The International Criminal Police Organization (Interpol) announced that critical infrastructure in the public and private sector were being targeted in cyber attacks, due largely to the ongoing novel coronavirus pandemic. Cybersecurity researchers have said that the current events have created a new set of opportunities for cybercriminals, and the total number of attacks has grown by as much as 300% this year.
“We have definitely noticed a sharp increase in abuse and cyberattacks during the pandemic period,” said Vincentas Grinius, CEO at network infrastructure solutions provider Heficed. “However, it is also clear that this new trend is not going away any time soon,” Grinius said in an email to ClearanceJobs. “The current events have created a new set of opportunities for cybercriminals.”
This latest warning follows a National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA) joint advisory from July that recommended immediate actions be taken to reduce exposure across all operational technologies and control systems. The two agencies had warned that in the spring and early summer cyber actors had demonstrated an increased willingness to conduct malicious cyber activity against Critical Infrastructure (CI) by exploiting Internet-accessible Operational Technology (OT) assets.
DoD Response to Cybersecurity Threats
Another major concern is that it isn’t just lone actors lurking on the dark web that are conducting such attacks – the DoD has warned that there are growing cyber threats from state and non-state actors that are also taking advantage of the open Internet.
Last week Madeline Mortelmans, the DoD’s principal director for cyber policy spoke at an event hosted by the Association of European Journalists in Madrid, Spain and she warned that adversaries including China, Russia, Iran, and North Korea have been increasingly taking part in malicious cyber activities in the gray zone, which is below the threshold of armed conflict.
These cyber efforts are being done to undermine the U.S. and allies’ security.
Mortelmans said that in 2018 the DoJ also estimated that more than 90% of economic espionage cases involved China, and more than two-thirds of the cases involved the theft of trade secrets were connected to China.
None of this is exactly new, and it comes in spite of Beijing’s pledge not to use espionage for their economic benefit.
Chinese Cyber Warfare Units
Before Beijing made its public pledge, the China’s People Liberation Army (PLA) operated a special unit, known as PLA Unit 61398, which was believed to be the source of computer hacking attacks. The unit was reported to be stationed in Pudong, Shanghai and in May 2014 the U.S. Department of Justice (DoJ) announced that a Federal grand jury returned an indictment of five 61398 officers for the theft of confidential business information and intellectual property from U.S. commercial firms. In addition, the DoJ accused those officers of planting malware on the firms’ computers.
In two different incidents in 2019 and 2020 respectively, the DoJ announced indictments against cyber actors associated with the Chinese Ministry of State Security – the latter including the theft of data related to Covid-19 vaccination research.
While China has admitted to having secretive cyber warfare units in both the military and civilian part of the government, many of the details have not been disclosed.
Other Foreign Actors in the cybersecurity field
Mortelmans added that Russia has continued to conduct cyber espionage that could have the potential to disrupt critical infrastructure but also erode confidence in America’s democratic system by interfering with the upcoming U.S. election.
North Korea has also shown that it has the capabilities to hack financial networks including those connected to cryptocurrency to generate funds to support its weapons development programs; while Iran has conducted disruptive cyberattacks against the American and allied nation’s companies. In addition, the Islamic Republic has further used cyber to push its own narrative across the Middle East.
Spread of Information and Criminal Activity
Cyber has been used to recruit terrorist agents, raise funds, and direct attacks as well as to distribute propaganda.
International cyber criminals are also becoming a threat as they use ransomware and other cyber attacks to extort money from local and state governments as well as from the commercial sector. The threat has gotten so great that last year the United States Conference of Mayors, along with other city leaders, finally agreed to “stand united” against paying any ransom should their respective city system be targeted in such an attack.
Equal Response
Mortelman said that the U.S. Cyber Command has taken a comprehensive and proactive approach that involves being able to defend forward anywhere in the world, in order to respond to cyber and other threats before they reach the homeland.
In addition, she said that the effort will include working with allies and partners.
An important consideration is that a cyber attack response should be limited to cyber. An attack could even constitute an act of war or use of force. To that point, Mortelman said that an attack’s response should be based on the effects that are caused, rather than the means by which they were achieved. An attack on critical infrastructure such as the power grid for example, would be met with a response that would target the attacker’s power grid.
Cybersecurity Talent Initiative to Address Threats
Addressing such cyber threats may not be easy however, given that the current unemployment rate for cybersecurity professionals remains essentially at 0%.
However, this is where private sector efforts such as the nonprofit, nonpartisan Partnership for Public Service could help address the worker shortage. It recently kicked off its inaugural class of the Cybersecurity Talent Initiative, a new public and private collaboration with the goal of developing a world-class cybersecurity workforce.