By Pierluigi Paganini, Editor-in-Chief
The chronicle is full of news related to cyber attacks against government agencies and private industries, group of organized hackers, but also novice cyber criminals everyday target networks all over the world causing serious damage.
The recent cyber espionage campaigns against US news agencies and giants of IT sectors such as Facebook, Apple and Microsoft raised the question on security and the necessity to adopt preventive measures to mitigate the cyber threats.
U.S. government and its networks have been constantly hit by hackers that for different reasons have tried to steal sensitive information, intellectual properties and intelligence secrets.
There is no single profile of the attackers, but the principal menaces come from state-sponsored hackers and hacktivists, in the last months many cyber attacks, mainly for cyber espionage purpose, involved also US infrastructures and government offices.
The attacks against US networks aren’t exclusively political motivated, hacker groups and hacktivists such like Anonymous represents a constant menace to its systems. Anonymous recently proved that gained access to State Department’s website and its database during Operation Last Resort and probably it will not be the only one, the popular group exposed personal information of State Department consular and staff members to protest against US authorities being allegedly responsible for the suicide of young internet activist Aaron Swartz.
Anonymous has also announced that has possession of key codes to unlock encrypted files named after the nine Supreme Court justices, they were widely distributed January 25 when Anonymous hacked the US Sentencing Commission website , which allegedly contain highly sensitive government information.
The continuous offensives are a constant menace for the government that need to reinforce its cyber security and to find the way to persecute every cyber actors that violate its cyberspace.
We are in the cyber era, every governments despite global economic crisis is investing in both defense and offense sectors, most active countries are China, U.S., Israel, Iran, North Korea and Russia which are pushing militarization of cyberspace.
The espionage is become cyber espionage and instead of explicit attacks many countries prefer to explore to cause sensible damage to adversary hitting its critical infrastructures using a cyber weapon.
Recently Obama has signed an Executive Order on cyber security to define a set of actions required to contain “growing threat from cyber-attacks”. The order extends the concept of cyber threats including acts such as “website defacement, espionage, theft of intellectual property, denial of service attacks, and destructive malware,”
During RSA conference on Thursday, Feb. 28 by White House Cybersecurity Coordinator Michael Daniel announced that U.S. government is considering other measures such as visa restrictions and financial sanctions against hackers or governments that might hack national networks, the announcement is strong because it’s first time specific retaliation methods have been mentioned by the White House.
It is difficult to imagine how the government can take legal action against hackers operating in the country, but especially for those who attack US from the outside.
“It’s really a question that we’re still debating and debating vigorously, and we need to debate within the government and as a society,” “What I can say is that once we decide a federal response is warranted though, there’s still a broad spectrum of actions we could take.”
While the government studies how to implement its retaliation strategy, one after another U.S. IT giants (Apple, Microsoft, Facebook, Twitter) have fallen under cyber attacks of yet unidentified hackers, due this reason US will employ military action to respond to further hacks.
Principal security firms consider Chinese state sponsored hackers responsible for the attacks, Chinese cyber units are accused of conduct “thousands” attacks daily, Governments need to further strengthen its infrastructures and to act also on diplomatic way to hack to foreign governments such us China to monitor hacking activities that offend US.
[This may include the U.S. leveraging its diplomatic powers to] “Push countries to crack down on hacking activities from within their borders.” Daniel said.
Despite US intentions are clear their realization is very hard and delicate under diplomatic point of view with meaningful implications, retaliating against foreign hackers it’s difficult and must be done with due care are as reiterated by Daniels.
“The risk of missed attribution, missed calculation and escalation in cyberspace are very real,” “As a government, any action we take in cyberspace must be considered against its possible foreign policy implications and our desire to establish international norms of acceptable behavior in cyberspace.”
The road is steep, full of difficulties and it is interesting to study how the U.S. Government intends to follow it and what will be the repercussions.