When hackers work for hostile nations, the need for military-grade security grows
They are the mercenaries of the modern day – hackers who carry out crippling cyberattacks on behalf of foreign governments.
And they’re on the rise in an era of increasingly severe and warlike cyberattacks. Last year alone, hackers knocked out a power grid in Ukraine, held hospital IT systems hostage, breached highly sensitive background information on U.S. government employees and contractors, and accessed unclassified email systems of the White House and Joint Chiefs of Staff. Earlier this year, a Chinese businessman pleaded guilty to federal charges that he conspired to steal sensitive technical data about military aircraft.
Hackers for hire – “non-state actors,” in military terms – are among the topics Raytheon’s cybersecurity experts addressed at the Aspen Security Forum, an annual meeting of military leaders, policymakers and industry officials. The company, which sponsored the event, is expanding its commercial cybersecurity business after investing more than $3.5 billion in recent years to develop technology that protects both civil and military government customers from increasingly aggressive hackers.
“They are stealing information. They are extorting funds and crippling systems with ransomware. They are disabling systems with complex attack chains,” said Michael Daly, Raytheon’s chief technology officer for Cybersecurity and Special Missions. “This is affecting U.S. critical infrastructure and other critical infrastructure providers around the world.”
Nation-states still pose the greatest danger, U.S. Cyber Command chief Michael S. Rogers testified before a House panel earlier this year. But cyber privateers pose a dual threat; not only can they do damage, they make it hard to track who’s really behind the attack.
The hacking tactics Daly described are commonly associated with Russian and eastern European cyber operatives, but the U.S. also keeps close watch for non-state actors in China, Iran and North Korea, Rogers said.
“You’re watching nation-states right now create relationships, in many cases, with a much broader range of actors out there than we traditionally had seen,” said Rogers, who is also the director of the National Security Agency. “I think this is in no small part an attempt to obscure what the real originator or director of the activity is.”
The complexity of the problem also means there’s no simple answer, Daly said. But he did point to a set of guidelines the United Nations created to limit non-state actors and get countries cooperating more effectively to prevent international cybercrime.
“Pushing ahead with some of these norms is going to be important – trying to hold countries accountable for organizations operating from within their country,” he said.
He also advocated for companies switching to larger, cloud-based IT systems and security as a service, along with a national “cyber 911” clearinghouse to report attacks to federal authorities, and smarter use of data encryption. While stronger encryption methods such as unrecoverable keys can protect data, they can also keep authorities from accessing crucial forensic evidence – something that may ultimately protect shadowy hackers who strike from afar.
“A pirate used to have to show up on your shores,” he said. “Now they can stay on the other side of the world and still be a pirate.”
This document does not contain Technical Data or Technology controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. E16-7GPM