www.satellite-evolution.com | January/February 202012

Cybersecurity

Photo courtesy of Shutterstock

A cyber resilient worldCybersecurity is old hat; we all understand why it’s important to protect our data from those with malicious intent,and most people are aware of the large-scale attacks on commercial corporations, governments and defence, andthe need for these groups to protect themselves too. Cyber resiliency, namely built-in resistance to cyber-attacks, isbecoming increasingly prevalent throughout the commercial and government worlds, responding to the ever-growingthreat we face today. Jill Durfee, Technology Correspondent explains.

The level of connectivity available today has completelyrevolutionised the way the world works. From how we manageour banking, utilities and shopping through to socialising,entertainment and travel etc., the world is a very differentplace to the one we lived in just ten years ago. Being able tomanage so many different aspects of our lives online comeswith its own risks though; instead of violent crimes such astheft, consumers are increasingly at risk from cyber criminals,who hack bank accounts and send out phishing emails;likewise, identity thieves no longer have to go dumpster divingfor discarded bank statements, since they can now find allthis information online, with only a small amount of knowledgeand skill.

For the average consumer, it can be a living nightmarefor years to recover from identity theft or hacked bankingdetails. However, the implications for government and defenceare much more severe. Should one piece of data be misplacedor stolen, the ramifications can be extremely wide-reaching,and in some of the more extreme examples, life-threatening

for hundreds or thousands of personnel. Never before inhistory has data security been such a vital aspect of day-to-day operations within government and military spheres.Everything from troop movements, voting systems and thelocation of top-secret materials is at stake.

Of course, one of the biggest challenges in cybersecurityis the rapidly evolving nature of security risks. Simplyspeaking, threats are advancing faster than we can keep upwith, and there is no one-size-fits-all cybersecurity solution.Indeed, effective cybersecurity includes a collection oftechnologies and processes to protect networks,programmes, computers and data from attack or unauthorisedaccess. Both physical and cyber threats must be guardedagainst to ensure the essential delivery of services.Accordingly, governments must focus on all aspects ofcybersecurity, and retain advice and technologies from avariety of vendors. This can lead to complicated systems witha very large number of players working to different levels,leading to confusion and ineffective coverage.

cyber.pmd 14/02/2020, 11:2012

Untitled-1 19/01/2020, 19:521

www.satellite-evolution.com | January/February 202014

Cybersecurity

Cyber-attacks in 2019According to the Centre for Strategic & International Studies(CSIS), 2019 was a big year for digital breaches, with thefollowing highlights reported:

• January: US prosecutors unsealed indictments againstHuawei and its CFO Meng Wanzhou alleging crimesranging from wire and bank fraud to obstruction of justiceand conspiracy to steal trade secrets.

• February: Prior to the Vietnam summit of Kim Jong Unand Donald Trump, North Korean hackers targeted SouthKorean institutions in a phishing campaign usingdocuments related to the diplomatic event as bait; state-sponsored hackers were caught in the early stages ofgaining access to computer systems of several politicalparties as well as the Australian Federal Parliament.

• March: North Korean hackers targeted an Israeli securityfirm as part of an industrial espionage campaign; Russianhackers targeted several European government agenciesahead of EU elections; the UN Security Council reportedthat North Korea had used state-sponsored hacking toevade international sanctions, stealing US$670 million inforeign currency and cryptocurrency in 2015-2018;following an attack on Indian military forces in Kashmir,Pakistani hackers targeted almost 100 Indian governmentwebsites and critical systems - Indian officials reportedthat they engaged in offensive cyber measures to counterthe attacks.

• April: Ukrainian military and government organizationswere targeted as part of a campaign by hackers from theLuhansk People’s Republic, a Russia-backed group thatdeclared independence from Ukraine in 2014; hackersused spoofed email addresses to conduct a disinformationcampaign in Lithuania to discredit the Defense Ministerby spreading rumours of corruption; the Finnish policeprobed a denial of service attack against the web serviceused to publish the vote tallies from Finland’s elections;Iranian hackers reportedly undertook a hacking campaignagainst banks, local government networks, and otherpublic agencies in the UK.

• May: The Israeli Defense Forces launched an airstrikeon the Hamas after a failed attempt to hack Israeli targets.

• June: The US launched offensive cyber operationsagainst Iranian computer systems used to control missile

and rocket launches; Iran announced that it had exposedand helped dismantle an alleged CIA-backed cyberespionage network across multiple countries; governmentorganizations in two Middle Eastern countries weretargeted by Chinese state-sponsored hackers.

• July: Capital One revealed that a hacker accessed dataon 100 million credit card applications, including SocialSecurity and bank account numbers; encrypted emailservice provider ProtonMail was hacked by a state-sponsored group looking to gain access to accounts heldby reporters and former intelligence officials conductinginvestigations of Russian intelligence activities; a Chinesehacking group targeted government agencies acrossEast Asia involved in information technology, foreignaffairs, and economic development; Libya arrested twomen who were accused of working with a Russian trollfarm to influence the elections in several African countries;Croatian government agencies were targeted in a seriesof attacks by unidentified state-sponsored hackers.

• August: China distributed malware to Uyghur populationsusing previously undisclosed exploits for Smartphones;Chinese state-sponsored hackers targeted multiple UScancer institutes to take information relating to cuttingedge cancer research; North Korean hackers conducteda phishingcampaign against foreign affairs officials in atleast three countries, with a focus on those studying NorthKorean nuclear efforts and related international sanctions;Huawei technicians helped government officials in twoAfrican countries track political rivals and accessencrypted communications; the Czech Republicannounced that the country’s Foreign Ministry had beenthe victim of a cyberattack by an unspecified foreign state;networks at several Bahraini government agencies andcritical infrastructure providers were infiltrated by hackerslinked to Iran; Russian hackers used vulnerable IoTdevices like a printer, VOIP phone, and video decoder tobreak into high-value corporate networks; a seven-yearcampaign by an unidentified Spanish-language espionagegroup resulted in the theft of sensitive mapping files fromsenior officials in the Venezuelan Army.

• September: Huawei accused the US government ofhacking into its intranet and internal information systemsto disrupt its business operations.

• October: An Israeli cybersecurity firm sold spyware usedto target senior government and military officials in at least20 countries by exploiting a vulnerability in WhatsApp; astate-sponsored hacking campaign knocked more than2,000 websites offline across Georgia, includinggovernment and cour t websites containing casematerials and personal data; the NSA and GCHQ foundthat a Russian cyberespionagecampaign had used anIranian hacking group’s tools andinfrastructure to spy on Middle Eastern targets; Chinesehackers targeted entities in Germany, Mongolia,Myanmar, Pakistan, and Vietnam, individuals involved inUN Security Council resolutions regarding ISIS, andmembers of religious groups and cultural exchange non-profits in Asia; Iranian hackers conducted a series ofattacks against the Trump campaign, as well as currentand former US Government officials, journalists, andIranians living abroad.Photo courtesy of Shutterstock

cyber.pmd 14/02/2020, 11:2014

Untitled-1 16/02/2020, 18:071

www.satellite-evolution.com | January/February 202016

Cybersecurity

• November: Iranian hackers targeted the accounts ofemployees at major manufacturers and operators ofindustrial control systems.

The common thread amongst the above highlightedstories is one of Chinese and Russian, often state-sponsored,hackers attempting to gain extremely secure information vitalto national security and intellectual property. Of course, manymore countries have also been named as taking part in cyber-attacks last year, and the conflict with Huawei is still yet to beresolved satisfactorily. The nature of the threats – electionrigging, theft of sensitive IP, the dissemination of false news,and out-and-out government and individual espionage – is aparticular concern to us all.

Assessing cyber resiliencyCyber resiliency is becoming an increasingly important topicwhen it comes to the cybersecurity environment, particularlywithin the government and defence sectors. With resiliencybuilt-in, more attention can be focused on the more skilledand high-threat attacks, while less serious or well-plannedattacks are naturally rebuffed.

Indeed, the US Government in particular is renewing itsfocus on cyber resiliency, particularly on the weapons front,with the 2016 National Defense Authorization Act requiringall weapons to start to be assessed for cyber vulnerabilities.While thousands of companies across the world holdcompetency and even excellency in protecting computersand networks from cyber-attacks, there are in fact very fewequipped with the expertise to perform the same task incomplex weapons systems. In line with this act, Raytheonhas won contracts to find and fix cyber vulnerabilities in theUS Air Force’s F-15 fighter and C-130 transport fleets,although much about the deal remains confidential.

Another entity working with the US Government on cyberresiliency is Lockheed Martin, which in August 2019 piloteda first-of-its-kind model that standardizes how to measurethe cyber resiliency maturity of a weapon, mission, and/ortraining system anywhere in its lifecycle – the CyberResiliency Level model (CRL). Cyber resiliency, the ability toanticipate, withstand, recover from and adapt to changingconditions in order to maintain the functions necessary formission effective capability, has until now lacked a commonmethod for its discussion and assessment.

To apply the model, engineers work with US and alliedmilitary program stakeholders on a series of risk andengineering assessments. The CRL provides increasedvisibility into the current state of risk and produces acustomized, risk-mitigation roadmap that shows how toincrease a system's CRL to a more desirable level.

“Today's software-based military systems and a globalsupply chain make securing military systems a complexproblem to solve,” said Jim Keffer, Director of Cyber, LockheedMartin Government Affairs. “With the CRL, we can nowleverage existing risk management frameworks to effectivelymeasure and communicate resiliency across six categorieswe know are important to our customers. The release of thismodel builds on Lockheed Martin's enduring commitment tomission assurance and will ultimately help the warfighteroperate in cyber-contested environments.”

A secure futureCybersecurity has never been as important as it is today.With attacks becoming increasingly sophisticated, and thenumber of hackers, particularly state-sponsored, growing atan alarming rate, the threat level is on the rise. The physicalbattlefield is now just one aspect of the warfighting arena,with digital playing an increasingly significant role in a nation’sdomain.

Malicious attacks on government and defence sectors,as well as on commercially sensitive private entities, aregrowing into a larger challenge than any time before in history.While training and new cybersecurity tools are on the up inalmost very sector, intruders too are getting to grips with newtools and techniques for causing havoc.

Increasingly, networks, systems and software are beingdesigned with cyber resiliency built in, while older hardware,such as vessels, tanks and aircraft, are having assessmentsand fixes being built in ad hoc. Accordingly, prices are on therise and demand is booming; great news for commercialentities operating in the cybersecurity sphere, but not so goodfor those governments who have to find increasingly largeamounts of funds.Photo courtesy of Shutterstock/Titima Ongkantong

cyber.pmd 14/02/2020, 11:2016

Untitled-1 15/02/2020, 16:051