Modern Warfare and the Role of Cyber Resilience

Tensions in the Baltic States and other areas around the globe are providing opportunities for threat actors that span nation-states, organized cybercriminals, domestic violent extremists, and generic “hacktivists” and “script kiddies”.

The current events in that region are a warning signal for business and operational leaders to act in assessing their risk posture, mitigating unacceptable risk, and increasing resiliency for plausible disruptions.

For cybersecurity professionals, this is a “Deja-vu” moment. Cyber warfare (the use of digital attacks against a target, such as an enemy state) has increasingly become an established form of asymmetric pressure even in the absence of military action.

In 2007, a denial-of-service attack was used to disrupt the financial markets and government operations in Estonia over disagreements with Russia. Russia initiated cyber-attacks on both Georgia and Crimea prior to, and during the invasions, both focused on financial institutions. Another attack concentrated on the Ukraine Power Grid, resulting in power outages - for over 230,000 users. This attack, the first publicly acknowledged successful cyber-attack on a power grid, remotely shut off substations, and disabled or destroyed IT infrastructure components.

The effectiveness of these actions prompted military organizations around the world to reconsider the importance of network security to modern military doctrine, and for cyber as an additional “battlespace”.

The Financial Services and Energy Markets are especially at risk in the current environment. Both markets provide stability as the underpinnings of society; banking by enabling commerce and economic trust, and the energy market providing light, heat, and transportation.

We’ve already seen consequences for banks. The current administration has already stated directly that their sanctions plan targets Russian Banks. UniCredit, one of several European banks with significant exposure to Russia, pulled out of potential bid for Russian bank over the Ukraine tensions. Additionally, DDoS attacks are costly for Financial Institutions. The average cost of a DDoS attack on a financial services organization reported to be up to $1.8 million.

From an energy perspective, Europe relies on Russia for around 35% of its natural gas. Europe is having a much colder winter than expected and have experienced a 600% increase in gas prices over the past year with its dependency on Russian natural gas.

Additionally, supply chain attacks can be expected as an extension of offensive disruption operations and are being utilized by advanced adversaries. These attackers often use new techniques and tools that increase the difficulty of detection, and they might leverage multiple attack techniques. Supply chain attacks expand the scope further than typical cyber-attacks.

The recent crisis in Ukraine bears a similarity with past security attacks which necessitates a need to be prepared. To ensure protection and resilience, prudent business and security leaders supporting and managing the infrastructure of these markets should consider the following actions:

1. Validate and fortify the security of your perimeter defenses, inventories of key assets (staff, applications, data, vendors, etc.) and critical points of failure, and reviewing maximum allowable downtime estimates to manage risk exposure. Importantly, ensure segregation of operational Technology (OT) from your mission critical information technology (IT) systems and data resources from the rest of the organization.
2. Run scenario-based simulation tests to prepare and identify any gaps in your security and resiliency plans.
3. Review and enhance your Incident Response and Crisis Management capabilities, recovery and communications plans, and contact lists. Open clear escalation channels to high-risk areas of the business to establish a rapid response capability.
4. Review and confirm agreements for your third-party incident response support by asking questions such as, is your organization guaranteed priority support in the event of widespread problems? Is this documented in your service level agreements? Do you have a backup, or alternate provider?
5. Implement security best practices and guidance provided by security frameworks such as NIST 800-53 and 800-171.

Experience has taught the world that the velocity of cyber-attacks prohibits a “we’ll figure it out when it happens” approach to managing this risk. “Failure to Plan” is not “Planning to Fail” in today’s cyber world; “Failure to Plan” is ensuring failure.