A recent article in New York Times titled, “US Cyberattacks Target ISIS in New Line of Combat” highlights how the military is using computer-network attacks alongside traditional weapons for the first time.
Richard Cassidy, technical director EMEA, at Alert Logic has offered via Q&A to @DFMag, some insight into this new “cyberbomb” tactic.
What type of attack do you think the military might be using?
Richard Cassidy: “Government and military organisations have long been aware of the need to ensure effective capabilities in dealing with threats to national security in this new age of cyber warfare that we’ve seen proliferating quite rapidly over the past 3 to 5 years. Key considerations in any cyber warfare strategy will be based upon both disruptive operations and counter intelligence activities; ultimately working to render efforts (or potential targeted campaigns) by any terrorist or cyber-criminal group, either useless or of too high a risk to initiate in the first instance. Military organisations will quite clearly be working to understand the tools, techniques, tactics and procedures in use by these dissident groups and as such will be poised to proactively research and analyse how each threat proliferates from initial reconnaissance of targeted networks through to malware activity both within the targeted environment and external communication attempts to malicious domains/IP’s. Overall we’ll find that the tools in operation wont differ a great deal from what is already available openly on both the Internet and DarkWeb, which to all intents and purposes makes lives a great deal easier when conducting such operations.
The ability to disrupt will be born out of a diverse and constantly evolving toolset, allowing military organisations to disable environments where attacks may be launched (through Infrastructure based threats, DNS level attacks and blocking capabilities), in addition to monitoring key DarkWeb communication channels to monitor for creation and movement of malware that may be used by these organisations, with a view to identifying sources and disabling the chain at a grass roots level. Counter-Intelligence operations may well reap far more rewards in terms of taking the fight direct to the source(s) of such nefarious activity, often by reverse engineering malware through specially crafted environments designed to track and monitor this behaviour, a huge degree of detail can be retrieved often leading military organisations right to a specific individual or group of individuals involved in terrorist or criminal activity from a cyber perspective.”
Is this the first time the military is using cyber attacks against ISIS? If so, why do you think the military is now implementing this tactic? Was it a technology issue?
Richard Cassidy: “It should be clear that cyber attacks have long been a tool in the arsenal of most military organisations across the globe, and we’ve seen some examples of this specifically when looking at breaches or attempted breaches against U.S military and government organisations from other parts of the world. “State Sponsored” is a term we have become more accustomed to today, more than ever before and for obvious reason. How often governments have condoned or even utilised cyber attack capabilities as part of operations against known terrorist or criminal groups is a point of contention and clearly no reliable data source exists; it is however a key capability that we need to be able to execute on as a country, given the evolution of how these groups are now working to target nations, key infrastructure, utilities, security and public organisations.”
Will this set the “cyber” precedent for combat with future enemies?
Richard Cassidy: “We are already at a point where to implement an effective and reliable defence strategy in the interest of national security, there needs to be capabilities in both physical and virtual warfare approaches. We can no longer rely on just physical intelligence and operational activities to remain one step ahead of terrorist or criminal groups; we now have to focus a great deal of resource in cyber warfare activities, given that we are seeing increased activities by these groups in this area. If you look at the astonishing number of exploits and vulnerabilities that have existed in online environments (right across all industries), coupled with application weaknesses that can be targeted relatively easily, exposing weaknesses at the very gateway to key information stores and network infrastructures, then it’s no wonder at all that government and military organisations are already ensuring their own “cyber” capabilities in terms of protecting themselves. The path of least resistance still remains a key threat vector in all aspects of security and online warfare represents a key focus (as we’ve seen over the past several years) for terrorist organisations, given the ease at which these type of attacks can be instigated and sustained with relatively little resource overall.”