The cyber attacks of the future may be hard to spot, and nations may fight over fiber.
In recent weeks, the digital security discussion has been focused on a certain fruit-flavored company’s public battle with a three-letter agency.
But Kaspersky Principal Security Analyst Vicente Diaz is considering the far larger, and far more complicated, fights that nations might carry on in the digital world.
You Don’t Need StuxnetIn his presentation at RSA, Diaz made a distinction between three kinds of attacks.
The first were exotic attacks, developed and deployed at great expense by nation states.
Think Stuxnet, the complex malware allegedly developed by the U.S. and Israel to physically disable Iranian nuclear enrichment machinery.
The second were so-called “middle-class” attacks, which are assembled by knowledgeable teams of hackers.
The third category encompassed all other attacks, usually carried out by individuals with little to no technical knowledge, who purchase malicious payloads and delivery mechanisms from the digital black market.The problem with complicated nation-state campaigns like Stuxnet is that they make attribution easier. When it comes to determining who is capable of developing and deploying such an attack, “the list of countries is very short,” said Diaz.
In the future, Diaz predicted that nation states will move away from exotic attacks and focus on middle-class attacks that are as simple and stealth as possible.
“Now you don’t need to develop Stuxnet-like malware just to attack,” said Diaz. “Ukraine was attacked by BlackEnergy, which is not in the same league as Stuxnet.”
The key is obtaining the physical and digital infrastructure, like the cable that connects the global Internet. “It’s good for cyber espionage but also good for attacking an adversary,” said Diaz. “You can use it in an offensive way, or you can use it to get information from the people who are using this infrastructure.” As an example, Diaz said that if you control the Internet infrastructure, you can simply snatch passing data rather than having to target specific devices.This approach sounds similar to the one used by the NSA in its massive data collection operations exposed by Edward Snowden, which used the position of the United States Internet infrastructure to intercept data traveling around the world.
The Fight for Digital TerritoryDiaz believes that the importance of Internet infrastructure will spark conflict between nations. “Control over physical infrastructure is where the next big battles will happen,” he said. He pointed to efforts made by Brazil to construct its own trans-Atlantic Internet connection and efforts within Europe to foster the development of Internet business and infrastructure within national borders.
Conflicts over control of the Internet could take many forms, and need not be offensive.
Instead, countries might form alliances to create spheres of influence over the Internet.
For example, Diaz pointed to a diplomatic agreement between the U.S. and China, where the two countries agreed not engage in cyber attacks for financial gain.
Diaz said this agreement was an example of one such alliance, and hinted that it would have wide-ranging consequences. “Obviously these alleged attacks will probably move to some other country because they still need to get this data,” he said.
Digital resources are already playing a role in warfare and politics.
This week saw confirmation from the Department of Defense that the U.S. was bringing cyber capabilities to bear against ISIS.
Also speaking at the RSA conference, Secretary of Defense Ashton Carter declined to go into specifics about these operations, but said they were focused on disrupting ISIS’s command and communications capabilities.
What Diaz is describing is more like the groundwork for larger operations.
It’s also a shift in how diplomacy, as well as warfare, will be carried out since the fiber traveling through a stretch of land (or ocean) may be as a valuable as the land, its people, or its resources to a nation state developing its cyber capabilities.
But perhaps the most important point is Diaz’s prediction that attacks will simplify, rather than increase, in complexity.
If Diaz is correct, then the kind of cyber attack that worries NSA Director Rogers might be indistinguishable from the everyday work of a hacker and nearly impossible to spot.