As technology has become more sophisticated, the battlefield has shifted increasingly from the physical to the digital. With cyber war now being fought on a global scale, there is more onus than ever on security, and too many organisations (and governments) are failing to take the threat as seriously as they ought, especially when it comes to defending critical infrastructure.
When it comes to cyber attacks against critical infrastructure, we aren’t just talking about accessing an organisation’s sensitive data, but literally shutting down cities, financial systems or water supplies, to name just a few possibilities.
The scope of the threat is only likely to grow as we continue down the path of digitalisation. It is no longer enough to defend and react if you are breached. Taking a ‘bad-guy’ approach is a massive step forward when tackling attackers in the world of cyber espionage.
Espionage is a critical thread in the fabric of policy decisions. Every nation spies, from the global superpowers to tiny island nations. Learning what your adversaries and friends will do before they act presents a critical advantage to any society. Traditional spying evolved to meet the rapid increase in the affordability and near instant exchange of information using the Internet.
Spies also needed to evolve to steal information from databases, where before they primarily recruited sources to abscond with paper secrets. As espionage evolved, spies necessarily became hackers. During this evolution, nation states realised that the near anonymity of cyber espionage launched from a virtual and borderless world made it easy to attack.
If information is the true global currency, a country like China or Russia can improve its economy by stealing trade secrets, intellectual property or pre-launch business decisions that affect global markets.
Today, cyber espionage is booming. Nation states recruit computer programmers, engineers and scientists into military and intelligence agency hacking clusters that are well-funded, provided with cutting edge equipment and operate with a high degree of deniability because of the difficulty to attribute attacks.
They are able to leverage traditional espionage trade craft to launch cyber attacks that compromise targets and steal information, often without the targeted group knowing for years.
As cyber espionage continues to swirl in the public’s consciousness, it is critically important that our leaders take the threat of a cyber attack against our critical infrastructure seriously. To date, we’ve really only heard lip service when it comes to cyber security.
A very real fear is that cyber security will become a highly politicised issue and nothing will get done. As lawmakers battle for power in Washington, our adversaries will continue to covertly uncover secrets and, when the time is right, launch an attack that has widespread effects. If we wait until such an attack occurs before preparing, we not only risk falling behind as a global superpower, but also human lives.