War is described as a ‘state of armed conflict between states, governments, societies and informal paramilitary groups, such as mercenaries, insurgents and militias. It is generally characterised by extreme violence, aggression, destruction and mortality, using regular or irregular military forces.’
But, in the internet age, this description no longer applies. Or, at the very least, is outdated.
The cyber war has begun, and unlike other conflicts, it is being fought online (albeit with very real physical implications), with no clear enemy; and seemingly, a random selection of targets — any system vulnerable enough. Of course, there are nation state hackers who — under unofficial orders — target political enemies, for a variety of political and economic reasons.
However, what makes the cyber war so daunting is the anonymity. Who are these hackers? They can operate in their bedrooms just as efficiently as a General can operate in his or her command centre.
The advancement of ‘AI’ in cyber security is also food for thought, with both attackers and defenders adding the technology to their arsenals
Every day there is a new headline of a hack. Arguably, the least disruptive is when a person’s personal details are stolen — yes, this is inconvenient for the individual. But, in the face of critical infrastructure being crippled, elections being rigged or health services being brought to their knees, the cyber war has the serious potential to impact the collective; in our homes and streets.
Cyberwarfare: the danger and potential answers
We’re at cyber war
According to 87% of 517 IT security professionals who attended the RSA Conference 2019, the world is currently in the middle of a cyber war.
“It’s clear that security professionals feel under siege,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “With the increasing sophistication and frequency of cyber attacks targeting businesses, everyone is involved in cyber war.”
Time to fight fire with fire?
According to the survey:
• 72% believe nation-states should have the right to “hack back” by targeting cybercriminals who level attacks on their infrastructure.
• 58% believe private organisations have the right to “hack back.”
Currently, the Computer Fraud and Abuse Act prohibits many retaliatory cyber defence methods, including accessing an attackers computer without authorisation.
The US’s Active Cyber Defence Certainty (ACDC) Act addresses active cyber security defence methods and was introduced to the US House of Representatives in October 2018. The ACDC Act proposes “to provide a defence to prosecution for fraud and related activity in connection with computers for persons defending against unauthorised intrusions into their computers.”
10 cyber security trends to look out for in 2019
“Today, private companies do not have a legal right to actively defend themselves against cyber attacks,” continues Bocek.
“Even if this type of action were to become legal, most organisations are too optimistic about their abilities to target the correct intruder. Even with the most sophisticated security technology, it’s nearly impossible to be certain about attack attribution because attackers are adept at using a wide range of technologies to mislead security professionals. For many organisations, it would be better to focus on establishing stronger defence mechanisms. We’ve seen excellent growth in cloud, DevOps and machine identity technologies that allow digital business services to be restarted in the event of a breach, effectively delivering a knockout blow against attackers.”