Cyber Attacks – New Security Threats Part II

Cyber Attacks – New Security Threats Part II

To understand the threats in cyberspace, we must know the motives of the various actors in engaging in intrusion. Many people refer to all types of adverse events in cyberspace as “attacks”. This is imprecise and in many cases wrong. What happened to Google was rather a form of industrial espionage . The hackers did not want to destroy Google’s computer systems. They were looking for information that they could benefit from later.

Such information gathering is typical of most cyber incidents . A foreign state or group uses malware to create holes in a network’s security systems and thus gain access to sensitive information. The confusion with regular attacks occurs when the intrusion is detected. The security managers then have to close the security holes, and this often means that the computer network has to be turned off and that expensive upgrades have to be made. Thus, a real cost arises from the intrusion , even if the intruder “only” was out to steal information.

In 2008, the US Central Command (Centcom) was exposed to an advanced PC worm. It took 14 months to get rid of this, which by much judgment was set out by a state. It has obviously cost a lot.

5: Cyberspace attacks

There are few examples of cyber attacks on states. Estonian government computer networks were subjected to DDoS attacks in 2007, and the same thing happened in Georgia in 2008 during the war between Russia and Georgia. These were limited attacks that overwhelmed the computer networks. However, the purpose was not to permanently damage the infrastructure in the countries. These incidents also show that attacks in cyberspace are not necessarily signs of conflict per se. They are often a small part of a larger conflict .

The attack on Estonia probably came as a result of the country arguing with Russia over the demolition of a Russian war memorial in the capital Tallinn (Estonia has a large Russian minority). The attack on Georgia came at the same time as conventional warfare. In this sense, cyber attacks are just one tool of many to gain the upper hand in a political or military conflict.

Cyberspace can be used more directly in warfare, but so far this part of cybersecurity is mostly at the planning stage . The first publicly known example of a so-called destructive attack, in which someone tries to destroy something using a cyber tool , was the Stuxnet worm . It was discovered in the summer of 2010 on a number of computer systems around the world. The worm was more sophisticated – and therefore more difficult to detect – than any other worm computer experts had seen before. It was also a bit of a mystery. No one could say for sure who had made it. But it was too advanced to have been made by criminals, or by young people in the boys’ room.

Several experts in Europe, Russia and the United States studied the worm carefully for several months, and in September the breakthrough came. A computer security expert in Hamburg found traces in the worm that indicated that it was designed to destroy centrifuges used in Iran’s nuclear program . This was completely new in cybersecurity. Unlike many previous worms, Stuxnet was not sent out into the world to vandalize networks or steal sensitive information. It was programmed to destroy a very specific target and a very specific type of technology .

Although we do not know everything about Stuxnet yet, it is obvious that it represents a significant development in cybersecurity. So far, cyber threats have mainly been limited to espionage and disruptive attacks (for example, DDoS attacks). Enemies have either tried to steal information without being detected, or they have paralyzed opponents’ networks for a short period of time to create confusion. Stuxnet shows that one can use worms to take over computer systems and trick them into doing actions that destroy themselves.

The cyber incidents in recent years have caused great concern among the authorities in many countries, including Norway. The threats that already exist are serious. What is most worrying, however, is what has not yet happened. Because cyberspace – despite rapid development – is a relatively new phenomenon, we do not know well enough about possible threats and vulnerabilities in this domain. Therefore, the discovery of Stuxnet is important; it can help make it easier to predict the dangers that may arise.

6: How do we defend ourselves?

A major challenge in building a solid cyber defense is that the threats cross traditional divides between the civilian and the military and between the public and the private. Hostile actors can hit private companies, civilian authorities and the military. And an attack on one of them can have consequences for the others as well. An enemy can attack Telenor’s computer systems to hit public authorities’ computer networks.

Furthermore, an attack on infrastructure (such as telecommunications networks or power grids) owned by private companies can affect the Armed Forces’ ability to protect the country. Depending on the severity and who is carrying out the attack, such estimates can be considered acts of war. As of today, however, there are no established norms for what is considered acts of war in cyberspace.

Due to these links between the private and the public and the civil and the military, it is crucial that the various actors in society cooperate. Norway is therefore in the process of preparing a national cyber strategy . The National Security Authority (NSM) has the overall responsibility for coordination and preventive work in cyber security. This is done in collaboration with private actors and the Armed Forces. The draft of a national cyber strategy is still being consulted, and one of the proposals is to establish a national cyber center that coordinates the work of securing Norway in cyberspace. Specifically, a cyber defense consists of several components :

  • Updating and securing networks: Regular updating of software (software) makes it more difficult for hostile actors to exploit security holes. In addition, it is important to introduce good security routines that prevent employees from spreading malware by reckless use of email, web browsing and memory sticks.
  • Coordination and monitoring: A good overview of cyberspace makes it possible to detect attacks and intrusions early and thus easier to act quickly.
  • Intelligence: Gathering information about possible threats makes it easier for the authorities to anticipate and take action against possible threats.
  • Attacking ability: In the case of serious attacks, the authorities must have the ability to counter-attack and put the opponent’s network out of play.

The development of a cyber defense, in Norway and elsewhere in the world, is a demanding task. The domain is still very new, and it is difficult to know what kind of threats are lurking there. At sea and in the air, we know relatively well which enemies we are facing. The understanding is not good enough when it comes to cyberspace. It is difficult to track down who is carrying out attacks and intrusions, and technology is evolving so fast that today’s defenses are not necessarily good enough to stop tomorrow’s threats.

Despite these challenges, it is imperative to build a defense structure, because cyberspace has become a central part of society. We can hardly imagine a modern Norway where all mail arrives in the mailbox, the defense management must send orders by courier and all trade takes place in stores. According to, the challenge ahead is to improve the understanding of cyberspace, vulnerability there and who can use it to affect Norway.

Then we also need to figure out who is going to be responsible for what in cyberspace. The division of roles between the public and the private and the civil and the military is important in order to be able to build an effective and appropriate defense against the threats we face in a domain that goes across all these dividing lines.

Cyber Attacks 1