Author: Noam Krakover, Chief Strategy Officer , ELTA Cyber Division
The last few years were years of digital transformation. Traditional network environments were upended by the rapid adoption of new technologies like cloud infrastructure, applications and services, social media, the virtualization of data centers, the integration of IoT technologies, and the continued expansion of mobility, BYOD – “Bring Your Own Device”, and related applications. On the opposite side the number of high-profile cyber-attacks, data breaches and the resulting damage are testament to the risks associated with these changes.
Since approximately 2017 we can recognize that Cyber-attackers are using the latest technology to exploit the vulnerabilities in systems and devices (rather than in applications) to launch their payloads and to conduct large scale, fast-moving and multi-vector mega attacks. Large and mega scale attacks have an effect on all kinds of organizations, their operations, functionality, business continuity and reputation.
Today we are at a critical point of the cybersecurity evolution. We are facing threats which are more sophisticated and harder to prevent, and while the level of risk is growing constantly, most organizations still use security solutions of the previous generation.
Nation states, critical infrastructures, enterprises and private citizens should not let their cyber defense level stay behind. There is a growing need for next generation cyber protection and the cyber security industry should step up to the challenge and develop solutions that combine technology, intelligence and operational perspective and experience, which are capable of preventing fast-moving, next generation, attacks in real-time and potentially even mitigating them before they occur.
Cyber Attacks – main Trends
We define 3 major types and purposes for cyber-attacks:
- CNA – Computer Network Attack: is a cyber-attack for purposes of destruction.
- CNE – Computer Network Exploitation: is cyber-attack for purposes of exploiting, or stealing, the information on the computer/network and the information stored in the computer or network.
- CNI – Computer Network Influence: Attack for purposes of psychological influence, hurting morale, influencing public awareness.
Comparing the different kind of attacks, the different type of targets, the technology involved, and the damage being done, we can identify few major cyber trends:
- Ransomware attacks (CNA): in 2017, adversaries took ransomware to a new level.
Attacks against the financial establishment (CNA and CNE): In 2015 and 2016, a series of cyberattacks using the SWIFT banking network were reported, resulting in the successful theft of millions of dollars.
- Continuous attacks against industrial control systems (CNA): In the last few years, as critical systems become increasingly connected to the internet, the risk and impact of a cyber-attack on the physical infrastructure has grown.
- Cyber activity as part of “Information Warfare” and as an effort to influence public opinion (CNI)
- Weaponization of the cyber domain (CNA and CNE and CNI): including different use of cyber abilities as part of security and military activity.
- Continuous attacks against supply chain (CNA and CNE): cyber activity from the last few months has demonstrated, yet again, that “Supply Chain” is a rising and escalating threat, causing growing concerns about disruption.
- The risks and the high potential of threat in the “IoT world”: the evolution of IoT-based attacks is an example of the sorts of ongoing development of security exploits we can see and track, that not only increases the sophistication of attacks, but also expands the number of attack vectors, and enables attacks to detect and adapt to previously unseen devices, applications, and platforms.
The solution needed – Next Generation Cyber Security
Nation states, governments, critical infrastructures and private citizens must undergo a paradigm shift in the manner they address cyber security.
First, on the national level, and in order to address these threats and maintain economical and cyber resilience, nation states must establish holistic, end-to-end, cyber capabilities, encompassing:
- Technology for monitoring, detecting, predicting and mitigating cyber threats;
- Proven methodology for utilizing the technology
- Constant innovation in order to address the dynamic nature of cyber space and counter future cyber threats
- Collaboration on the national and international level
- Capacity build-up in the form of cyber training, cyber education and cyber hygiene.
In view of the high-level cyber threat, traditional security is not sufficient anymore. The high level cyber threat especially for IoT systems, critical infrastructure and industrial control systems, coupled with the growing trend of supply chain attacks, requires a novel and more holistic approach to the protection of Mission Critical Systems and Facilities.
The American DHS define five major pillars that are needed for Managing Cyber Security Risk:
- Risk identification
- Vulnerability reduction
- Threat reduction
- Consequence mitigation
- Enable cyber security outcome
Governments, critical Infrastructures and large enterprises should consider implementing a new generation of cyber defense solutions, extending beyond IT security and focusing also on detecting social engineering & phishing, supply chain management, IoT security as well as maintaining the “root of trust” of mission critical elements within the network.
In order to effectively secure mission critical elements, effective cyber defense solutions should encompass three elements:
- Hardening: End to End or “cyber hardening”, by employing best of breed security practices and effectively employing inherent cyber security controls within various network elements, processes, operating systems and software.
- Monitoring: monitoring various elements within the mission critical system and facility in order to identify and alert on anomalies, both operational and network-related, which may indicate an impending or on-going cyber-attack.
- Intelligence: Cyber Threat Intelligence Capabilities, augmenting the physical security, attempting to identify potential future intentions to cyber-attack the mission critical system or facility.
In today’s changing threat landscape organizations, nation states, governments, critical infrastructures, large enterprises and private citizens, cannot effectively protect themselves efficiently and effectively way by utilizing old generation, sometime defined as “good enough” tools any more. Nation states, governments, critical infrastructures, large enterprises must define their threat reference and critical assets, as a guide for effective cyber defense.
Nation states, governments, critical infrastructures, large enterprises must look beyond the tools and adopt new a cyber defense strategy that combines updated, professional modern and active, threat intelligence, knowhow and operational experience, a flexible and dynamic structure and next generation technological tools, including hardening, monitoring and pro-active advance defense abilities.
IAI/Elta – Cyber Division
Cyber security is one of Israel Aerospace Industries (IAI), strategic sectors and core competencies. IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.
IAI’s cyber solution addresses intelligence, protection, monitoring, identification and accessibility.
These advanced capabilities are possible due to the unique technologies developed by IAI’s research, development and excellence centers, offering IAI’s customers a wide range of capabilities for handling the evolving and ever-growing cyber threats.