![Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]](https://assets.crowdstrike.com/is/image/crowdstrikeinc/video-ATTCK2-1)
![Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]](https://assets.crowdstrike.com/is/image/crowdstrikeinc/Edward-Gonam-Qatar-Blog2-1)
![Endpoint Protection and Threat Intelligence: The Way Forward [VIDEO]](https://assets.crowdstrike.com/is/image/crowdstrikeinc/GK-Blog_Images-1)
In a recent article on LinkedIn titled, “Addressing The Third Generation of Cyber Conflict,” CrowdStrike CTO and Co-founder Dmitri Alperovitch offers his analysis of the evolution of cyber conflict, dividing it into three phases. The first phase began in the mid 1980s shortly after the dawn of the Internet – called ARPANET at the time. This phase was perpetrated by the clash of Cold War superpowers, sometimes aided by NATO and Warsaw Pact allies. These early actors targeted each other’s military and government networks with the goal of espionage.
The second phase, which started in the late 1990s and continued throughout the 2000s, saw an enormous increase in threat actors engaged in financially-motivated crimes targeting consumers and businesses. At the same time, nation-states such as China, North Korea and Iran began developing their own cyber operations, targeting the intellectual properties and trade secrets of Western companies.
Today’s Cyber Conflict: Phase Three
The majority of Alperovitch’s article focuses on the third phase of cyber conflict in which we are now engaged. He writes that it’s an environment where “revisionist and rogue powers have evolved their cyber doctrines beyond simple theft of data to incorporate the full range of coercive, disruptive, and destructive offensive operations against public and private critical infrastructure, as well as influence operations to target the social fabric of Western societies.” The “destructive offensive operations” he cites include the following:- The 2017 global WannaCry attack: It caused outages in U.S. and European corporate and government networks and was attributed to North Korea. Alperovitch writes, “Ironically, (WannaCry) used stolen and publicly released NSA cyber weapons to increase the disruptive power of this attack.”
- A wave of attacks on Ukrainian critical infrastructure that began in 2014: This includes the cyber takedown of the Western Ukrainian electric grid for several hours in 2015.
- The Stuxnet attack discovered in 2010: The U.S. and Israel were publicly claimed to have been responsible for this attack on the Iranian nuclear enrichment facility.
Recommendations
On what can be done to stop this out-of-control escalation the author writes, “Effective solutions require action from both government and the private sector to stem further conflict.” He goes on to provide several steps that government and private sector organizations can take to stop the onslaught of increasingly damaging cyberattacks. The following is a summary of his recommendations:What Governments Can Do
Governments need to hold adversaries accountable. Alperovitch writes, “In the absence of effective deterrence in this field, governments are in effect encouraging more innovation andboldness on the part of our enemies.” On the positive side, he states that the ability to identify perpetrators of most intrusions has improved — for both government and private sector entities. This is supported by the fact that in recent years, almost every significant attack has been attributed. However, he stresses that attribution alone is not enough. There needs to be punitive action taken against identified threat actors, but he warns that action should not be limited to cyber retaliation, which can often be the least effective measure. He advises, “Instead, all toolkits of national power — from law enforcement, diplomacy, economic sanctions, to military solutions — should be on the table to pressure rogue regimes into compliance with acceptable norms of cyber behavior.”
