The SolarWinds software supply chain hack – disclosed in December 2020 – represented a new scale of nation-state cyber aggression, with thousands of organizations compromised, including at least nine Federal agencies. And just last month, the Colonial Pipeline ransomware attack further highlighted the national security risks created by cyber aggression.
In its 2021 Annual Threat Assessment, the Office of the Director of National Intelligence (ODNI) noted that nation-state cyber capabilities “are demonstrably intertwined with threats to our infrastructure and to the foreign malign influence threats against our democracy.”
ODNI said cyber activities by China, Russia, Iran, and North Korea are especially concerning. China, in particular, “presents a prolific and effective cyber-espionage threat,” according to the ODNI report.
“Many countries engage in espionage and cyber espionage,” noted Devin Thorne, a threat intelligence analyst at Recorded Future, the world’s largest provider of intelligence for enterprise security. “But China’s economic growth and ambition to achieve very rapid increases to its national power and technological prowess have led the Chinese Communist Party to deploy traditional and cyber espionage tools on a very large scale and in a way that is much more coordinated and centralized than we’ve seen in the recent past.”
Nation-State Cyberattacks Increase Exponentially
The number of significant nation-state cyberattacks doubled between 2017 and 2020, according to research conducted at the University of Surrey and sponsored by HP. The research, published in April 2021, draws upon intelligence gathered from informants across the dark web and input from a panel of 50 leading practitioners in relevant fields.
“Nation states are devoting significant time and resources to achieving strategic cyber advantage to advance their national interests, intelligence gathering capabilities, and military strength through espionage, disruption, and theft,” said Mike McGuire, senior lecturer in criminology at the University of Surrey. “Attempts to obtain IP data on vaccines and cyberattacks against software supply chains demonstrate the lengths to which nation states are prepared to go to achieve their strategic goals.”
Nation-states use a variety of tactics to exploit computer networks for espionage, Thorne said. These tactics include:
- Targeting and bulk collection of personally identifiable information;
- Sidelong attacks against shared network infrastructure and services to compromise specific targets; and
- High-level compromise of telecommunications infrastructure.
“Whether they are a direct target or a stepping-stone to gain access to bigger targets, as we have seen with the upstream supply chain attack against SolarWinds, organizations of all sizes need to be cognizant of this risk,” Ian Pratt, global head of security for personal systems at HP, said as the University of Surrey research was published.
Indeed, ODNI warned in its threat assessment, “Cyber threats from nation states and their surrogates will remain acute. Foreign states use cyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure.”
Funding, Information Sharing Sought to Combat Cyber Aggression
The SolarWinds and Colonial Pipeline attacks prompted urgent calls for more Federal cybersecurity funding and public-private information sharing about cyber vulnerabilities and attacks. The American Rescue Plan Act gave the Cybersecurity and Infrastructure Security Agency an extra $650 million infusion for cybersecurity – an amount that Department of Homeland Security Secretary Alejandro Mayorkas and CISA officials called a “down payment” on the work that needs to be done. Mayorkas is leading a series of 60-day sprints in critical areas such as fighting ransomware and improving the resiliency of industrial control systems.
Meanwhile, the Biden administration continues to seek congressional agreement on an infrastructure spending plan – originally proposed at $2.3 trillion – that includes funds to address critical infrastructure vulnerabilities.
Beyond funding, Thorne said greater sharing and use of publicly available information can strengthen efforts to combat nation-state cyber aggression.
“One of the most cross-cutting, impactful changes that can happen is to make it easier to work with entities in the private and nonprofit sectors to harness publicly available information, or PAI,” he said. “Classified intelligence appears to be prioritized over PAI, and once PAI is discovered by the government, it becomes classified. That’s unfortunate, because a wealth of data in open sources and commercial sources can provide critical insight into intractable issues if analyzed in the right way.”