State-sponsored cyber attacks have become more prominent than ever, with espionage and the influence of internal affairs leading the way

State-sponsored hack attacks are only going to continue and are not something that can be stopped, according to GCHQ’s former deputy director for intelligence and cyber

operations.

Speaking at a NetEvents media showcase in London earlier this month, Brian Lord, OBE, outlined how countries will continue to develop their cyber espionage activities, especially with industrial targets in mind.

The issue has become an extremely prominent one in cyber security circles in recent times as Government-sponsored attacks appear to be on the rise.

For example, GCHQ’s National Cyber Security Centre (NCSC) recently warned the UK is being bombarded by dozens of serious cyber-attacks each month and just the week US authorities blamed the North Korean government for carrying out multiple attacks on business and infrastructure since 2009.

Cyber warfare

Lord started by warning that pretty much all states at the moment are looking at how they can weaponise the digital world and turn it to their advantage, whether to inflict damage or as part of espionage campaigns; this isn’t anything new when you look back at human history.

However, despite the prevalence of attacks, he asserted that the situation isn’t quite as bad as we all might think.

“Being able to develop coherent, coordinated attacks against critical national infrastructure in a way which delivers a very specific sustainable effect is extremely difficult to do,” he said.

“It’s extremely expensive to do and it involves a huge amount of effort and we need to put that into perspective. There are a few examples of very, very focused activities which have taken several years to develop in order to deliver an effect. But the general view at the moment that states have the ability to act randomly, take down critical national infrastructure in a meaningful way, is not the position.”

He cited the attacks on the Ukraninan power grid and French television network TV5 Monde in 2015 as examples of exploits gained a lot of coverage, but could be views as relative small-fry when compared to the bigger picture of what is possible.

The real area governments should be concerned about, Lord suggested, is the ability of hackers to “influence the internal affairs of other nations.”

Again, such activity is nothing new, but became more prominent than ever after America’s 2016 Presidential election, which is widely believed to have been subjected to tampering by Russian cyber criminals.

Unfortunately, Lord doesn’t believe there is a way to stop it from happening: “The use of cyber, the use of online capability, the use of false news, the use of disinformation is a tool as old as the hills. We just have to be able to recognise that, we have to be able to make sure that the public understands how to identify it and we have to make sure we understand how to report it.

“We will not stop it from happening, we will not stop it from happening because it is state activity and believe me, the Russians are not the only nation in the world to try and manipulate the internal affairs of other countries. All states do it, they always have done it and they always will do it.”

Espionage

Another area of nation-state activity that is growing rapidly is cyber espionage, which has moved from targeting areas such as defence, foreign policy and intelligence agencies to industrial and commercial organisations..

“The ability to be able to extract information in large scales, the ability to be able to take information, store it, index it, search it without ever having to read it all in its totality has changed the dimension of state espionage. Therefore, states now are focusing their intelligence gathering efforts because they can and they have the resources and capability to do so around economic targets.

“So industrial targets are far more than they ever have been subject to state attack. Large contractual deals, large merger and acquisitions data, large commercial data, product IP, all of this is now regularly taken from corporate systems and stored to use for national economic effect.

There is a gradual change around the general acceptance of this activity and that is an area that we probably need to track quite carefully.”

All in all there’s a lot for security agencies to be concerned about and, if such attacks can’t be stopped entirely, the focus has to go to minimising their potential damage as much as possible.