CrowdStrike CTO: The Third Phase of Cyber Conflict and How to Address It

In a recent article on LinkedIn titled, “Addressing The Third Generation of Cyber Conflict,” CrowdStrike CTO and Co-founder Dmitri Alperovitch offers his analysis of the evolution of cyber conflict, dividing it into three phases. The first phase began in the mid 1980s shortly after the dawn of the Internet – called ARPANET at the time. This phase was perpetrated by the clash of Cold War superpowers, sometimes aided by NATO and Warsaw Pact allies. These early actors targeted each other’s military and government networks with the goal of espionage. The second phase, which started in the late 1990s and continued throughout the 2000s, saw an enormous increase in threat actors engaged in financially-motivated crimes targeting consumers and businesses. At the same time, nation-states such as China, North Korea and Iran began developing their own cyber operations, targeting the intellectual properties and trade secrets of Western companies.

Today’s Cyber Conflict: Phase Three

The majority of Alperovitch’s article focuses on the third phase of cyber conflict in which we are now engaged. He writes that it’s an environment where “revisionist and rogue powers have evolved their cyber doctrines beyond simple theft of data to incorporate the full range of coercive, disruptive, and destructive offensive operations against public and private critical infrastructure, as well as influence operations to target the social fabric of Western societies.” The “destructive offensive operations” he cites include the following:
  • The 2017 global WannaCry attack: It caused outages in U.S. and European corporate and government networks and was attributed to North Korea. Alperovitch writes, “Ironically, (WannaCry) used stolen and publicly released NSA cyber weapons to increase the disruptive power of this attack.”
  • A wave of attacks on Ukrainian critical infrastructure that began in 2014: This includes the cyber takedown of the Western Ukrainian electric grid for several hours in 2015.
  • The Stuxnet attack discovered in 2010: The U.S. and Israel were publicly claimed to have been responsible for this attack on the Iranian nuclear enrichment facility.

Recommendations

On what can be done to stop this out-of-control escalation the author writes, “Effective solutions require action from both government and the private sector to stem further conflict.” He goes on to provide several steps that government and private sector organizations can take to stop the onslaught of increasingly damaging cyberattacks. The following is a summary of his recommendations:

What Governments Can Do

Governments need to hold adversaries accountable. Alperovitch writes, “In the absence of effective deterrence in this field, governments are in effect encouraging more innovation and

 

boldness on the part of our enemies.” On the positive side, he states that the ability to identify perpetrators of most intrusions has improved — for both government and private sector entities. This is supported by the fact that in recent years, almost every significant attack has been attributed. However, he stresses that attribution alone is not enough. There needs to be punitive action taken against identified threat actors, but he warns that action should not be limited to cyber retaliation, which can often be the least effective measure. He advises, “Instead, all toolkits of national power — from law enforcement, diplomacy, economic sanctions, to military solutions — should be on the table to pressure rogue regimes into compliance with acceptable norms of cyber behavior.”

What the Private Sector Can Do

First, companies and individuals need to ensure that their security strategies are robust enough to address the modern threats they face. However, Alperovitch warns, “A primary point of departure is the acknowledgment that it is impossible to stop every attacker from being able to enter target networks.” Instead of focusing solely on defending the perimeter, he advises that organizations should adopt a security model that includes “speed and agility to react within networks — that is, hunting for attackers on our networks and discovering and ejecting them quickly before they can do any harm.” In order to achieve this, organizations should seek technologies that are cloud-based and include artificial intelligence. Alperovitch concludes by emphasizing that procrastination in implementing these recommendations should not be an option. He writes, “It is imperative that governments and companies start taking on these important actions before we find ourselves in the fourth generation of cyber conflict, which history tells us is unlikely to make the world any safer.” Read the entire article Learn more about CrowdStrike Falcon® next-generation endpoint protection.