Addressing State Actors involved in Cyber Crime...
Nobody said security was ever easy as the Ukraine-Russia war has proven beyond any shadow of a doubt. Cybersecurity has and will continue to be a battle of wit, intelligence and strategy between the attackers fueling a multi-billion dollar criminal industry and those who oppose the online plundering of their own resources online. This 'cyber war' was the topic of much discussion when I attended Firstcon22 noting this world war is already online where security threats and responses echo across the world wide web. So, with numerous regional security bodies set up to address cyber security such as ENISA and ASEAN, along with numerous global bodies such as United Nations Internet Governance Forum, why do these bodies not provide an effective process for the resolution of grievances arising from cyber-attacks executed by identified threat actors?
In my view, the failure of words to ease instilled fears is the only real reason we go to war and the same holds true when it comes to international cyber security. If a nation-state weaponises a hacking tool like Cobolt Strike and mounts cyber attacks on state and/or non-state targets to advance their interests, we know we have the expertise to accurately identify the source of the attack after dealing with its immediate effects. It's what happens afterwards that concerns me as the lack of understanding of how prolific these attacks are over time seems to be misunderstood by those in a public leadership role. The financial and operational cost that these attacks cause to targeted businesses and nation-states alike should never be underestimated. This is why I would like to see the great work security researchers do in identifying the source of these attacks fed into a public response process, which is accessible at least by region around the world. Whether it's a regional or national body lodging a protest and seeking a resolution to their grievances, they should be heard by an international body that has the support of all nations and cannot be vetoed by the few. Of course, management of what it can do in terms of grievance presentation and right to a response by the accused must be in its mandate along with carefully thought out judgement rights around what it can do afterwards. This carefully crafted set of powers could narrowly take on the grievance, validate it and offer the accused a right of reply. If this international body's processing of a lodged protest in a hearing was publically accessible, even the most restricted version of such a body could provide real benefit to our communal future. Getting into the public domain on a global level the summary facts validated around a cyber attack would be a huge benefit. Managed social media channels for this distribution in addition to everything else would extend reach in a meaningful way. This in addition to following up with recommendations of what it thinks as an expert cyber/governance body would mitigate the risk of reoccurrence is adding meaningful value to the process. General awareness effectively circulated at a global level has a longer-term benefit for the average internet user, which will empower a better range of actions other bodies can take on a regional and national basis based on the expert and respected outcome of this body.
Regardless of what form it may take, the requirement to a global body to get these identified bad actors onto the global stage, present their wrongdoing and give them an option to respond is a critical requirement as world tensions continue to rise to hamper international cooperation on a global scale. We cannot ignore the quick march of technology ahead of understanding any longer and need to provide a voice for the cybersecurity industry to tell the world where the threats are and how to fix them. Education and awareness reduce the power of bad actors and empower good actors to be safer in their cyber lives. This can range from good internet practices to where cyber attacks are coming from and what their governments could do about it. Stay tuned for more on infrastructure in this blog along with articles on other areas of interest in the writing and DevOps arenas. To not miss out on any updates on my availability, tips on related areas or anything of interest to all, sign up for one of my newsletters in the footer of any page on Maolte. I look forward to us becoming penpals.