Naming and shaming nations that launch cyberattacks does work, say intel chiefs

Naming and shaming nations that launch cyberattacks does work, say intel chiefs 1

Western countries are increasingly calling out malicious cyber activity by other nation states, and this naming and shaming can deter attacks and spur potential victims into improving their security planning, according to intelligence chiefs.

Intelligence experts from the Five Eyes intelligence grouping – made up of the UK, the USA, Canada, Australia and New Zealand – were all speaking as part of a panel session at CYBERUK 19, the National Cyber Security Centre’s (NCSC) cybersecurity conference in Glasgow, Scotland, in a rare instance of public discussion by the alliance.

In recent years, the five countries have often come together to call out cyberattacks that have been attributed to nation states, including pointing the finger at North Korea for WannaCry and accusing Russia of being behind NotPetya. The group of countries have also attributed malicious activity to campaigns backed by the Iranian and Chinese governments.

“There’s a small set of nations who are not behaving within international norms,” said Rob Joyce, senior cybersecurity advisor for the USA’s National Security Agency.

“If you look at the countries that have blatantly come out and attacked other countries in cyberspace, countries who are stealing wealth to avoid sanctions, literally bank-robbing in the cyber realm, it’s a small group – you can name them on one hand,” he said.

Joyce argued how Five Eyes members have “got to get comfortable as nations going out and saying these countries are behaving in a way that’s unacceptable and turning up that pressure,” adding, “we won’t get international norms without being able to speak that truth”.

“An important enabling component for making like-minded coalitions is bringing that intelligence forward, doing that attribution and having a specific entity that we have to rally around and deter,” said Joyce.

“If we’re not talking about the bad actors in this space, we’re not going to be able to rally and bring the coalitions – and it’s much wider than the Five Eyes.”

Some question what real impact calling out attacks in this way can have, but Ciaran Martin, CEO of the NCSC, argued that it makes a difference.

SEE: Cyberwar predictions for 2019: The stakes have been raised

“Do any of us do attribution for its own sake? No, we do it as a means to an end and that end being better cybersecurity and better national security,” he said, arguing that it “sometimes” alters the behaviour of attackers – although he wouldn’t be drawn on how.

Martin told the Glasgow audience that attribution also plays a role in helping organisations protect against potential attacks.

“It matters because we’re trying to tell people how to understand risk. So it does help to be able to say what are the Russians interested in, what sort of attacks do they do, what sort of organisations and assets do they tend to be interested in – the same as the Chinese? They’re not the same,” he said.

“That means you can frame your defence, because some people need to be worried about one country over another, some need to be worried about organised crime, some need to be aware about all of them”

And ultimately, Martin explained, attributing a threat to a particular nation state or malicious actor appears to provide additional incentives for organisations to act on information on how to protect against their cyberattacks.

“When we used to put out anonymised, non-attributable attacks, we’d say we’d seen something somewhere and this is how you can fix it, you can get a certain response. When you say this is Russia, you get a bigger response and that does matter,” he said.

SEE: 10 tips for new cybersecurity pros (free PDF)

For all of the Five Eyes nations, attribution is a big deal and the intelligence agencies will only issue public accusations about cyberattacks if they’re confident about their conclusions – it’s why the official attribution of WannaCry to North Korea only came over six months after the global ransomware attack.

“We’ll only attribute an attack to another country if it’s within our own national interests to do so,” said Jan Thornborough, unit manager of outreach and engagement at New Zealand’s National Cyber Security Centre, making four attributions in 18 months.

“We took a lot of time to think about what it means for the country and we were very considerate in the approach,” she added.

Australia takes the same approach, ensuring that all the pieces of the puzzle have been put together before public attribution is made.

“Attribution is not trivial: there are people who think they understand attribution and can pull something out and just say something. It’s not that easy. We need time for an attribution, it’s a very, very high bar for us,” said Scott McLeod, first assistant director-general at Protect, Assure & Enable.

Scott Jones, head of the Canadian Centre for Cyber Security, agreed with the idea that attribution must be solid before action is taken. “The bar is very high. We set the bar high for ourselves because we have to have extremely high confidence,” he said.

Canada’s approach to attribution is the same as that of the US, engaging in order to warn about the actions of nations who are engaging in aggressive behaviour in cyberspace. “The key thing is to say no, this is too far: this is going into a space where this is unacceptable,” Jones said.

MORE ON CYBERSECURITY

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
Cryptocurrency
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
Ethereum
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin55,024 1.42 % 2.42 % 6.58 %
Ethereum4,335.4 2.61 % 3.45 % 4.00 %
Binance Coin596.20 1.26 % 3.60 % 6.58 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana218.62 1.78 % 4.15 % 4.21 %
Cardano1.580 1.34 % 7.51 % 5.71 %
XRP0.9382 1.93 % 3.44 % 10.00 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2215 0.68 % 1.42 % 7.23 %

bitcoin
Bitcoin (BTC) $ 55,543.00
ethereum
Ethereum (ETH) $ 4,408.80
binance-coin
Binance Coin (BNB) $ 601.31
tether
Tether (USDT) $ 1.00
solana
Solana (SOL) $ 224.16
cardano
Cardano (ADA) $ 1.61
xrp
XRP (XRP) $ 0.948469
usd-coin
USD Coin (USDC) $ 0.999204
polkadot
Polkadot (DOT) $ 34.36
dogecoin
Dogecoin (DOGE) $ 0.203116