In our last post we singled out North Korea as a key source of cyber-war action against the United States and other countries. But they are not the only countries that the US is actively engaged with in cyber-space. On January 29, 2019, Daniel Coats, Director of National Intelligence, released a report to the Senate, titled Worldwide Threat Assessment of the US Intelligence Community.
Cybersecurity is only one aspect covered in this report, so if you want all the bad news, I recommend you check out the full report. I will be covering just the cyber aspects of global threat intelligence.
The report states that the use of cyber capabilities by our enemies and global competitors will increase as these countries seek to gain economic, military, and political advantage over the US. Our main adversaries are Russian and China, but North Korea and Iran also are significant threat actors.
China is mostly interested in acquiring scientific and technological information, and military information. They have also been interested in the control of critical infrastructure in the US and other parts of the world. China currently has the ability to disrupt critical infrastructure for several days to several weeks.
Russia is more interested in controlling and influencing the political events, including elections, of the US and it’s allies, as well as the former Soviet bloc nations such as Georgia, the Ukraine, the Baltic states of Latvia, Lithuania and Estonia. Russia has demonstrated the ability to use social networks to drive public opinion in the West and to influence election results. Putin is determined to return Russia to superpower status and is using cyber operations to achieve those ends.
Russia has successfully demonstrated its ability to use cyber attacks against critical infrastructure in the Ukraine in 2015 and 2016. They are developing that capability in the United States. They are also collecting information on NATO policies, military plans and strategies, and technical information.
Iran is also using social networks and online media to influence opinion in areas that align with Iranian political and foreign policy. They have also been establishing abilities in the area of critical infrastructure disruption, and are preparing significant attacks against the US and other western countries.
North Korea appears to be using their cyber capabilities not just for espionage and cyber-warfare, but also as a money making enterprise, by attacking banks and successfully transferring $81 million from a Federal Reserve Bank account of the country of Bangladesh.
Some terrorist organizations have developed rudimentary cyber abilities using publicly available toolkits and exploits.
Foreign based cyber-criminals will continue to use increasingly sophisticated attacks and exploits against US businesses in order to steal, extort, or otherwise transfer funds. Cyberspace is being used more frequently in traditional criminal enterprises including drug trafficking, human trafficking, wildlife poaching, and illegal fishing, mining, and timber operations, Cyber-criminals raked in $600 million in 2017
I have written extensively on this subject before, and there are links to several of my older posts below.
- What Might A Future Cyber-War Look Like?
- A History of Cyber Warfare – Part 1
- A History of Cyber Warfare – Part 2
- A History of Cyber Warfare – Part 3
- When is a Cyber Attack an Act of Cyber War?
- Are The Russians Really Attacking Us?
- Russian Active Measures for the Internet Age.
- A Timeline of Russian Cyber-Exploits