By Lord Jonathan Evans
Former Director General of the British Security Service and Advisory Board Member, HolistiCyber
As we pass the midpoint of a year awash with complex geopolitical and cybersecurity challenges, we should reflect on the current intersection of these realms and the implications for private organisations. In this article, I will explore the current landscape of politically motivated nation-state grade cyber threats and suggest lessons for businesses, specifically, how corporations and organisations are affected by these events, and how they can remain secure.
The increase in cyber attacks from threat actors, directly or indirectly supported by hostile governments, has created a pressing need for comprehensive and proactive measures to safeguard our critical infrastructure and enterprises. By examining developments such as Ukraine’s remarkable cyber resilience and the persistent cyber aggression of China, we can glean insights on how organisations should navigate this challenging environment.
The Lesson from Ukrainian Resilience
One of the most striking recent factors in geopolitics and cybersecurity has been Ukraine’s laudable response in the face of persistent cyber attacks. The ongoing Russian attack on Ukraine has combined elements of both kinetic and information warfare. Ukraine has been notably resilient in the face of sustained cyber attacks. But effective defence is no accident.
Since 2017 and the notorious NotPetya attack, Ukraine has built its cyber defences to weather numerous assaults with detailed preparation and with determination. The NotPetya attack, and others like it, were a devastating Russian cyber campaign that quickly spread globally, affecting numerous organisations beyond its initial Ukrainian targets. It caused widespread disruption, financial losses, and highlighted the importance of preparedness, collaboration, and resilience in the face of sophisticated cyber threats.
In response to the NotPetya attack and the BlackEnergy attacks which targeted the country’s energy grid during the same period, Ukraine gave serious attention to its cyber resilience. The result was a detailed plan to help the country prevent and prepare for subsequent attacks. The “Cybersecurity Strategy Of Ukraine,” outlined measures with, “an overarching goal to create the conditions that ensure safe cyberspace and its use in the interests of individuals, the society and the Government.” Key steps that were taken to mitigate future attacks included mobilizing a response team and actively engaging with cybersecurity companies and other private sector entities. Collaboration and information sharing played a crucial role, as well as developing strategies to prevent similar incidents in the future.
Since the start of the Russian invasion, Ukraine has confronted numerous cyber attacks against critical infrastructure and has demonstrated continued resilience.
The lessons learned from Ukraine’s experiences apply equally to corporations. The number one lesson is this – it is possible to prepare, repel, and survive even sophisticated cyber attacks with strategic planning, investment and concerted effort.
China’s Silent Threat: Intellectual Property Theft
The US National Security Agency likes to say that if Russia’s intense, headline grabbing cyber attacks can be likened to a tornado, China’s activities are more akin to climate change—a silent and relentless force reshaping the global security landscape. China’s unparalleled scale of cyber espionage poses a formidable challenge to nations and corporations alike. The systematic theft of intellectual property by China has helped fuel its economic growth over the past two decades. Persistent low-level cyber attacks have often drained companies in more developed economies of valuable assets without necessarily being immediately evident. Over time, this steady stream of IP theft has a real impact, with many targeted companies, once leaders in their respective industries, suffering significant losses over time.
These ongoing attacks serve as stark reminders of the magnitude of the threat China poses. Private companies must recognize the slow but insidious drain of intellectual property and intelligence, which can ultimately lead to a loss of competitive advantage in world markets. Understanding these risks in full, and implementing appropriately robust cybersecurity measures, becomes an essential element of corporate risk management.
The recent discovery of Chinese cyber footholds on US critical infrastructure should serve as another warning. A pivot from IP theft, to state espionage or even pre-positioning for destructive attacks cannot be ruled out.
Growing Chaos in Cyber Warfare
Of course, cyber attack is not restricted to just a couple of countries – there are a multitude of other notable geopolitically motivated attacks, some quite remarkable, such as the retaliatory attack by a Ukrainian hacker on a Russian telecom provider, and a hacktivist group that caused a catastrophic explosion at an Iranian steel plant. Iran itself is more often the predator in geopolitically motivated cyber attack, with numerous Iranian cyber groups implicated in attacks on Western industry and society.
Meanwhile, latest American estimates show that at least half of North Korea’s missile program is funded by the proceeds of cyber attack – a different motivation, but no less damaging and geopolitically significant.
These episodes demonstrate the increasing audacity and implications of cyber warfare. Private companies, including utilities, banks and transport companies, have become collateral targets in these nation-state conflicts. Businesses must recognize the evolving threat landscape and allocate resources to cybersecurity measures so that that can withstand persistent attacks.
The Importance of Collaboration between Governments and Companies
In the face of escalating cyber threats, collaboration between governments and the private sector becomes essential. Governments must take proactive measures to safeguard critical infrastructure. The public and private sectors must work together, sharing threat intelligence, expertise, and resources to counter the sophisticated cyber campaigns conducted by nation-states. It is essential for private companies to be forthcoming, open, and actively engage with governmental cybersecurity agencies, seeking assistance and guidance when they encounter cyber attacks.
Governments worldwide, exemplified by organisations such as the UK National Cybersecurity Centre, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) play a crucial role in the realm of geopolitical cybersecurity. Their involvement involves actively facilitating information sharing, providing guidance to organisations under attack, and offering proactive defensive strategies. By establishing collaborative partnerships with private industry, governments contribute significantly to the creation of a cybersecurity ecosystem that fosters resilience and enables effective response to cyber threats.
Lesson For the Private Sector, The Time to Prepare Is Now
Given the relationship between geopolitics and cybersecurity, and the uncertainty of our world today, it is crucial for companies to take immediate action and establish strong security measures to safeguard themselves from attack.
Organisations need to understand and internalize the valuable lessons learned from the Ukrainian government’s handling of the NotPetya incident. While this lesson is ‘state on state’, the key takeaway is that having a well-crafted plan in place, and working with the right partners, will help prevent, prepare, and more quickly recover from cyber attack. Companies must embrace this approach and take appropriate measures to develop their own robust strategies for dealing with the threat.
The warning signs are all here. We know there will be ongoing waves of cyber attacks. Russia’s ongoing audacious attacks, China’s sustained cyber campaigns, and other geopolitical developments serve as sobering reminders of the urgency to fortify our cyber defenses.
By developing and implementing comprehensive cyber security strategies and working with the right partners we can prepare ourselves to withstand what we know is coming.
