According to a recent study by HP, from 2017 to 2020 the frequency of state-sponsored cyberattacks doubled, with an average of 10 publicly attributed cyberattacks per month in 2020. Over the last few years, the rate and sophistication of cyber incidents has increased sharply. For state actors, the cyber domain is fast becoming the weapon of choice and is a “ short of war” means to pressure other governments, manage conflict, impose costs on leaders and project national power. The Rise of State-Sponsored HackingĬyberspace is now a strategic domain as states use cyber tactics to conduct stealth attacks on rivals and target private industry for espionage and commercial gain, helping to level the geopolitical playing field. While essential for 21st-century economies, the proliferation and integration information and communication technologies (ICT) further expands the attack surface, requiring more agile and sophisticated defenses. Rapidly evolving cyber capabilities, declining costs and relatively low barriers to entry have made the digital weapons increasingly accessible and powerful tools, and a force-equalizer among state and non-state actors. To date, however, these efforts have demonstrably failed to deter attacks, hold bad actors accountable or sufficiently protect citizens. In 2016, the North Atlantic Treaty Organization (NATO) similarly recognized the growing risks to international security, identified cyberspace as an operational domain and expressed the need for member states to bolster their cyber defense of national infrastructure. Amid these attacks, then-US Defense Secretary Leon Panetta sounded the alarm over the potential for a “ cyber Pearl Harbor” on critical infrastructure.Īs threats to governments and private industry spread across borders, the UN’s Group of Governmental Experts (GGE) on Information Security called in 20 for the application of international law in cyberspace, including voluntary norms of responsible state behavior, state sovereignty, and the protection of human rights and fundamental freedoms, to which all members of the UN General Assembly agreed. By 2014, North Korea joined in the cyber arms race with a hack into Sony Pictures that caused as much as $35 million in damages. Two years after Iran learned of Stuxnet, it initiated its own cyberattacks, first against the world’s largest oil company Saudi Aramco, in which hackers destroyed data on 30,000 computers, and later on American banks, causing millions of dollars in lost business. Although no one has claimed responsibility for Stuxnet, it possesses the signature of a state operation with cybersecurity experts linking its origin to US and Israeli intelligence. Since then, malicious actors have used and modified the Stuxnet code to attack a range of targets, including water treatment plants, power plants and gas lines. While its impact was primarily contained to Iran’s nuclear facility, the high-profile attack demonstrated how nations can weaponize cyber tools to wreak havoc not only on computers and servers, but on critical infrastructure and government facilities to achieve foreign policy objectives. Stuxnet, a cyber operation that targeted gas centrifuges used in Iran’s uranium enrichment program in Natanz, launched a global cyber arms race when it became public in 2010. Cyberattacks have occurred for decades, but the Stuxnet incident marked a pivotal moment in cybersecurity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |