Thursday, May 2, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Italy must mobilize national cyber power, here’s how

3 years ago babelfish

Italy must mobilize national cyber power, here's how

The intervention of Francesco D'Arrigo, director of the Italian Institute for Strategic Studies

The recent hacker attacks against Colonial Pipeline, SolarWinds Corps and all those suffered by companies and organizations but not reported to avoid further economic and image repercussions show how it is possible to disrupt the normal life of millions of citizens through an invisible war, apparently less bloody but with devastating effects. Furthermore, the progressive reduction of the capacity to protect secrecy due to the advancement of social media and the extension of “intelligent” surveillance increasingly increases the capacity of new technologies to cause sudden shocks and affect international relations.

WAR, CRIME AND CYBER TERRORISM

As highlighted by the intelligence agencies, cyber warfare, cyber crime and cyber terrorism share a common technological base, tools, logistics and operating methods. They can also share the same social networks and even have similar goals.

The differences between these three categories of computer activities are often imperceptible even to the experts who have to analyze them and the security forces that have to fight them. To hackers, now enlisted as "cyber warriors", cybercrime can offer the technical basis (software tools and logistical support) and cyber terrorism the social basis (personal networks and motivation) with which to carry out attacks on the computer networks of infrastructures , companies or nations.

Therefore, the sources of cyber attacks can more easily be attributed to a criminal or terrorist origin and motivation, more difficult to a state one … a basic assumption that led to the establishment of the most exclusive, inaccessible and powerful global cyber ecosystem, the so-called "Cyber ​​Club" which includes only the USA, CHINA, Israel and Russia. However, other states such as Iran, UAE, North Korea, Pakistan, Kazakhstan, Sudan, also use their cyber power and non-state actors (non-state actors) in an increasingly aggressive way, openly or secretly, to carry out attacks. plausibly deniable (plausibly deniable).

Thanks also to artificial intelligence, not even with the most advanced intelligence and data and information collection capabilities is it possible to attribute (positively identify) with reasonable certainty the origins and motivations of a cyber attack carried out by an effective hacker organization.

In cyberspace, where the conflict is rarely obvious and the threats of retaliation too often have turned out to be empty, both due to a lack of reputation and the inability to send credible "signals" to those involved, conventional deterrence understood in its traditional form of mechanism of dissuasion of potential adversaries has often proved unsuitable and insufficient.

This means that States have an interest in maintaining or tolerating proxy organizations that could be involved in this type of activity and in other forms of attack, such as distributed denial of service (DDoS), which can also be carried out by hackers who do not have highly sophisticated technologies.

That distributed denial of service attacks can cause massive damage despite their ease of implementation has been proven time and time again since the 1980s. Denial-of-service attacks are generally more difficult to attribute than network exploitation attacks, i.e. those hacking operations that aim to steal data and information from targets that are attacked with tools capable of bypassing cyber security devices such as firewalls and infiltrate servers, computers and IoT devices connected to the Network in order to exploit system flaws and intercept calls and messages.

Although data theft poses a direct threat to national security (to research and private business), these types of attacks are also the basis for one of the most dangerous cyber threats, the unnoticed insertion of "logic bombs". concealed. These hidden files or software packages are minimal in size, and because they remain silent and do not need to communicate, they are extremely difficult to locate.

Once triggered, logic bombs can be extremely destructive: in 2008, for example, a logic bomb planted by an unfaithful employee in the network of US mortgage giant Fannie Mae would have wiped out all 4,000 servers if it had been triggered. A former US Air Force secretary and senior adviser to President Ronald Reagan admitted that in 1982 the CIA used a logic bomb to destroy a Soviet gas pipeline. Through a maliciously embedded backdoor into its Siemens control systems, programmed to reset pump speeds and valve settings to produce pressures far higher than sustainable from the pipeline joints and welds, the entire pipeline system went haywire. management. The result was a devastating explosion comparable to that of a nuclear device, which caused a huge fire visible from space. Less sophisticated, but more visible, are the denial-of-service and web defacement attacks undertaken by non-state actors who, however, many times presumably act with tacit state support.

For example, the famous Italian company Hacking Team, a software company that over the years has created not only a remote surveillance system but was among the first to use a series of tools, the so-called "trojans", which allow remotely control each device. Their RCS, or Remote Control System, a component of the Galileo suite used for surveillance and flagship of products sold to secret services and law enforcement agencies of countries around the world, used more than 500 computers hosted in different locations around the world and each customer could optionally have a subset of these 500 machines as needed

ATTACKS FOR THE EXPLOITATION OF THE NETWORKS

Admittedly, some forms of attacks are easier to attribute than others, in particular the exploitation of computer networks (usually cyber espionage and theft of sensitive data), since the data must be "exfiltrated" (that is, it must be transferred from the source to the hacker who wants to use them), and therefore such attacks have a better chance of being traceable.

But cyber-exploitation attacks can be resource-intensive, and many analysts are convinced that more sophisticated attacks can only be undertaken by state actors. There are, however, indications that even very complex espionage attacks, which require hundreds of hours of programming and with a clear political purpose, are carried out by non-state actors, even if designed for the benefit of a state. For example, a well-known US computer expert claims that the Stuxnet worm, which infected computers in at least 11 countries and was apparently targeted at the Iranian nuclear program, was created with a modular process, that is, programmed in "stages" by different teams that they probably had no idea what the real end goal of the project was. This is a feature that has also raised suspicion of the involvement of organizations and hackers from cybercrime backgrounds in the Stuxnet program.

Today's cyber operations have evolved further, they are totally remote with a level of sophistication unimaginable until a few years ago, and their attribution rate is practically negligible.

WHAT THE CYBER STATES DO

Technologically dominant states use their cyber warfare capabilities as a deterrent through policies of "digital coercion" and use hacking tactics in any economic, geopolitical and military competition.

The cyber power of a nation is expressed in three dimensions: the coordination of operational and political aspects through government structures, the coherence of policy through international alliances and legal frameworks, the cooperation of non-state IT actors. The nature of cyberspace is such that most of the IT capabilities of a Western democratic state lie outside the direct control of the government, that is, in companies and civil society.

IT'S ITALY?

To create an integrated national capacity, the non-state sector must be induced, motivated and incentivized to cooperate with the government. A strategic "national cybernetic" approach to security policy – the joint and integrated application of state (institutions, security agencies, ACN and government) and non-state (business and civil society) efforts to achieve common objectives – could help Italy to recover that cybernetic cultural gap recently diagnosed also by the Minister of Technological Innovation and the Digital Transition Vittorio Colao , according to which 95% of the data infrastructures of the Public Administration lack the minimum security requirements and reliability necessary to provide services and manage data .

With words of great concern, Franco Gabrielli , Undersecretary to the Prime Minister with responsibility for the Secret Services, also illustrated a very gloomy scenario of the context in which the new agency and the national strategy on cybersecurity are inserted, during the hearing before the Affairs Commissions. Constitutional and Transport, where he intervened as delegated authority for the security of the Republic.

Italy has been particularly slow in understanding the importance of national capabilities integrated into cyber power. The countries of the “Cyber ​​Club” but also other competing states have highly effective and visible non-state IT capabilities, which interact with their governments. Understanding how these non-state elements are induced to support or advance the government's cyber policy is at least as important as assessing one's internal capabilities. Skills that must be perfectly adapted to the war paradigms of the 21st century: cyber warfare, which is asymmetric, unorthodox and zero attribution.

It is now clear to everyone that in cyberspace what is true for the security of the attack applies to the security of the defense and as a state, if you want to have a minimum of capacity and cyber security, you need to be able to accept a certain level opacity (bordering on cybercrime), where attack and defense are two sides of the same coin.

For the situation in which Italy finds itself, the main dimension for guaranteeing security within the cyber defense perimeter is closely linked to the ability of the institutions to involve the economic, industrial, private research, training and individual citizens.

It is urgent to implement a "cyber education" aimed at all citizens, to provide more in-depth knowledge to those who work in large companies and institutions, in particular to those with executive responsibilities. The lack of awareness of cyber risk can also be bridged through a soft power approach focused inwards and by providing the new National Cybersecurity Agency with the legislative tools (see NSA directive) and the human and economic resources suitable for safeguarding the democracy against cyber risks and threats.

In a nutshell: national cyber power must be mobilized.

The million-euro question is: is Italy capable of doing this?

Answer: definitely yes.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/italia-potere-cyber-guerra-informatica/ on Sat, 03 Jul 2021 05:58:13 +0000.