborate with the rest of your ecosystem. You want everyone you’re depending on—physically and digitally—to take their cyber security seriously.”
The most common model for putting this into practice: Information Sharing Analysis Centers (ISACs).
Not familiar with ISACs? They’re (typically nonprofit) organizations created by ‘critical infrastructure’ owners and operators to collect and analyze threat information, and to share actionable information and best practices about physical and cyber threats and mitigation with their industry members. Per the National Council of ISACs’ website, most ISACs have 24/7 threat warning and incident reporting capabilities and “many ISACs have a track record of responding to and sharing actionable and relevant information more quickly than government partners.”
There are ISACs for most slices of infrastructure including Automotive, Aviation, Communications, Defense, Energy, Financial Services, Healthcare, and IT. Although all ISACs have similar missions, no two are exactly alike. Most are virtual organizations. Many meet quarterly. All exchange lots of information.
Another Way of 'Working Together'
Whether or not you belong to an ISAC, there’s another way you can benefit from the collection and analysis of threat intelligence.
The Symantec Global Intelligence Network (GIN) is the world’s largest civilian intelligence network, applying artificial intelligence to nine trillion lines of telemetry drawn from 175 million endpoints in thousands of companies. Symantec also employs 1,000-plus cyber warriors to add expert human insights every step of the way.
What does this mean to your security?
Because the GIN powers all Symantec products, it gives all Symantec customers unparalleled protection. In other words, every time the Symantec GIN detects and helps prevent or mitigate a cyber attack of any kind, every Symantec product puts that intelligence to work. So every Symantec customer comes out ahead, both immediately and when facing future threats.
“Our GIN lets us predict, detect, identify, and defend against threats, which then benefits even our smallest customers, no matter where they are,” says Efstathopoulos. “It’s as if all our customers are banded together for their common defense.”
Even if your organization employs an integrated cyber defense platform and security best practices, and even if your organization is a model of collaboration, you might still find yourself in a nation-state’s digital crosshairs. In that scenario, you have to recognize that your organization cannot long withstand a sustained cyber war campaign by a nation-state. No commercial company can.
“If you think you are up against such an attacker, you can’t win by standing alone,” said Efstathopoulos. “Companies can't sanction foreign countries. Or arrest people. Or threaten military retaliation. Only governments can do that.”
So make sure your cyber security partner knows when, where, and how to involve which government agencies—both to maximize the effectiveness of your security response, and to minimize the disruption to your business.
Checklist: Rules of the Road
No matter your size, choose your security partner very carefully. Cyber war is real, ongoing, and dangerous - and you certainly don’t want to be a casualty.
If you're up against something way bigger than you, try and find a partner who is also way bigger than you. If your core business isn’t cyber security, make sure your partner’s is. Choose a partner that has been protecting companies on the cyber war battle lines for years.
Remember you're in an ecosystem, dependent on suppliers and partners, both physical and digital. There are many ways cyber warfare can harm you without your being attacked directly.
And get involved in your industry’s ISAC, or find other ways to collaborate. Symantec is here to educate, collaborate, and protect.