LONDON — Machine-aided cyber warfare attacks developed by nation states are posing a growing threat to national security. Large-scale international cyberattacks have recently knocked out the radiation-monitoring systems at the Chernobyl nuclear plant, crippled Germany’s rail network and hit over 40 hospitals across the UK’s National Health Service.
What did these potentially devastating attacks have in common? They were all carried out by automated cyberwarfare weapons stolen from the US National Security Agency. This demonstrates how the automation of illegal hacking techniques is allowing criminals to launch attacks with nation state level expertise. These powerful hacking tools contain a ‘payload’ and a ‘transport’ mechanism, enabling them to automatically reproduce and launch attacks at a scale and speed that is beyond human ability. These tools can also be ‘’repurposed’ for specific targets, from ships to military bases to government buildings. Increasingly these weapons are being sold or rented online with accompanying user ratings, ‘how-to guides’ and money-back guarantees, normalising and legitimising the activity of unlawful hacking. It is the equivalent of guided missiles being stolen and circulated at underground auctions, complete with user manuals, secret location coordinates and launch codes.
To deal with this increase and sophistication of attacks, it is imperative that the output of global cyber defenses are increased. However, we cannot rely on manpower alone. The world faces a projected shortfall of 1.8 million cybersecurity professionals by 2022. This depleted and overstretched cybersecurity workforce needs to focus on higher-level strategic work and cyber-offensive capabilities, rather than the essential, but repetitive, detailed network analysis.
This combination of circumstances means that organisations across the globe are increasingly looking to machines to combat the rise of ‘virtual’ cybercriminals. By taking a leaf out of the attacker’s playbook and adopting automated tools, defense experts can replicate the work of human ‘white hat’ hackers, finding and fixing vulnerabilities faster than traditionally possible.
Our clients rely on ‘intelligent’ tools to autonomously audit entire networks for vulnerabilities with the knowledge, skills and inquisitive nature of hundreds of penetration testers. They found that traditional scanners missed significant issues within their networks, as their scattergun approach could not replicate the methods of a good security tester. Scanners work by indiscriminately bombarding a network or device from the outside in the hope of exposing a vulnerability. In comparison, ‘smart’ configuration analysis tools scour each line of any network device, using virtual modelling to find deep structural vulnerabilities and flag fixes to the user; the equivalent of getting an architect’s blueprint to find and fix weaknesses inherent in design.
This technology allows organisations including NATO, the US Navy, Army and Air Force to audit hundreds of their systems in just seconds. Crucially, this means they can redeploy human cybersecurity experts away from these time-consuming auditing duties, towards more strategic work in the organisation. In this way, machines and humans can increasingly complement each other, boosting national defenses and securing our world.
Parts of the UK’s NHS remained untouched from the recent WannaCry attacks partly because they used ‘virtual auditors’ to analyse their networks. While automation is no silver bullet solution, it helps organisations to get the basics right, addressing key policies and best practice requirements, while allowing more creativity with an expanded capacity.
The key to progress in cybersecurity is the realization that machines can see many patterns and behaviors far faster than human personnel. This can then be used to speed up human reactions and inform critical business decisions. For example, if facial-recognition software spots people in one location while their credentials are used to access restricted areas somewhere else, a machine can instantly join the dots and work out their credentials have been compromised, alerting the appropriate personnel.
In future, we could see national defense efforts deploy large-scale autonomous cyber-intelligence teams, to bolster human capacity and to predict and prevent international cybersecurity threats before they even arise.
Nicola Whiting, COO at Titania, on why automated cyberwarfare poses a critical national security threat and why defense forces around the world are increasingly looking to strengthen their cyber defenses with automation.