Dark Reading enumerates the escalating potential for destructive cyber attacks and false flag operations to take place as tensions rise on the global geopolitical stage:
Geopolitical tensions typically map with an uptick in nation-state cyberattacks, and security experts are gearing up for more aggressive and damaging attacks to ensue against the US and its allies in the near-term, including crafted false flag operations that follow the strategy of the recent Olympic Destroyer attack on the 2018 Winter Olympics network.
As US political discord escalates with Russia, Iran, North Korea, and even China, there will be expected cyberattack responses, but those attacks may not all entail the traditional, stealthy cyber espionage. Experts say the Trump administration’s recent sanctions and deportation of Russian diplomats residing in the US will likely precipitate more aggressive responses in the form of Russian hacking operations. And some of those could be crafted to appear as the handiwork of other nation-state actors.
The idea of false flag operations are rather easy to pull off in cyber space compared to traditional kinetic attacks. It takes a huge amount of sophistication to properly execute this type of operation and ensure the fingers are pointed at the framed nation state. But it can be done, and there are strong players with this capability.
Consider how well Russia, China, North Korea, and Iran approach cyber. Western countries like US, UK, Australia, Netherlands, and other allies are extremely capable. Even a smaller yet highly advanced country like Israel could pull off a false flag operation. It is well within all these nations capacities to successfully misdirect cyber attack attribution.
As a quick aside, I suspect Russia was behind WannaCry even though the US, UK, and other government have unequivocally attributed it to North Korea. This specific attack does not pass the smell test, and was just far too sloppy for a country like North Korea to execute so poorly, especially when ransomware is their prime expertise. There was motivation for Russia to false flag WannaCry, and I discussed this with Japanese media at length early last year after the outbreak occurred.
There are many political reason to both publicly shame or to hide Russia as the culprit. The former would fit in with exposing Russia for all their malicious global cyber activity, while the latter is exactly the modus operandi for the Trump Administration. Furthermore, if Russia did false flag WannaCry, there is also a strong possibility the US intelligence community and its partners would rather keep their knowledge of such hidden from the public. This would allow Russia to conduct further similar operations, with the various intelligence agencies collecting additional data on their tactics and strategy.
While I obviously could be wrong, I still feel as if something does not sit right.
Security experts worry that Russia will continue to ratchet up more aggressive cyberattacks against the US – likely posing as other nations and attack groups for plausible deniability – especially given the success of recent destructive attack campaigns like NotPetya. Not to mention the successful chaos caused by Russia’s election-meddling operation during the 2016 US presidential election.
That doesn’t mean Russia or any other nation-state could or would cause a massive power grid outage in the US, however. Instead, US financial services and transportation networks could be next in line for disruption via nation-state actors, experts say.
Russia definitely has demonstrated sophistication far beyond what the US had expected. Their ability to have penetrated so far and wide is a testament to their strong focus on leveraging cyber for geopolitical activity. It is a fundamental shift in their national intelligence and military strategy, but one that is generally inline with what they have done throughout history.
The likelihood Russia actually attacks US critical infrastructure is extremely low, with the exception of potential isolated incidents against smaller players in the industry. As the above quote rightly states, Russia will likely focus on financial services more than any other area. The US needs to be prepared, and I am concerned the maturity of these operators is not at the level it needs to be to properly withstand a sophisticated nation state attack.