| |
Countries Shore Up Digital Defenses 04/21 06:06
WASHINGTON (AP) -- Hackers linked to Russia's government launched a
cyberattack last spring against municipal water plants in rural Texas. At one
plant in Muleshoe, population 5,000, water began to overflow. Officials had to
unplug the system and run the plant manually.
The hackers weren't trying to taint the water supply. They didn't ask for a
ransom. Authorities determined the intrusion was designed to test the
vulnerabilities of America's public infrastructure. It was also a warning: In
the 21st century, it takes more than oceans and an army to keep the United
States safe.
A year later, countries around the world are preparing for greater digital
conflict as increasing global tensions and a looming trade war have raised the
stakes -- and the chances that a cyberattack could cause significant economic
damage, disrupt vital public systems, reveal sensitive business or government
secrets, or even escalate into military confrontation.
The confluence of events has national security and cyber experts warning of
heightened cyberthreats and a growing digital arms race as countries look to
defend themselves.
At the same time, President Donald Trump has upended America's digital
defenses by firing the four-star general who led the National Security Agency,
shrinking cybersecurity agencies and slashing election cybersecurity
initiatives.
Businesses now are increasingly concerned about cyberattacks, and
governments have moved to a war footing, according to a report this month by
NCC Group, a British cybersecurity firm.
"The geopolitical dust is still settling," said Verona Johnstone-Hulse, a
London-based expert on government cybersecurity polices and the report's
co-author. "What the new normal looks like is still not yet set."
Many in the U.S. are already calling for a more muscular approach to
protecting the digital frontier.
"Hybrid war is here to stay," said Tom Kellermann, senior vice president of
cyberstrategy at Contrast Security. "We need to stop playing defense -- it's
time to make them play defense."
Digital life means more targets for hackers
Vulnerabilities have grown as people and businesses use connected devices to
count steps, manage finances and operate facilities such as water plants and
ports. Each network and connection is a potential target for foreign
governments or the hacking groups that sometimes do their bidding.
Espionage is one motive, demonstrated in a recent incursion linked to
hackers in China. The campaign known as Salt Typhoon sought to crack the phones
of officials, including Trump, before the 2024 election.
These operations seek entry to sensitive corporate or government systems to
steal secrets or monitor personal communications. Such information can be
hugely valuable by providing advantages in trade negotiations or military
planning. These hackers try to remain hidden for as long as possible.
More obvious intrusions can serve as a warning or deterrent, such as the
cyberattacks targeting the Texas water plants. Iran also has shown a
willingness to use cyberattacks to make political points.
The cyberattacks that frighten experts the most burrow deeply into telephone
or computer networks, inserting backdoors or malware for later use.
National security experts say this was the motivation behind a recent attack
from China called Volt Typhoon that compromised telephone networks in the U.S.
in an effort to gain access to an unknown number of critical systems.
China could potentially use these connections to disable key infrastructure
-- power plants, communication networks, pipelines, hospitals, financial
systems -- as part of a larger conflict or before an invasion of Taiwan,
national security experts said.
"They can position their implants to be activated at a date and time in the
future," said Sonu Shankar, a former researcher at Los Alamos National
Laboratory who is now chief strategy officer at Phosphorus Cybersecurity.
National security officials will not discuss details, but experts
interviewed by The Associated Press said the U.S. no doubt has developed
similar offensive capabilities.
China has rejected U.S. allegations of hacking, accusing America of trying
to " smear " Beijing while conducting its own cyberattacks.
Global tensions tick up
Wars in Ukraine and the Middle East. Trade disputes. Shifting alliances. The
risk of cyberattacks goes up in times of global tension, and experts say that
risk is now at a high.
U.S. adversaries China, Russia, Iran and North Korea also have shown signs
of cybercooperation as they forge tighter economic, military and political
relationships.
Speaking to Congress, Director of National Intelligence Tulsi Gabbard noted
that Iran has supplied drones in exchange for Russian intelligence and
cybercapabilities.
"Russia has been the catalyst for much of this expanded cooperation, driven
heavily by the support it has needed for its war effort against Ukraine,"
Gabbard told lawmakers.
Amid global fears of a trade war after the tariffs that Trump has imposed,
supply chains could be targeted in retaliation. While larger companies may have
a robust cyberteam, small suppliers that lack those resources can give
intruders easy access.
And any tit-for-tat cycles of cyberconflict, in which one country hacks into
a sensitive system as retaliation for an earlier attack, come with "great risk"
for all involved, Shankar said. "It would put them on the path to military
conflict."
The Trump effect
At a time when national security and cybersecurity experts say the U.S.
should be bolstering its defenses, Trump has called for reductions in staffing
and other changes to the agencies that protect American interests in cyberspace.
For example, Trump recently fired Gen. Timothy Haugh, who oversaw the NSA
and the Pentagon's Cyber Command.
The U.S. faces "unprecedented cyber threats," said Virginia Sen. Mark
Warner, the top Democrat on the Senate Intelligence Committee. He has asked the
White House to explain Haugh's departure. "How does firing him make Americans
any safer?" Warner said.
Also under Trump, the U.S. Cybersecurity and Infrastructure Security Agency
placed on leave staffers who worked on election security and cut millions of
dollars in funding for cybersecurity programs for local and state elections.
His administration eliminated the State Department's Global Engagement Center,
which tracked and exposed foreign disinformation online.
The CIA, NSA and other intelligence agencies also have seen reductions in
staffing.
The administration faced more questions over how seriously it takes
cybersecurity after senior officials used the popular messaging app Signal to
discuss sensitive information about upcoming military strikes in Yemen. Gabbard
later called the episode a mistake.
The officials in charge of America's cybersecurity insist Trump's changes
will make the U.S. safer, while getting rid of wasteful spending and confusing
regulations.
The Pentagon, for instance, has invested in efforts to harness artificial
intelligence to improve cyberdefenses, according to a report provided to
Congress by Lt. Gen. William J. Hartman, acting commander of the NSA and Cyber
Command.
The changes at the Cybersecurity and Infrastructure Security Agency come as
its leaders consider how best to execute their mission in alignment with the
administration's priorities, a CISA statement said.
"As America's Cyber Defense Agency, we remain steadfast in our mission to
safeguard the nation's critical infrastructure against all cyber and physical
threats," the statement read. "We will continue to collaborate with our
partners across government, industry, and with international allies to
strengthen global cybersecurity efforts and protect the American people from
foreign adversaries, cybercriminals, and other emerging threats."
Representatives for Gabbard's office and the NSA didn't respond to questions
about how Trump's changes will affect cybersecurity.
Signs of progress?
Despite shifting alliances, a growing consensus about cyberthreats could
prompt greater global cooperation.
More than 20 nations recently signed on to an international framework on the
use of commercial spyware. The U.S. has signaled it will join the nonbinding
agreement.
There's also broad bipartisan agreement in the U.S. about the need to help
private industry bolster defenses.
Federal estimates say the cybersecurity industry needs to hire an additional
500,000 professionals to meet the challenge, said Dean Gefen, former chief of
cybertraining for Israel's Defense Intelligence Technological Unit. He's now
the CEO of NukuDo, a cybersecurity training company.
"Companies need effective guidance from the government -- a playbook," Gefen
said. "What to do, what not to do."
|
|
