Skip to main content
close search
site logo
Dive Brief

'Advanced cyberconflict' is nearing, researchers say

Published April 8, 2021
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Flickr; Sharat Ganapati

Dive Brief:

  • Nation-state cyber incidents have increased 100% between 2017 and 2020, according to a study conducted by Dr. Michael McGuire, senior lecturer at the University of Surrey, and sponsored by HP. The report, released Thursday, used data gathered from publicly available information, including incidents involving leaks or whistleblowers, between 2019 and 2021. The report also includes a survey of more than 50 leaders in cybersecurity, intelligence, government, law enforcement and academia. 
  • Enterprises represent 35% of nation-state targets, whereas government or regulatory agencies are 12% of targets, according to the report. Critical infrastructures, a shared responsibility between the sectors, was a target 10% of the time. 
  • One-fifth of cyberattacks are directly attributed to regional conflicts, according to the report. An average of at least 10 cyberattacks per month were attributed to nation-state actors in 2020, according to the report.

Dive Insight:

Because of the combination of existing regional tensions among nations and attack frequency, the report concluded the cybersecurity community is "closer to advanced cyberconflict" compared to any other time since the internet began.

Cyberattacks are blurring the lines of international conflict. Though the laws of war are well established, cyber is challenging traditional notions of kinetic war. "For centuries, kinetic war was the legitimate way that states resolve their disputes," said Scott Shapiro, the Charles F. Southmayd professor of law and professor of philosophy at Yale University, during Enigma's virtual conference in January. War was legal; "it was like going to court." 

Now governments are facing a quandary in resolving cyberattacks, whether through in-kind attacks or economic sanctions. Cyberattacks are rarely fit neatly and exclusively in either violent or nonviolent buckets. 

To further complicate resolutions following a cyber incident, "cyber-armies rarely march in formation," according to the report. They show no sign of who they are loyal to, or who they are hacking on the behalf of. In some instances, cybercriminals operate without permission or knowledge of their jurisdiction. 

The "invisible" feature of nation-state actors contributes to the "100% denial rate" because "to date, no state has confessed to any cyberattack, even where evidence is clear," the report said. 

If a nation-state actor escalated a cyberattack to impact the physical world, something the operational technology (OT) security community has feared since Stuxnet in 2010, it would make the attack violent and therefore kinetic. But an act to implement a firewall, blocking packets sent from an adversary, would be benign, said Shapiro. 

"Because it would be a refusal to interact with another country, it would be passive. The firewall would be akin to economic sanctions," he said. 

But cyberattacks aren't always cut and dry. More than 40% of attacks involved physical and digital implications, according to the report. 

Now that private industry is part of the adversarial threat model, security leaders are waiting on government leadership to shape intervention. The U.S. trails its international counterparts in cybersecurity spending: 

  • Between 2019 and 2021, the U.S. cybersecurity spending is expected to increase 11%, according to the report. 
  • By 2023, China will likely increase its cybersecurity spending by 25%, European nations by 50% and Russia's estimated growth is 200%.

Despite the increase in spending, 50% of nation-state attacks leverage "low budget tools," according to the report. Adversarial countries have more personnel behind their missions, while also "stockpiling" exploits and attack techniques.  

The sectors are working to patch holes in a relationship, where mistrust or a lack of incentives inhibits substantial information sharing. But the private sector knows, if a nation state decides to target their company, the nation state will likely succeed. 

2020 ended with the SolarWinds compromise, which emphasized the need for the public and private sectors to share threat information given the common vulnerabilities.

When cyberattacks begin to interfere with other countries' governments, the assumption is the act was illegal. Security experts are still hesitant to call the SolarWinds hack an "act of war," though at least nine federal agencies were impacted. 

Deciding when to call a cyberattack an "act of war" is a task allied nations have yet to determine. Because of this, countries are quick to call "all serious cyberattacks" cyberwarfare, according to the United Nations. "This perturbs national policy and fuels a cyberwar arms race, resulting in more instability and less security for everyone." 

Shapiro proposes nations agree upon a standard of "cyber norms," and violation of those norms would result in reduced or denied access to the member nations' networks. At least 70% of the survey's respondents said a cyber treaty is necessary moving forward, though 47% said the treaty would take either between 10-20 years or more to develop. 

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell