Page 51 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 51

Cyber Resilience: The Real Battle is Behind the Frontline


            Simon Buehring, Managing Director of Knowledge Train®





            Whilst media reports about cybersecurity focus on high profile cyberattacks, behind the cyber frontline a
            new battle is being fought.

            It was recognized earlier this decade that the US was at risk of calamitous cyberattack from state-directed
            actors. If a hostile nation wanted to wage war against the US, it would likely be in a form of warfare which
            the  world  had  not  yet  seen.  Maliciously  damaging  the  country’s  infrastructure,  particularly  its  power
            generation, nuclear, water, transportation, health services or critical manufacturing plants would have a
            crippling effect on the population.

            A sign of things to come arrived in 2010, in the form of the Stuxnet attack by Israel on Iran’s nuclear
            centrifuges.  It  was  the  first  high-profile  cyberweapon  specifically  targeting  industrial  control  systems.
            Stuxnet shut down over one third of Iran’s centrifuges. It showed that cyberweaponry could be a very
            potent new type of weapon which could be used to seriously degrade an adversary’s industrial capability.

            In 2017, the WannaCry ransomware attack was reported in over 150 countries. Although WannaCry was
            not designed to target industrial control systems (ICS), it managed to infiltrate some ICS which led to the
            downtime of industrial production, such as the one which affected the Dacia car company, a subsidiary
            of Renault.

            On the front line of defense for businesses, governments and individuals have been cybersecurity tools
            and techniques. These often encompass identifying electronic data, implementing technology and the
            business practices that will protect it.

            Yet there’s been a growing realization over the years that hackers will always have the upper hand. As
            new vulnerabilities emerge, they are quickly exploited, and a game of cat and mouse ensues with security
            companies patching holes in systems only for new vulnerabilities to emerge. These in turn are targeted
            by hackers.

            In response, the assumptions upon which the cybersecurity industry were based have shifted. Instead of
            assuming that hackers can be kept out by applying ever-more sophisticated defenses, there’s been a
            growing realization that at some point systems will be penetrated. It would be wise therefore to be able
            to recover quickly from such an attack with minimal damage.











                                 51
   46   47   48   49   50   51   52   53   54   55   56