Page 103 - Cyber Defense eMagazine September 2023
P. 103
Open, democratic societies are much more vulnerable to attack as we offer unrestricted access to cyber
and information space. For instance, government employees occupying specific network and system
admin positions often take advantage of teleworking and this makes them an attractive target of social
engineering attacks which can be a weak spot for National security. The most sensitive sectors are
defense, foreign policy, and critical energy infrastructure. In the foreign affairs and defense context,
unauthorized access to sensitive information residing on the MoD/MFA computers will compromise
sensitive national and NATO/EU information. It will harm the national interest, the interests of our allies,
and the collective defense. This otherwise effective health measure increases the opportunities for a
state or non-state actor to exploit the information space by deploying fake news, videos, and false
statements on the MFA/MoD website instead of the real news and sabotaging our foreign policy posture.
Another even more dangerous scenario would be an attack on our nuclear power plant. This type of
attack can occur by using Stuxnet-like malware introduced to the nuclear power plant management
system by an infected USB flash drive plugged into a computer in the internal network. If successful, such
an attack would threaten our national security and the security of our neighbors. It may also undermine
the thrust in nuclear energy in Europe and have economic ramifications.
NATO member states must adapt to the new environment where teleworking will likely become a new
normal for government institutions. We need to strike the right balance between being a modern and
mature digital society, and actively using cyberspace while safeguarding our national security and the
security of our allies. To achieve a durable long-term solution our approach should be comprehensive
and address the root causes of the problem.
Although raising cyber awareness of NATO employees and adopting best practices is a solid approach,
it is not pursuing lasting results because it does not affect the adversary's motivation to engage in
unauthorized use of cyberspace. Thus, a more durable, long-term solution would be to target the
adversary's willingness to attack. We can significantly reduce the incentives for malicious exploitation of
cyberspace by strengthening our cyber resilience and capacity to recover.
As it grows, cyberspace becomes a more accessible medium for asymmetric malicious attacks against
government institutions and critical infrastructure. Thus, it becomes a breeding ground for new threats to
allied cyber and information space. COVID 19 caused a boom in teleworking and many government
employees started to work remotely from their homes. Although these measures remain efficient against
the spread of viral infections, they have an adverse effect in cyberspace by creating opportunities for
spreading computer viruses and aiding unauthorized access to government-owned networks. Therefore,
teleworking of government employees on certain essential network admin and system administration
positions constitutes a significant cyber threat to the security of NATO cyberspace. The most critical
domains in this regard are defense, foreign policy, and the energy sector, in which a significant disruption
of services could result in major and even catastrophic consequences.
The main methods of gaining unauthorized access to government networks include spear phishing
campaigns, malware attacks, compromising systems through social engineering, or manipulation of
legitimate user accounts. A cyber breach of our government networks would provide an opportunity for a
rogue state or non-state actor to manipulate government websites or send fake messages or even fake
videos.
Cyber Defense eMagazine – September 2023 Edition 103
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.