The nuclear standoff of the sixties may be behind us, but a new cold war, or rather code war, has started to grip the globe.
Cyber espionage is real and present danger for every form of organisation. In recent years there has been an alarming rise in the level of attacks by criminals, organised gangs and even nation states; and you need only glance at the headlines to see the impact its having on businesses. In short Britain is under attack and the reason why is simple; we’re under attack as people want to get their hands on our ideas.
A new threat
Just like during the Cold War, the Code War is being fought by spies, or at least their modern equivalents. Espionage is the driving force in this very modern conflict and information is the desired target. These criminal elements in cyberspace have a clear goal – to access and steal IP, whether this is a defence blueprint or a new technical development in the civil sphere. Others seek to disrupt and destroy defence capabilities.
Using new and variant forms of malware that are increasingly subtle, network espionage is moving to another level, where Advanced Persistent Threats can burrow into an organisation, lie hidden and extract data over a lengthy period of time.
And the production of malware variants runs into the thousands each month. Their targets are financial institutions, corporations and state organisations and these compromises threaten to undermine commercial advantages costing companies, economies and indeed nations £billions in lost business.
Behind the cyber curtain
This is no longer a matter of a few asocial characters or small, self-referring groups seeking status and notoriety in their hacker communities. The ever increasing number of security breaches which are hitting the headlines and compromising companies and indeed, countries, are the work of organised and sophisticated gangs of criminals who have brought in the brightest and best-trained minds to wage war on businesses and governments.
From the proceeds of current cyber-crime, these organisations are building the next generation of malware, creating a persistent cycle of cyber attack that’s already primed to circumvent the next generation of security measures which are currently being put in place.
If reports are to be believed these organisations aren’t acting alone. Many experts believe that hackers benefit from state sponsorship whether indirectly, or directly. An example of this is the Stuxnet virus and its sister programme Duku which invaded computers in 2010.
Stuxnet was allegedly designed to handicap the controversial Iranian nuclear program and researchers concluded that the attack, which predominantly affected systems within Iran, could only have been conducted “with nation-state support”.
Caught in the cross-fire
Cybercrime is estimated to cost the global economy $1trillion a year – almost 1.75% of global GDP, according to Misha Glenny, author and cybercrime expert. It’s a staggering figure, but it’s ideas, and not money, that the Code War is raging over. IP, unlike physical assets, is not locked up in a safe protected by bricks and mortar.
Instead research and development worth £billions exists on hard drives and IT networks that are increasingly susceptible to cyber attack. As we all know IP is the lifeblood of any economy; and it seems that the bottom line has become the front line for this particular brand of cyber warfare.
What’s the endgame?
There is no endgame to the current code war. This is a continual and very serious chess game. As one power or organisation launches a new cyber-attack, the targets respond and revise their defences; but one thing that is certain is that the current security solutions are simply not fit for the task.
Security that relies solely on software has been proven time and again to have fundamental weaknesses, because the software is always exposed and vulnerable at some point. As a result traditional systems that rely on pillars of software are simply not able to cope with the increased level of determination, skill and knowledge of hackers. Instead security must start inside the device, using embedded hardware to combat the growing threat.
The UK is at the forefront of the battle in cyberspace and the solution that the government and other forward-thinking organisations are rapidly moving towards to the end the cyber-security crisis is based on Trusted Computing frameworks. Indeed, the UK and the US fully support the adoption of these standards at every level.
The Trusted Platform Module and the Self Encrypting Drive contain within them the access codes and data security that is essential to ensure organisations of all sizes are prepared for the increased cyber-attacks that will mark 2012 and they should be the de facto standard for any organisation that values its security.