According to Lt General Kevin McLaughlin, former Deputy Commander of U.S. Cyber Command who attended this round table, the last decade has seen a rapid increase in hostile attacks from states such as China, Iran, North Korea and Russia. In his own words,

We are engaged in global warfare that involves persistent and corrosive attacks that will last for decades.

The use of malicious software such as WannaCry has caused western governments to heighten defences and support private sector organisations in the constant fight against such criminal activity.

But the current situation may only get worse with the widespread adoption of new technologies such as Sensors and IoT, public cloud, 5G, autonomous vehicles and connected buildings. Rogue operators are constantly testing our defences as the ‘attack surface’ expands into civilian as well as corporate life. Russia has now established itself as the Super Power of Crime. Iran is piling all its resources into a concentrated attack on Israel and Saudi Arabia. These states employ cyber-criminal teams to conduct much of their work and such governments are prepared to invest billions of dollars to achieve their disruptive goals.

To discuss these developments the round table focused on the UK public sector.  However much of the dialogue and its conclusions are as relevant to private sector organisations as public bodies. Here is a summary of the discussion that took place.

Intelligence by design

Many of the delegates attending the round table are engaged in infrastructure and workplace modernisation, enabled by recent advances in technologies such as Sensors/IoT in the case of Smart Metering (as deployed by the Department of Energy) and public cloud in the case of digital workspace (relating to major projects in the Department of International Development).

The consensus amongst these executives is that security and related cyber defences must be an integral part of the design process. This has been the case in the UK smart metering programme where some 16 million homes have been equipped with intelligent devices. Security has been designed into the end-points (the sensors) rather than the public networks that connect them to energy companies. This makes penetration more difficult, but not impossible given that the Chinese supply the sensors.

Much concern was voiced about similar developments taking place in the deployment of Building Information Management (BIM) systems which now assist in the design, build and operate of all government buildings. Such information could provide criminals with detailed plans and occupancy patterns of such facilities, enabling them to shut down vital assets. The prospect of connected homes, cars and cities offers further opportunity for criminal activity. In the words of one delegate “imagine sitting in an autonomous car that has just received a signal to advance to 100 mph”.

Use of Intelligence to combat Cyber Crime

Much of Cyber defence has been reactive to date – responding to attacks such as the NHS, Target and Sony incidents. ISIL was a trigger to adopt a more proactive approach, especially within the USA where the NSA and Cyber Command have acquired 6,000 specialist staff to enhance their cyber defence capability. This represents a new era of ‘persistent engagement’.

This proactive approach has been adopted by FireEye who maintains hundreds of agents out in the field to generate intelligence on rogue states such as Russia, North Korea and Iran. By focusing on the largest adversaries FireEye informs its global clients about areas of future vulnerability and helps them to devise effective defence strategies.

Each year FireEye publishes its M-Trends Report that informs the global community of security experts about changes in cyber-attacks. Conclusions from the 2019 M-Trends Report include:

• The Dwell time, or period during which an organisation can detect a breach, is falling dramatically from 416 days in 2011 to 78 days in 2019
• Discovery of compromises is getting better internally, as opposed to being informed by external sources (from just 4% in 2011 to 59% internal detection this year)
• Retargeted attacks continue to increase from 56% in 2018 to 64% in 2019 with the obvious consequences for greater defensive measures

How important is governance to cyber-defence? What are the top themes for 2019? Read the full article available in our app exclusively for CIONET members and find out!

This article was written by Roger Camrass, director of CIONET UK and a visiting professor of the University of Surrey, and is based on the conversations during a dinner on Cyber related topics relating to government, sponsored by FireEye in London this April.