From Espionage to Sabotage: The Shifting Strategies of Global Cyber Conflict

Cyber warfare is evolving as nations like Russia and China increasingly target critically sensitive infrastructure such as energy systems and communications networks. Strengthening cybersecurity measures across these sectors is crucial to building a resilient and secure future as the threat of cyber sabotage continues to grow. 

NSA guidance and the new cyber dynamics

The NSA recently released guidance on the importance of data analytics and visibility in the context of Zero Trust as cyber conflicts from China and Russia have intensified. An article in The Economist highlights that data analytics and visibility are crucial as Russian and Chinese threats gear up for wartime sabotage. 

The Economist notes, “For many years, Sino-American skirmishing in the cyber domain was largely about stealing secrets. ... In recent years, this dynamic has changed. Chinese cyber espionage has continued, but its operations have grown more ambitious and aggressive. Russia, too, has intensified its cyber activities in Ukraine, with Russia-linked groups also targeting water facilities in Europe.”

Lt. General Robert Skinner, head of the Defense Information Systems Service Agency in NextGov, explains that China is seeking to disrupt daily life during a potential conflict. These campaigns hint at a new era of cyber sabotage. The idea of cyber sabotage is not new; however, “Stuxnet,” an Israeli-American attack, disrupted Iran’s nuclear enrichment facilities in the late 2000s. 

The NSA’s guidance emphasizes the growing recognition of the importance of capturing insight logs and tracing of activities inside networks. The Economist explains that “the Chinese and Russian campaigns also break with the past in another way.  Traditional cyberattacks would be associated with a distinctive signature, such as a particular malware or a suspect server. A diligent defender could spot these. Both [China’s] VoltTyphoon and the [Russia’s] GRU have used stealthier methods. They have made the connection look legitimate by directing attacks through ordinary routers, firewalls, and other equipment used in homes and offices.” This shift to stealthier methods requires enhanced data analytics and visibility to detect these sophisticated threats.

CISO strategies to turn insights into action 

So, what does all this mean to CISOs seeking to protect enterprises? Two points stand out:

1. Maintain a synoptic view: Consolidate and integrate the output of tools to ensure threat intel is integrated with insight from network operations. Intelligence failures caused two of the most significant national security events — 9/11 and Iraq’s WMD program — due to balkanized intelligence and misinterpreting data. 
2. Expand focus beyond security events: A SIEM focused only on security events is insufficient. Network telemetry may be necessary to detect anomalous activities. CISA noted the focus was “operational technology,” such as the software that controls water systems, energy, transport, health, and manufacturing operations. Data analytics and visualization are important for detecting abnormal activities because they provide a comprehensive view of what’s happening within your network. 

Ensuring security for all

While some might assume that attacks would primarily focus on bigger corporations. Think again. The Economist points out that attackers often focus on a "broad swath" of small and medium-sized companies. Disrupting these smaller targets can cause outsized effects. ExecutiveGov provides a clear description based on NSA guidance, stating that organizations should perform activity logging, regularly use security and risk analytics, centralize security information and event management, develop user and entity behavior analytics, automate dynamic policies, and integrate threat intelligence.

To protect your organization from cyber sabotage, stay vigilant, maintain comprehensive visibility, and leverage advanced analytics to identify potential threats. Implementing these practices can help you stay ahead of cyber attacks and keep your organization secure. 

Keep your cybersecurity strategies fresh by subscribing to the Perspectives blog. Receive regular updates and expert insights tailored to those looking to enhance their security posture.