One lasting legacy from the 2016 presidential election is that our democracy depends on cybersecurity.
After President Obama mandated an investigation into the potential Russian involvement in the outcome of the election, the Intelligence Community (IC) stated unequivocally that Russia, under the direction of Putin, hacked the DNC and engaged in a misinformation campaign in order to place Donald Trump in the Oval office.
Make no mistake, democracy is under attack and cyber is the new front in the battle on which this war is being fought. The so-named Grizzly Steppe campaign against the U.S. election is already being re-deployed to tilt the scales in upcoming elections in Western Europe including France and Germany.
Recognizing we are in a new era of "Cyber" Cold War, accurately assigning attribution to cyber events will be paramount to stave off nation-state attacks against our companies, our government, our allies and our freedoms as we know it.
Deterrence is as important a tool in a Cyber Cold war as nuclear deterrence has been in preventing a nuclear holocaust. If cyberattacks against critical infrastructures – including election integrity – go unpunished, then we open the floodgates to more attacks from anyone with a computer and internet connection, whether it’s a nation state, a terrorist organization or a lone wolf. The combination of a strong cyber defense with a policy framework for strong response in the event of attack is a necessary foundation to deter nation-state attacks.
A policy of strong deterrence is built on a solid foundation of reliably attributing cyberattacks. Correct attribution is one of the most important pre-requisites in taking response to an attack and yet is the hardest thing to get right in cyber.
Unlike a robbery scene where physical evidence is often left behind, in most cases the bits don’t tell much and are completely forgeable. Attribution is determined based on the preponderance of evidence collected from signals intelligence, offensive cyber ops, human intelligence, underground forums/dark web, snitches, financial investigations and cyber artifact analysis.
Getting attribution wrong can be more dangerous than not having attribution at all. For example, state officials and media attributed the recent hack of a Vermont electric utility employee’s machine to Russian nation-state actors following the release of the DHS Grizzly Steppe report. The infection turned out to be pedestrian cyber crime type malware, showing the risks of misattribution.
To reach acceptable levels of attribution, governments need to collaborate with private industry by mutually sharing indicators and evidence, then publishing the analyses. Identifying and distinguishing clear and present dangers to the nation from nuisance cyber crime is important to avoid the potential of retaliation and escalation based on faulty evidence.
As we move into 2017 with a new administration, the one thing we know for sure is that cyberattacks will continue to threaten democracies here and elsewhere. Given the high stakes, deterrence is a necessary component for any national cyber defense strategy. Without reliable attribution and transparency built on public and private sector collaboration, we risk turning a Cyber Cold War into a shooting war.
The government needs true bilateral sharing and collaboration with the private sector more than ever. The nation and democracies everywhere will depend on reliable attribution and deterrence to prevail in a global Cyber Cold War.
Anup Ghosh is founder and CEO at Invincea. Prior to founding Invincea, he was a program manager at DARPA where he created and managed an extensive portfolio of cybersecurity programs.