Government cyber strategies to mitigate growing cyber threats

In the last decade we have observed the raise of cyber attacks, no matter their purpose, cyber warfare or cyber espionage for military or private business, they have demonstrated how much dangerous is a cyber offensive.

The U.S.’s leading cyberwarrior has estimated that private businesses are losing hundreds of billions to cyber espionage and cybercrimes, and the total expense to prevents those phenomena is increasing making companies less competitive in the causes of costs.

The main problem is to address this cyber threats with an appropriate cyber strategy first and after involving capable experts.

The question is continuously debated by the US high officials, four-star Gen. Keith Alexander, director of the secretive National Security Agency and head of the Pentagon’s Cyber Command, declared recently that

the illicit cyberspace activities essentially amounted to “the greatest transfer of wealth in history.”

The general alerted the US Government on an imminent dangerous for the national security, in a recent public intervention he said U.S. companies lose $250 billion to intellectual property theft every year.

The high official referred of data from Symantec and McAfee reports that show an alarming scenario, $114 billion was lost only due cybercrime activities, and the number could be as high as $388 billion if the value of time and business opportunities lost is included. In particular McAfee firm proposed worst data, today $1 trillion is spent globally in remediation.

Which are the main cyber threats that are arming governments?

Malware and botnets represent the great challenge to security, according McAfee 75 million unique pieces of malware have been detected since now in their database, an amazing figure if we consider the related damage.

Same concerns regarding the botnets and their diffusion, we are assisting to an evolution of the technology adopted, let’s introduce for example the Peer-to-Peer based botnet, and the mechanism used for their diffusion.

Many concerns are also related to the business model, malware as service or C2C, adopted by cybercrime that make possible the creation of botnet also for not experts.

Cybercrime is not only the unique concern of US Government, we must take in care of the increasing adoption of cyber operations made by foreign governments and also the hacktivism phenomenon.

Both are cyber threats, both could compromise national security, both could expose sensible information.

Dedicated chapter must be reserved for critical infrastructures, according the last ICS-CERT report the number of attacks is passed form 9 in 2009 to more than 160 in 2011, and the trend demonstrate a constant growth.

How Do governments prepare they army to the cyber war?

One of the main phenomena which we have witnessed is the recruitment of groups of hackers on the part of governments to carry out offensive actions but mainly to train their wards to new technical disciplines and the use of deadly new weapon … the keyboard.

No more bullets, but with such bits must battle and who better than a hacker can transfer their knowledge on the subject?

That’s for example the approach followed by US that is trying to discover and hire most promising young hackers, U.S. Naval Postgraduate School professor John Arquilla said in an interview with The Guardian

“But most of these sorts of guys can’t be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them.”

Arquilla refers about 100 “master hackers” around the world, mainly in Asia and Russia, that could potentially break in every network.

These young forces represent the future for cyber army all over the world, and don’t forget that their engage could be reserved also for the fight to cybercrime and cyber terrorism.

But the initiative proposed by Arquilla is not new, let’s consider that China can count on specific projects and initiatives to recruit and form expert hackers to involve in cyber operations. PLA gives us an example on how important is the involving of young hackers in their cyber army, just Chinese military referring US recruiting wrote on its official press:

“The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak,”

“Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army.”

The recruiting of hackers to train military expert is also conducted by other countries, India for example announced to have engaged two cyber security experts, who claimed to have cracked CERN’s computer system.

Ethical hacker Chris Russo reported  that three times he found vulnerabilities in IT system of European Organization for Nuclear Research (CERN) that has been involved in discovery of ‘God Particle’ or Higgs Boson.

The experts are conducting a training sessions for Indian government officials.

Russo declared:

“The projections show there is going to be lot of manufacturing in the India. Lot of software will be involved in it. We are here to create awareness among people on probable vulnerabilities in the cyber system,”

The training course was attended by officials from Cabinet secretariat, Airforce, C-DAC, National Technical Research Organization, Income Tax Department, Assam’s AMTRON along with representatives from private sector entities, Aircel and Cisco.

The experts are partners of E2 Labs security firm, and  E2 Labs Managing Director Zaki Qureshey added

“Next era of wars is not going to be of bomb, gun and shells. It will be led by cyber warfare where most attack will be on nation’s secret data. The idea to conduct such program evolved after seeing increase in cyber attack on India,”

I’m completely agree the statement, the awareness and the training are necessary components of an proper cyber strategy.

Senior Director Assocham Ajay Sharma said that talents required to build a team of cyber security experts are mostly available in people with an average age of below 30. That’s way the government has also launched an interesting recruiting campaign.

I desire to conclude the post with few simple reflections:

• we are observing a sensible increase of the number of cyber attacks, Governments are not concerned regarding the consequences of a single big attack, they tend to be scared by the damage related to small and continuous attacks that represent the real cyber threat today.
• all governments agree on the necessity to share a cyber strategy addressing the cyber threats and its effect. For this reason governments are involving new lymph searching for and recruiting young hackers. The way to make war is totally changed.
• The new cyber threats could hit national security but also procure serious damage to private business that’s why it’s absolutely necessary a strict collaboration between military structure and companies.

We are in front of the right way, but the path is very long and fraught with difficulties.

Pierluigi Paganini