Nation-state Cyber-wars Are Already Well Underway Pass Unaffected

In many ways, the internet has altered how we perceive and engage with the world. Sadly, this modification does not apply to acts during peacetime. This evolution also affects how conflicts are fought. Traditional physical warfare has grown to encompass cyber warfare since every nation-state is connected to and dependent upon the internet.

However, unlike traditional combat, cyber warfare is more challenging to describe. The cause? Although it may assist conventional warfare in achieving such goals, cyber warfare is not about acquiring physical territory or moving troops and equipment; instead, it is about gathering intelligence, making money, harming digital and physical infrastructure, obstructing communications, and stealing intellectual property. Furthermore, since cyberwarfare is virtual and doesn’t entail or need any form of overt declaration of war, it’s frequently exceedingly challenging to identify the specific state actor who committed the crime. Many cyberattacks fall into a grey region below the line of total war because there are no recognized international regulations.

What are the goals of cyberwarfare?

According to the Cybersecurity and Infrastructure Security Agency, cyberwarfare aims to “weaken, disrupt, or destroy” another country. Cyberwarfare programmes aim to accomplish many aims that may threaten national interests. These dangers extend from disinformation to espionage, severe disruption, significant infrastructure disturbance, and loss of life among the populace of the targeted country.

Cyber warfare and cyber espionage are sometimes used since they are comparable. The largest distinction is that whereas the main objective of a cyberespionage attack is for the attacker to remain undetected for as long as possible to acquire intelligence, the main aim of a cyberwarfare attack is to disrupt the activities of a nation-state. The two exercises are frequently combined. Cyber espionage, for instance, can gather intelligence that aids a nation-state in getting ready to start a real or virtual conflict.

Nation-States On The Attack

Attacks on the military, corporations, and infrastructure are related to nation-state threats. Since the offenders always try to avoid detection and place the blame on unaffiliated cyber gangs, foreign governments, or hacktivists, it might be challenging to pin them down.

The Undercover Nature of Cyber Warfare

The complicated and ongoing physical conflict between Russia and Ukraine, which the Kremlin refers to as a “special military operation,” serves as an example of the effectiveness of these restrictions in preventing Russian cyberattacks and highlighting the covert nature of cyber warfare. In reality, Russia has been attacking Ukraine online for a long time. Operation Armageddon began in 2013 and was the first significant attack on Ukraine. More Russian cyberattacks followed, including several on the Ukrainian voting system in 2014 and the world’s first successful cyberattack on a power grid in 2016, which caused service interruptions for as many as 6 hours for 230,000 customers in Ukraine.

Since then, Ukraine has responded to Russian cyberattacks with a barrage of cyber offensives that began, as far as we know, in 2016. The Surkov Leaks in 2016 were a significant outcome of these counterattacks. 2,337 email communications and hundreds of files were exfiltrated, revealing Russia’s plans to invade Crimea and incite separatist violence in Donbas.

2022 Conflict

It’s also questionable whether Russian cyber security personnel were involved in the Kremlin’s original war planning for the 2022 fight; as a result, they might have been preoccupied with disinformation efforts and unable to launch any substantial infrastructure strikes. The final argument is that Russia’s cyberwarfare capabilities could not be as developed as previously thought, which would reduce the impact of Russian cyberattacks.

These limitations explain why, at least for the time being, cyber warfare is distinct from conventional warfare and has nothing in common with the science fiction-like picture favoured by the media. Furthermore, nation-states are reluctant to launch comprehensive cyberattacks for strategic reasons. The enemy will eventually reverse-engineer the attack and learn how to defend against it and utilize it for their objectives; therefore, state actors don’t want to use their most powerful tools and techniques unless they have to.

The most valuable of these tools are the zero-day exploits, which are known to have been created by cyber security organizations like the U.S. National Security Agency, the U.K. Government Communications Headquarters, and the Special Communications and Information Service of the Federal Protective Service of the Russian Federation as well as acquired for millions of dollars.

Unit 26165

Unit 26165 is a group that operates deep within Russia’s cyberwarfare infrastructure. Within the GRU’s signals intelligence division, a unit is a specialized unit. The group is committed to actively using “spear-phishing” emails and other computer intrusion attacks to target military, political, governmental, and non-governmental groups. Internationally operating agents from Unit 26165 have conducted hacking activities using techniques like onsite attacks against the Wi-Fi networks of target companies.

Current Cyber Warfare by Nation-states Demonstrates It’s Been Used For

Disinformation and Propaganda: Russia’s social media-based disinformation campaigns for the 2016 U.S. presidential election demonstrate how digital attacks may be employed against ethereal targets, such as trust in social and conventional media and confidence in the fairness of elections.

Cyber Espionage: Cyber espionage, which is carried out continuously by nation-states to learn about the strengths and weaknesses of any state, friendly or hostile, is not warfare per se. There are numerous documented instances where a state-sponsored cyber espionage outfit has been suspected of conducting or occasionally proven to have conducted cyber espionage operations against other nations. For example, the U.S. National Security Agency secretly recorded almost all mobile phone conversations in the Bahamas without the consent of the Bahamian government. Similar operations were carried out in Kenya, the Philippines, Afghanistan, Mexico, and the United States.

Cyber Terrorism: The use of non-state actors (paid by a state actor) to launch cyberattacks with the intention of causing physical, political, psychosocial, economic, or other harm is known as cyberterrorism. The intention is to sow seeds of fear and mistrust that will either weaken or destroy infrastructure and government or politically significant operations.

Cyber-sabotage: Using cyber assaults to compromise government computer systems can aid conventional combat operations. For instance, state-sponsored or military-sponsored assaults may target military databases to gather details on troop movements and the deployment of weapons and equipment. These attacks can potentially compromise digital networks, disrupt official government communications, allow for the theft of crucial intelligence, and endanger national security.

Denial-of-service (DoS) Attacks: DoS attacks stop legitimate users from using a website by bombarding it with fictitious requests and making it respond to them. Critical activities and systems can be interfered with, and sensitive websites can be made inaccessible to people, members of the armed forces and security forces, or research organizations.

Only one significant cyberwarfare assault by the U.S. has ever been acknowledged: Operation Glowing Symphony, the NSA’s cyber security offensive team’s 2016 campaign against ISIS/ISIL. The Darknet Diaries podcast’s Episode 50: Operation Glowing Symphony goes into great detail on this. This episode provides insight into the operational and administrative challenges faced by a government agency mounting a significant cyberattack while also operating within the bounds of international law, the need to employ force strategically, and the political challenges of a nation-state engaging in cyber security operations against an adversary like ISIS.

In cyber warfare, nation-state actors or agents use sophisticated and covert hacking techniques to further their or other countries’ economic, political, or military objectives. Digital attacks aren’t as spectacular as science fiction, and the media have made them out to be, and they might never be. Despite this, cyber warfare, as it has been practised, is hazardous, and any adverse effects on commerce or everyday life might be significant.

Businesses At Risk

Nation-state attacks are typically viewed as highly sophisticated technological hacks. However, they can also have much simpler designs. Perhaps technology isn’t even involved. Social engineering is a frequently utilized technique to compromise corporate networks. Social engineering uses human weaknesses by persuading employees to click malicious links and download malware, always resulting in security breaches.

For instance, nation-states frequently utilize direct email spear-phishing assaults to compromise infrastructure assets. An employee clicks on a legitimate-looking email, and the virus is spread. That virus might not be instantly identified, making it much more challenging to protect against. It can remain dormant until activated by an external agency or event.

These assaults can have a variety of objectives, but they typically aim to steal trade secrets, humiliate corporate executives, and alter, delete, or ransom data.

A few high-profile examples include:

After the release of the movie “The Interview,” which gave a poor impression of Kim Jong Un, there was an attack on Sony Pictures. Hackers working for the North Korean government are blamed for the attack. The FBI uncovered code, encryption algorithms, and data deletion techniques comparable to other malware operations by North Koreans.

According to Reuters, a significant U.S. information technology company called SolarWinds was the target of a cyberattack that expanded to its clients and went unnoticed for months. Foreign hackers could utilize the hack to spy on private organizations like the prestigious cybersecurity firm FireEye and the upper levels of the U.S. Government, including the Department of Homeland Security and Treasury Department. Some top U.S. officials suspect the foreign hackers are from Russia.

More than 100,000 mail servers were affected by the Microsoft Exchange zero-day hack.

How Can You Improve your Cyber Defense Posture

To understand your capabilities and put additional safeguards in place to defend against nation-state assaults, a rigorous review and improvement of your present cybersecurity defences, including your people, procedures, and technology, will be required.

To secure your network and safeguard resources and data, you should generally seek a layered defence model that incorporates various security controls at multiple levels, with several defences cooperating within each. Consider the following.

Keep people at the heart of your defence plans

Although people are frequently the weakest link in cybersecurity, they may also be valuable if given the proper training in threat detection, avoidance, and mitigation. Remind staff to exercise caution; update training materials and advice sheets about common dangers like phishing, ransomware, and weak passwords; and build training programmes around specific, current threats. All staff members, including those who work remotely, should receive training and any outside contractors (and subcontractors). Employees with privileged access to I.T. assets should receive additional, specialized role-based training.

Review your basics

Many of the conventional guidelines for good cyber hygiene apply here: Data encryption, VPN use, firewall configuration that is appropriate, updated malware and intrusion prevention software, and strict password requirements. All users should be required to use multifactor authentication for all I.T. resources, including company leadership.

Keep track of all hardware and software assets

Keep track of all hardware and software assets as remote, and hybrid work continues, and ensure you secure access to your environment. To provide enough capacity for remote workers and reduce security threats, test VPNs, videoconferencing, and collaboration solutions. Examine the privacy and security features of any cloud-based remote collaboration solutions used for data access, storage, and sharing.

Tighten access across systems

Ensure privileged access is tightly restricted and tracked for all I.T. resources, including security tools. According to the concept of least privilege, access should be granted: Limit the applications that employees can access to those necessary for them to do their jobs.

Look outside your walls

Supply companies, business partners, and other third parties with access to your systems and data should all undergo security due diligence.

Implement solutions or third-party services to monitor and log network behaviour 24/7, and alert your team to any security events and incidents.

Don’t overlook security alerts

Take the time to carefully analyze what is happening when your tools alert you to a problem. Know how to use the controls you’ve bought to their best potential.

Make cybersecurity an ongoing process

Utilize tools to manage patches and do routine maintenance remotely. Make sure you evaluate the security effect of any modifications to essential programmes.

Nick Roddick

Head of Production

Elpidoforos Arapantonis

Senior IT security manager at Volvo

Elpidoforos Arapantonis aka Elpis is Chief Product Security Officer at ecarx in Gothenburg, Sweden. He has academic background in electronics with M.Sc. degrees in distributed systems, as well as in information security. He has long experience working in projects around Autonomous Driving, and Advanced Driver-Assistance Systems in OEMs, from the cybersecurity point of view. His current focus is cybersecurity on infotainment systems as well as vehicles’ off board systems.

Anders Jared

CISO at Bravida

With decades in the area of security I now lead the IT and information security work within Systembolaget AB. This proactive engagement together with my background of analyzing security breaches in criminal investigations renders me a unique understanding of both threats and prevention possibilities in our digitalized world.

Anthony Herrin

Nordic Head of Cyber Underwriting at RiskPoint Group

Anthony has 15 years of experience in the insurance industry with roles within both broking and underwriting. He has focused on cyber risk and insurance since 2015 and is CISM certified. Whilst predominantly on the broking side at Aon, JLT and Marsh over the last few years, he has recently moved to an underwriting role at Riskpoint and will lead their team of Nordic Underwriters.

Bernard Helou

Head of IT Governance at Lendo Group

Bernard has 15 years experience in information security. He has been working as a
cybersecurity consultant to CAC40 companies in Paris for 9 years before taking internal roles as information security manager. From security awareness to data protection strategy or
contingency plans, he has a good overview of security best practices.

Moa Mörner

DSO DPO at SJ AB

Moa Mörner is an experienced Data Protection Officer with a demonstrated history of working with questions concerning processing on a large scale of special categories of personal data, both for Controllers and Processors. She is skilled in data protection law, advising on strategic level as well as operative, assessments and recommendations, educating, and managing incidents of personal data breaches. Moa is strong advocate for making data protection and information security working together, when the perspective of the individual (data protection) and the perspective of the organization (information security) allows it.

Today Moa is Group DPO at SJ AB.

Jacqueline Jönsson

CISO at Danish Energy Grid

During my 20+ years in the security sector I have a good feeling about what works in practice and gives results and what doesn’t. The part that engages me most is integration of technical security with legal and financial aspects as well as people’s behavior.

Core skill is CISO work and guiding board members and executives about cybersecurity, operational resilience and business assurance.

Also advice on regulations, directives and practices for the financial services and energy sector.

Jonas Rendahl

CISO at Aurobay

My name is Jonas Rendahl and I work as CISO at Aurobay (Powertrain Engineering Sweden AB). I live south of Gothenburg with my wife and daughter.

I started my interest in computers and security at an early age. I have worked within IT since early 2000 but I have worked within many different industries and areas before that. Within IT I have worked with things like development, support, testing, management, audits, disaster and recovery, architecture, operational security and almost all aspects of security you can think of.

I have a keen interest in security and love the fact that it is such a dynamic and ever-evolving industry. From all of my experiences I have learnt that nothing is static and that all experiences are something to learn from.

I am a rather pragmatic person in such respect that I try to listen the organization’s needs and weigh that against potential risks and possible and plausible security measures. I am a firm believer in simplicity over complexity and in setting up the foundation for fruitful conversations by first defining the boundaries and basic concepts to ensure everyone understand each other.

Klas Themner

CISO/Deputy CEO at AMRA Medica

Klas Themner has, as AMRA’s Chief Information Security Officer, overall responsibility for the management of the company’s information security. Klas has been at AMRA since 2017, mostly in the role of COO, also keeping the role of deputy CEO. Before joining AMRA Medical he had 20+ years of experience as COO & CFO in a number of different listed medical device companies within advanced medical image processing and across all imaging modalities. Previously to Life Science, Klas spent 10 years with the Swedish defense industry. He has an engineering background and holds a PhD in Nuclear Physics from Lund University.

Lorena Carthy-Wilmot

Senior advisor in Digital Policing (DPA) at Lillestrøm police station

Former Head of the Forensic Technology Services Lab at PwC in Oslo. Now Senior Advisor in the field of Digital Forensics at the Norwegian Police, East District.

Patrick-Kall

Future leader of cybersecurity sector at Einride

I'm a Senior Security Advisor within the IT/Telco domain with more than 25+ years in the industry.

Thea Sogenbits

CISO at Estonian Tax and Customs Board

Thea maintains tax secrecy of everyone in Estonia. As CISO of the Estonian Tax and Customs
Board she leads the security vision and information security management programme as well as the certified information security organization within the ETCB.

Her academic research focuses on the value chains and business models of professional
organized cross-border transnational cybercrime.

She trains and mentors military, public and private executives on hybrid defense and integration of next level defenses to organizational daily policies, practices and culture.

Thomas Evertsson

Head of IT security at DNB Bank

If you are looking for an efficient, Get the Job Done IT Manager with high ambitions then you've found the right person. I am inspired by a fast pace and successfully driving change, both organizational and technical. I see myself as a realistic optimist who is happy to share ideas and knowledge with others. Experience has taught me to be honest, cohesive and consistent, factors I see as important to success.

Tomi Dahlberg

Senior Advisor Cyber Security at State Treasury of Finland

My executive work, IT management and governance centric career started in 1976. I'm still passionate about these topics as they evolve all the time. Since 1984 I've worked in managerial and since 1988 in executive positions in business, academy and consulting (ABC). Business executive is my main career path.

I have worked in business executive positions in software (e.g. Unic), finance (e.g. Danske Bank), telecom operator (e.g. Elisa), nanotechnology, executive consultancy, and IT services. I have written 70+ publications both academic and practical as a part-time professor in business schools since the year 2000 . My research motive is to understand in depth issues that I conduct in business.

Executive work expertise areas: Corporate governance and board work, change management and leadership, strategy work & management, business models, business development, innovation management, finance.

IT executive expertise areas: governance and management of IT, OT, digital business and platform business, CIO/CDO work, IT service management, data management, business and IS development methods.

Benjamin Bauchmann

CISO at Ströer SE & Co. KGa

Speaking session - March 16th, 2023

Visibility is crucial: E-criminals will find your internet-facing assets you do not know much about

You can only protect the assets you know of, so it’s important to have a high visibility on all your internet-facing assets. Even more in times like these in which states/hackers/the bad guys try to cause havoc. They do not need to target you specifically, but they will find your assets, you do not know about.
Biography: If he had been in Troy then, the city would still be standing today. When it comes to security, most people rely on offerings to the IT gods. Not so Benjamin Bachmann, because he sees cyber security as a holistic issue that must consider and address the triad of people, organization and technology in equal measure. In other words, they form the foundation of a sustainable and livable security culture. An industrial engineer by training, he felt called to promulgate these early on on behalf of various consulting firms. Today, as Vice President Group Information Security at Ströer, he is responsible for the strategic security of the entire Group and develops implementable, useable and human-centered security concepts for the subsidiaries. Privately, he has been battling with his friends for years to see who can bake the best wholemeal sourdough bread, is on a sustainable journey and shows that cyber security is not dry-as-dust topic.

Tobias Ander

CISO at Örebro kommun

Speaking session - March 16th, 2023

Raising a cybersecurity culture! - Why is it so important?

Tobias will be delivering an insightful talk on how to comprehend the security implications of a futuristic security strategy. This talk will focus on the importance of incorporating the security function into crucial decisions, and will provide an overview of what such a strategy would look like. He will examine the emerging technologies in the field of security, and explore how they will influence the security strategies of tomorrow.
Biography: Tobias Ander got more than 20 years of experience in information security. Today he is CISO at Örebro Kommun, runs his own company Securebyme and recently released the book Informationssäkerhetskultur (Information security culture) in swedish. Tobias was awarded “This year’s GRC-profile” in 2017 for his commitment in Governance Risk and Compliance.

Ståle Risem-Johansen

CISO at Spare Bank

Experienced senior manager with 20+ within Energy sector as CIO and CISO. Chairman of the Board of Nationwide Security forum in Norway (Energy Sector) for 7 years. Confident with working with regulator and The Office of the Auditor General Strong relationship-builder always aiming to Learn more. If security is done the proper way it will become a business enabler. Currently hold the position as CISO in SpareBank 1 SMN – a part of SpareBank 1 alliance.

Raviv Raz

Cyber & AI Innovation at Ing

Speaking session - March 16th, 2023

How will AI impact CyberSecurity in near future

  • AI is gradually taking a prominent part in Cybersecurity
  • Recent developments in offensive AI pose, in a close future, threat to  conventional security measures, arming malicious hackers with a powerful  technology previously unavailable to the masses
  • Innovative Advancements on both sides of the force
  • Is AI going to help to save the security staffing shortage or lead to a dark future

Biography:
Raviv has pioneered and disrupted several domains in Cybersecurity including:

  • Network Access Control
  • Web Behaviour Analytics
  • Programming Language Processing

As part of his R&D work in ING he co-founded the CodeFix and PurpleAI innovation initiatives: reducing false-positive alerts in application security testing and using AI in offensive security testing.
Specialising in Application Security, Raviv has blogged, lectured, appeared in the news and released open-source tools used by tens of thousands of hackers.

Including R.U.D.Y that appeared on the TV show Mr. Robot