Have Cyberattacks Become Nation-State Attacks?

Post-OPM Breach: Closing Today’s Federal Security Gaps

Is this what cyber war will look like?

Reports are saying that several major breaches, including at Anthem, the U.S. government’s Office of Personnel Management (OPM) and United Airlines, which was just recently revealed, were all most likely conducted by the same Chinese cyberespionage group. All of the breaches involved the compromise of personally identifiable information (PII) of customers, employees and/or contractors, but as an eWeek article pointed out, this could be a way for one government to spy or gain advantage over another government or country. Paul Kurtz, CEO of TruSTAR Technologies and a former White House cybersecurity advisor, told the publication:

We know that adversaries typically use a common command-and-control infrastructure to attack multiple companies across many sectors of the economy. Given what we’ve seen, it’s not too shocking to learn about other breaches involving the same adversaries.

Monzy Merza, chief security evangelist of Splunk, told me in an email that the alleged connection between these three particular attacks points to a new, larger trend in cyber war:

More and more foreign governments are being connected to cyberattacks against private corporations in order to gain strategic advantage and influence important outcomes. This is uncharted territory from a policy perspective. We can expect to see an escalation of these types of attacks across the globe. Mitigating these attacks will take greater visibility into organizational infrastructure and a policy component designed to deal with this evolving cyber war landscape.

This news comes out at the same time that a new study by Vormetric found that the vast majority of Americans—a whopping 92 percent—think the government needs to take action after a nation-state cyberattack. SecurityWeek reported on the research and added:

Of the 1,026 people who took part in the survey, 45 percent believe the president should initiate diplomatic talks to prevent future data breaches. Roughly one third of respondents want trade sanctions to be imposed on the offending country’s goods. Diplomatic sanctions on the attacking country’s government officials located in the United States are an action preferred by 31 percent of respondents.

It’s clear that Americans are growing weary (and wary) of cyberattacks, and they want to see action taken. As Kurtz explained in an email comment to me, it has become imperative that we share actionable incident reporting more systematically and collaborate to defend against hackers:

If security teams work together the way scientists come together to collectively find cures and manage health risks, we would have a better chance of stopping cascading attacks across multiple sectors. Current security practice is seeking to improve the security of the enterprises individually, while the bad guys have perfected the art of sharing exploits and vulnerabilities immediately for nefarious purposes. There must be a new paradigm of enabling the good guys to share and collaborate in addition to continuing to improve enterprise security.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba