The cyber-war between nation states is just getting started, a geopolitical cybersecurity analyst has warned as US president Barack Obama weighs a response to Russian election hacking that will increase tensions on the global cybersecurity landscape inherited by successor Donald Trump.
That hacking was an “interesting test” of national cyber capabilities that had so far elicited a "pretty benign” response from the US, president of FireEye’s iSIGHT threat-intelligence operations John Watters told CSO Australia.
But the situation was guaranteed to escalate, he added, as the inevitable response pushed both sides to draw on cybersecurity weaponry that had so far been designed and tested in secret.
“In cyber we’ve never seen anything go backwards,” he said. “When you see something being used successfully from one group another – whether a hacktivist against a target, or a nation-state against another – you always see an extension of it that builds on itself in terms of complexity and preparation.”
Any response by the Obama or Trump administrations would likely comprise a variety of actions across a range of stages – ranging from a straight-out compromise and publication of email information; to the exploitation of that information to create “an even worse scenario for the victim” through a misinformation campaign; to a complete takeover of the target’s online persona.
This last step could have geopolitical implications “even though it’s completely false”, Watters said, noting that misinformation was a classic aspect of geopolitik that had become even more insidious when it leveraged the Internet’s massive economy of scale.
Such techniques have been credited with throwing off the result of the US election by planting a broad range of misinformation that was intermingled with legitimate news reports, smearing losing candidate Hillary Clinton and pushing some marginal electorates towards eventual winner Trump.
Obama ordered a review of the hacking activity earlier this month, vowing to punish Russia for its role, which Russian president Vladimir Putin has strenuously denied. The US is said to be weighing sanctions as a punishment and US legislators are pushing for a government investigation, although Obama – who has previously feted US cybersupremacy but remained wary of creating a ‘cycle of escalation’ – has also suggested that the response will also include covert and overt cybersecurity activities, often based on tweaking previously successful attacks.
“The capabilities you’re seeing today were likely available and in the arsenals of different actors and adversaries five years ago,” Watters said. “I would submit that the capabilities that the more sophisticated countries in the world are years ahead of what you’re seeing in public.”
“We have to recognise the trajectory we’re on in this cyber-misinformation world and this almost cyber-anarchy we’re living in,” Watters said. “There has been such an investment in cyber-offensive capabilities in the last decade that it’s hard to imagine what they can really do.”
The world could expect a broad range of activities in coming years, ranging from misinformation to DDoS campaigns to more-destructive techniques such as the infrastructure attacks targeted against Ukranian power companies and Japanese infrastructure.
Deliberate infrastructure attacks would represent an escalation of past cybersecurity activities but an empowered President Trump may “be less concerned with third and fourth-level attacks,” Watters predicted.
“People don’t really know what to expect under him, but if his words are any indication, he’s going to be less introspective and consequence focused when he makes these decisions on behalf of the country.”
With misinformation campaigns likely to become more common – and misattribution campaigns used to obfuscate identities online – economic sanctions were a likely consequence of retaliatory or pre-emptive actions, Watters said while warning that the geopolitical landscape could quickly heat up once attribution was definitively established.
“Unless they work hard to build a wall of segmentation between the country and the alias that they’re using, attribution is still very achievable,” he said.
“In my view, 2017 will be probably the most newsworthy year to date in terms of the proliferation of cyber activity to shape political objectives. But for someone to show enough information to convince the public [of an attacker’s identity], they will have to release information they don’t want to. It’s going to be an interesting year.”