Page 105 - Cyber Defense eMagazine September 2023
P. 105
infrastructure sites such as the Metropolitan management systems and Oil refineries on territories of
NATO member states.
Although it might seem very far-fetched, these scenarios are highly likely to occur. The threat is genuine
as teleworking is currently gaining popularity. It expands the opportunities for unauthorized access to
government cyberspace. The more government employees work from home, the more opportunities for
malignant individuals or state actors to hack into employees' home networks and obtain their corporate
credentials. The threat is complex because it exploits known cyberspace vulnerabilities to exploit
cyberspace and the information environment and can have both tangible and intangible reputational
damage. It will have internal economic and external political implications, affecting the economy and
foreign policy posture.
An attack against a nuclear power plan would be the most dangerous one. The threat associated with it
can be classified as critical since "modification or destruction of computers that control physical processes
can lead to cascading effects (including collateral effects) in the physical domains." Unauthorized access
to the MoD or MFA networks and exfiltration of sensitive national and NATO/EU information can be
considered major threats to collective security. Not only does it jeopardize the collective defense of the
alliance, but it also crosses over to the information space and degrades a NATO member-state foreign
policy posture, undermining the cohesion of NATO and the EU and the transatlantic relations.
Recommended action and way ahead
NATO member states should strive to grow from basic information security and cyber hygiene to a
modern mature society capable of withstanding cyber threats across all spheres of life. Therefore, our
strategy should focus on investing in developing capacity in information and cyberspace. Our approach
should be holistic and comprehensive. It should include hardening the cyber and informational aspects
of national security posture while at the same time using strategic communications to counter
misinformation.
NATO should seek to implement what is known as “zero trust” architecture in all networks and improve
its layered security to ensure cyber resilience and business continuity at all levels. Zero trust is a security
approach that assumes that all users, even internal users inside the network are malicious and must be
verified.
We must adapt to the new digital environment where teleworking will likely become a new normal for
government institutions. At the same time, we need to find the right balance between being a modern
and mature digital society actively using cyberspace while safeguarding national security and the security
of our allies.
Since the security is only as good as its weakest link, one approach is to address the weakest link in the
security architecture - the human factor. To effectively prevent unauthorized access to our government
networks, we need to raise cyber awareness of our employees by constant training and adoption of best
practices. Our citizens should become aware of social engineering attempts and become more vigilant
regarding phishing e-mails. Although this is a solid approach to hardening the security of our networks,
the vulnerability will always be there.
Cyber Defense eMagazine – September 2023 Edition 105
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.