Cyber-attacks take many forms, from cybercrime, to hacktivism, to cyber warfare, and espionage. We’re all used to hearing about phishing attacks and the threat of malware, but organized cyber-attacks perpetrated by groups with political motivations, and sometimes affiliated with foreign governments, are on the rise, and they could represent a much graver threat.
Major concerns about the threat of state-sponsored cyber-attacks on U.S. military and infrastructure have been raised repeatedly long before Syria came to the headlines. Earlier this summer the Pentagon once again accused the Chinese government and military of targeting U.S. gov computer systems. The Homeland Security Policy Institute released a report in March about the threat from China, Russia, and Iran.
Is Syria a Serious Threat?
There are fears that attacks originating in the Middle East could cause serious problems. A well-known group of pro-government hackers called the Syrian Electronic Army (SEA) has aligned itself with Syrian President Bashar al-Assad. In the last two months alone the SEA has successfully attacked The New York Times, Huffington Post, and Twitter, not to mention the main recruiting site for the US Marine Corps.
Arguably the group’s greatest success so far was to hack the Associated Press Twitter account and suggest that two explosions at the White House had injured Barack Obama. Reuters estimated that the single bogus tweet wiped out $136.5 billion of the S&P 500 index’s value before markets recovered with the news that the report was bogus.
U.S. Businesses Should Prepare
No doubt the Department of Homeland Security deals with countless attacks on a daily basis, but as the outgoing secretary Janet Napolitano stated in her speech earlier this month, “While we have built systems, protections and a framework to identify attacks and intrusions, share information with the private sector and across the government, and develop plans and capabilities to mitigate the damage, more must be done, and must be done quickly.”
The idea that the U.S. government is the main target of cyber-attacks is a popular misconception.
Looking beyond infrastructure and military targets, banks and financial institutions, other businesses, both big and small, must be on guard. Cyber-attacks can come in many forms and because organizations are often interconnected in complex ways, the target may seem unlikely, but could just serve as a penetration point.
Like water, the attackers will probe the defenses and identify the point of least resistance where they can flow in.
Finding a Level Playing Field
While there’s no doubt that Syria is grossly outgunned by the U.S. in military terms, cyber-attacks are a low-cost alternative to traditional warfare. This Bloomberg report highlights some of the concerns, and includes a pertinent quote from former secretary of the Department of Homeland Security, Michael Chertoff, who said, “The line between national security and private security is eroding.”
‘The Enemy of My Enemy is My Friend’
The fact that cyber-attacks so far have come from the SEA, which is separate from the Syrian authorities, is revealing. As this report from The National Interest suggests, Syria’s cyber warfare capabilities are very limited right now and they are being carefully monitored. The fear is that there’s a real chance that hackers from Iran, North Korea, Russia, or China, could share data or manpower with Syria to enable more serious cyber-attacks to take place.
If the U.S. presses ahead with action against Syria in the face of opposition from allies like Russia and Iran, then the likelihood of Syria being assisted with cyber-attacks is undeniably high. Iran has already stated that there will be reprisals.
Time to Improve Security
Vast sums of money have been spent on safeguarding the power grid, water and chemical works, transit systems, and military installations. Banks and other financial institutions have also been taking steps to counter the threat, but the majority of other businesses are woefully unprepared. Kaspersky’s report on Global Corporate IT Security Risks for 2013 found that only around 40% of companies surveyed felt that enough time and budget was available for them to develop and implement IT security policies.
No one knows for sure when the cyber-attacks will occur, or which organizations will be targeted, but we can be confident that the threat is growing.
By Michelle Drolet, founder and CEO, Towerwall
Special to Wired Innovation Insights
This article was recently published in Wired Innovation Insights