The cyber landscape is continually evolving, with attacks becoming more advanced and threats emerging a variety of adversaries. Sometimes these adversaries operates within the nation, other times they originate from terrorist groups or organizations, or may even come from other nations, particularly Russia, Iran, China, orNorth Korea.
2015 saw an alarming number sophisticated cyber threats targeting the homeland—including nation-states, terrorists, and criminal organizations—and lawmakers believe the year ahead will be no different.
In response, the House Committee on Homeland Security’s Cybersecurity, Infrastructure Protection, and Security Technologies Subcommittee held a hearing last week to discuss these emerging cyber threats and hear from academia and technology experts in the private sector about what more Congress can do to secure our networks and protect Americans.
“Over the last several years we have seen these actors continue to develop and build even more sophisticated cyber capabilities,” said Subcommittee Chairman John Ratcliffe (R-TX). “In 2016, these hackers pose an even greater threat to the US homeland and our critical infrastructure. To put it simply, cybersecurity is national security.”
Ratcliffe called to mind last year’s breach of the Office of Personnel Management, which compromised the sensitive information of millions of federal employees, as well as North Korea’s attack on Sony Pictures in 2014. Ratcliffe assert that the current Administration’s responses to these incidents is a cause of concern.
“Unfortunately, the Administration’s lack of proportional responses to these cyber attacks has demonstrated to the world that there are no real consequences for such actions,” Ratcliffe stated. “Without a comprehensive national cybersecurity strategy that addresses deterrence effectively, I worry that 20l6 could bring an increasing number of those willing to push the boundaries.”
Recognizing the gravity of the current cyber threat environment, Congress has enacted a series of measures to improve the nation’s cybersecurity posture. In 2015, Congress enacted the Cybersecurity Act of 2015, which established the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) as a central hub for sharing information among public and private sector partners.
This legislation and corresponding congressional action were designed to guide the transformation of current policies and protocol, and lead the nation toward proactive, rather than reactive, security measures. Chairman of the House Homeland Security Committee, Michael McCaul (R-TX) is now urging the current Administration to release the National Cybersecurity Incident Response plan, which is required by law in the National Cybersecurity Protection Act of 2014.
“The President’s recent cyber proposal is an approach I have been pushing for us to adopt for more than a decade as a member of the Cybersecurity Caucus,” McCaul stated. “I am disappointed, though, that it took until his last year in office for the President to release it. In cyberspace, we know all-too-well that delay can be disastrous. We saw this with the OPM breach and the Sony Hack, and I fear that leadership lapses on the cyber front will have consequences for years to come.”
Frank J. Cilluffo, Director for Cyber & Homeland Security at George Washington University, addressed the importance of ensuring technology keeps pace with the ever-changing cyber threat environment. Cilluffo explained that the US must grapple with a barrage of varied threats from “a wide array of actors with different intentions, motivations, and capabilities.”
Cilluffo continued, “The threat tempo is magnified by the speed at which technologies continue to evolve and by the fact that our adversaries continue to adapt theirtactics, techniques and procedures in order to evade and defeat our prevention and response measures. While breaches to date have largely exemplified data theft, the next step that hostile actors take may go further—such as data manipulation.”
Cilluffo stated that China and Russia may be the greatest threats to cyber security at this point, but he also reiterated that any individual or group can spread their message to gain harmful support. In addition to the threat posed by nation-states and individual actors, terrorist cyber capabilities are becoming increasingly sophisticated.
“Terrorist organizations also use the internet in a host of ways that serve to further their ends and put the United States and its allies, and the interests of both, in danger,” Cilluffo stated. “By way of illustration, the internet helps terrorists plan and plot, radicalize and recruit, and train and fundraise.” He continued, “As terrorist cyber capabilities grow more sophisticated, one especially concerning scenario would involve terrorist targeting of US critical infrastructure, using a mix of kinetic and cyber-attacks. In this scenario, the cyber component could serve as a force multiplier to increase the lethality or impact of the physical attack.”
Cilluffo concluded that while there is still much work to be done to adequately prepare for cyber altercations, both offensive and defensive plans should be in place, so that whether an attack happens first, or a response to an attack is necessary, leadership is adequately prepared for both scenarios. It’s a matter of staying one step ahead, and if an intrusion should occur, being able to recover fully and quickly is imperative.
Also testifying at the hearing, Jennifer Kolde, Lead Technical Director for Threat Intelligence at FireEye Inc., said the continuously changing threat landscape means that companies such as FireEye must be able to detect and review threat activity to determine the players involved, where they come from, the tools they use, who they are obtaining the information for, and if and when they may strike again.
“Our consulting division, Mandiant, investigates and remediates the world’s most devastating breaches; FireEye’s endpoint and network sensors feed data to a repository of active cyber threat operations; and newly-acquired iSIGHT Partners offers unparalleled analytic insight,” said Kolde. “We use this robust set of data to correlatethreat activity and characterize threat actors’ capabilities and motivations.”
FireEye currently tracks approximately 500 threat groups, including 29 advanced persistent threat (APT), groups that they strongly suspect are supported by governments. Other tracked groups include criminals operating for financial gain, as well as others where we currently have insufficient information to characterize their activity.
Kolde identified China, Russia, Iran, and North Korea as threats of particular concern. Kolde continued, “This multitude of threat actors—suspected government actors and enterprise cyber criminals alike—continues to evolve more quickly than the ability of the private sector to safeguard assets, including financial data, personal health information, and intellectual property.”
To defeat these threats, from nation-states to terrorists to criminal organizations, Kolde emphasized the importance of the private and public sector sharing information not only about technical indicators, but also about “motivations, plans, and intentions that would enable forewarning.”
“This information must be unclassified and shared in near-real time for network defenders to regain the upper hand against the best state-sponsored threat groups,” Kolde stated. “Information sharing must be part of a comprehensive security strategy and combined with broader efforts to educate organizations about real risks, train security personnel to combat them effectively, and develop incentives so that the public and private sectors are motivated to invest in protecting data, assets, and critical infrastructure.”
Homeland Security Today recently reported that the Dell Security Threat report revealed that cyber crime is transforming at a constant pace, similar to what was discussed at this hearing, but that trends and predictions can be useful tools in planning and preparing for change.
Reviewing past breaches, or attempted breaches, can allow for learning opportunities, both within government, as well as for private industry. Developing a less reactive and more proactive stance will vital in combatting cyber threats in the year ahead.