Speeding Ahead: Bold Predictions for Our New Lives in Cyberspace

Summing up the concepts and key takeaways from the Cybersecurity War series.

Our interconnected digital world offers the untapped and unexplored potential to enhance our existence as we know it if we navigate cyberspace wisely. I’ve presented concepts and information to enlighten readers about what is lurking in the shadows of the Internet, best practices for securing your home wireless networks, where to find current information about cyber threats, and who the top adversaries are in cyberspace.

If you have not done so, please read articles 1 through four of this series.

1. The Boogey Man, Hide and Go Seek, and the Pursuit of World Domination

2. WIFI Best Practices, 4 Uninvited Guests, and 9 Ways to Evict

3. Adversaries In Cyber Security or Defenders of Freedom, Who’s Who, in the Zoo, Part 1: Russia

4. Adversaries In Cyber Security or Defenders of Freedom, Who’s Who, in the Zoo, Part 2: China and the USA

Each of these articles includes more detailed information about the current climate of international cyberwarfare, technical explanations in simple terms to garner a universal understanding of the concepts and mitigations and legal considerations linked to the Tallinn Manual 2.0 On The International Law Applicable to Cyber Operations. In this fifth and final installment, I’ll link the recommendations made in my other articles to predictions that might shed some light on things to come.

For my more logical, intellectual, or suspicious readers, please note that my predictions are, at best, educated guesses. No one can truly predict the future.

Using What We’ve Learned About How Countries Protect Their Citizens from Cyber War

International law is still catching up to cyberspace. Most countries are just beginning to enforce more widespread regulation over how we conduct ourselves and protect our networks online. For now, countries fall back on international laws that were in place long before the Internet existed to maintain global peace. Cyber adversaries know that the world’s superpowers are immature in this space and use the lack of global visibility and control over the Internet to do whatever they want. Disputing countries could shut down their enemies’ critical infrastructure, including power, gas supplies, or nuclear facilities, to leave them without power or heat, causing mass panic. The most successful and devastating attacks will impact large populations of innocent civilians. Imagine what would happen if one of the 438 worldwide nuclear facilities depicted below were attacked.

We can follow these four practices to navigate cyberspace more safely at home and when traveling abroad.

1. Analyze your online activities, learn about your vulnerabilities to threats, and avoid causing possible impacts on critical infrastructure, water utilities, power production, gas supplies, etc., to stay out of trouble.

2. Plan your online activities while traveling from state to state, country to country, and continent to continent via land, air, or sea, and when in doubt, wait to surf your website until you get home.

3. I encourage you to gain an understanding of the separate collective security organizations worldwide and avoid online activities involving those with opposing views. One example collective with opposing views to the US is the Shanghai Cooperation Organization.

4. Before accepting a random recruiter's six-figure remote job offer, be aware that an ongoing and never-ending cyber war is occurring online, and nation-states are looking to recruit you.

Prediction 1: Cyber-attacks will get worse before world powers can gain control over the Internet. Within the next 5 years, a large portion of North America's power grid will be shut down due to a cyberattack.

Harden Your Home Network and Detect and Evict Unwanted Guests.

Adversaries love to use our networks and computers to steal information and hide their true locations and identities. There are multiple ways for adversaries to access our home networks and avoid detection. Worst of all, unless a crime has been committed, like identity or financial theft, lurking in networks is typically not considered illegal. After all, when we connect to the Internet, our computers and networks become a part of the Internet. We can do these 9 things to protect ourselves from the 4 unwanted connections in the house below.

• Connection 1: Cheap network device phoning home.

• Connection 2: Unauthorized network scanning or penetration tests.

• Connection 3: The Neighbors’ smart cameras automatically tunnel through our networks.

• Connection 4: Drive-by hackers prey on WIFI networks.

1. Replace inexpensive firewalls and network devices with ones from a reputable manufacturer.

2. Block the IP addresses to and from all network ports and traffic communicating from the external network to that device’s address.

3. Don’t rely on the ISP router/firewall as your last line of defense.

4. Identify your essential data, like financial information, marriage, birth certificates, titles, etc., in a secure location and use multifactor authentication to gain access.

5. From your Alexa app, tap More, Settings, and go to Account Settings. From Account Settings, access Amazon Sidewalk and switch it Off.

6. Set up a separate guest network on your wireless router.

7. Disable Service Set Identifier (SSID) broadcast on all wireless networks other than your guest network.

8. Enable the highest level of wireless encryption possible to protect your network, i.e., WPA-PSK [TKIP] + WPA2-PSK [AES].

9. Separate your smart, WIFI-enabled devices into a dedicated wireless network.

Prediction 2: A major cyber-attack will be blamed on a local, unwitting citizen, family, or business who did not protect their network from hijackers, and they will be found guilty.

Ransomware as a Service Has Become a Big Money Maker for Adversaries, and We Can Do More to Stop it.

Cyber adversaries use the abundance of online tactics, techniques, procedures, and software exploits to gain initial access to our networks, go undetected, move laterally, and steal or encrypt our data from the computer systems of anyone who doesn’t stay on top of network security and security patching. Ransomware is so widespread that it has become an online service, Ransomware as a Service, or RaaS, as depicted below.

1. RaaS User (affiliate) utilizes the RaaS to develop an email exploit

2. Victim opens the email and visits the RaaS

3. RaaS encrypts the Victim’s data

4. RaaS also copies the Victim’s data

5. Victim pays the Financial Broker with untraceable cryptocurrency, RaaS team gets paid

Here are some MITRE best practices to detect adversaries’ bad actions and mitigate ransomware vulnerabilities in our critical infrastructure environments.

• User Training : Train and test enterprise users to identify and report phishing emails.

• Data Backup: Back up computer systems, hard drives, software, and critical applications remotely and securely to ensure recovery if operational computers are compromised.

• Behavior Prevention on Endpoint: Install endpoint protection software with capabilities to prevent malicious processes or suspicious user behaviors.

• Restrict Web-Based Content : As an Enterprise, block potentially malicious attachments.

• Network Intrusion Prevention : Install a solution that monitors the corporate network for unauthorized network traffic and, if detected, blocks those network transactions.

• Network Traffic Content: Install and configure network intrusion devices to monitor anomalous protocols and traffic patterns.

• Command Execution: Configure endpoint and event logging capabilities to detect and execute commands related to drive imaging or encryption.

• File Modification: Configure endpoint and event logging capabilities to detect modifications to files and user directories.

• Network Share Access: Configure endpoint and event logging capabilities to detect unexpected or unauthorized access to user shares.

• Application Log Content: Configure operating system and email system logging capabilities to detect malicious attempts to modify system files or run unauthored commands.

Prediction 3: Regulation will be passed in the United States that mandates a similar list of cybersecurity capabilities to be deployed in all critical infrastructure in the next 5 years, including all 16 Critical Infrastructure Sectors.

Countries Don’t Blatantly Attack Other Countries Using Cyber.

If a country were found guilty of a cyber-attack that impacted the sovereignty of another country’s citizens, it would most likely be considered an act of war. Hundreds of cyber-attacks have occurred on critical infrastructure and thousands on corporates and individuals. Still, to this day, no nation-state has been found guilty of committing cyber warfare and penalized for it. If that were to happen, we would all be aware of this act of war.

Several global powers have tremendous cyber capabilities, including the ten top players in cyberspace, the United States of America, China, the United Kingdom, Russia, the Netherlands, France, Germany, Canada, Japan, Australia, and Israel, tied for tenth. I’ve summarized the United States of America, China, and Russia below as the three that stand out, having the most well-documented adversarial capabilities.

Russia, the “Reckless”

• Effective at taking down critical infrastructure on multiple occasions.

• Collateral damage on civilian organizations has been high.

• Cyber-attack met the Tallinn 2.0 definition, and motives were clear, to take down critical infrastructure affecting civilians – could be considered illegal or war crimes based on international codes of conduct.

• Attribution is still unclear and possibly the only reason Russia has not been convicted of war crimes.

China, the “Wise”

• Effective at stealing millions of bytes of information about nation-states’ critical infrastructures.

• Zero collateral damage, although the information could lead to catastrophic civilian impacts.

• Cyber-espionage would not meet the definition of a cyber-war operation. However, civilian companies’ data was compromised and would not be considered international war crimes based on Tallinn Manual 2.0’s explanations.

• Attribution was made but considered a “red herring” due to the scale of all reconnaissance efforts and the inability to link all techniques and malware back to China.

The United States of America, the “Great”

• Effective at the proactive dismantling of a nation-state’s nuclear development activities.

• Minimal collateral damage, with evidence that civilians minorly impacted were not the intended targets.

• Cyber-attack met the Tallinn 2.0 definition, and motives were clear, discriminant military development equipment was the target and would not be considered international war crimes based on Tallinn Manual 2.0’s explanations as civilians were not the target.

• A witness made attribution; however, that witness’s bias and other illegal behaviors tarnished his motives.

Prediction 4: A major critical infrastructure organization in power or energy will be cyber-attacked, suffer great financial losses, and impact the public. That corporate will determine attribution to a nation-state and demand the admission of a cyber war within the next 5 years.

Where To Go from Here

The Internet is cyberspace growing and evolving at the speed of light. The only limitation to our digital futures is that of our imaginations. Unfortunately, many of us have different opinions and ideas of good behavior and where the lines should be drawn while conducting ourselves online. Like our physical spaces, there are goods and evil, dark and light, those out to cause harm, and those out to change the world for the better. We all must do our bests to learn as much as we can about these new technologies we use every day and how to do best what’s right to protect ourselves, our families and businesses, and critical infrastructure. We take control of the Internet by learning and doing what’s right.

Thank you for following along with me in this cyber warfare awareness journey. Even though this article concludes my introductory story on cyber warfare, this is just the beginning. Stay tuned for deeper dives into past, present, and future cyber attacks, threats and their techniques, legal and insurance considerations, and technical solutions that mitigate and detect cyber attacks.