Cyberwarfare activities were always on the Internet. STUXNET, Google Aurora, and many other attacks were a fact of life. We had cyber attacks when Yugoslavia broke up. We have constant attacks in the Middle East. Cyberwar was part of a security practitioner’s threat model from the late ‘80s until the early 2000s.
Then, cybercrime started to dominate everyone’s attention. All threat models move to cybercrime. Cybercrime was a real and increasing business risk. State Threat Actors who focus on cyberwarfare love the “cybercrime distraction.” Then Edward Snowden shared what state threat actors were doing. Since then, the world has changed.
Since the Snowden disclosures, the industry has added the state threat actors to its list of risks. North Korea, China, and Iran combining their cyberwarfare preparation with cybercrime “side jobs” help keep State Threat Actors top of mind.
Then Russian tanks rolled across the Ukrainian. Cyber-Kinetic attacks became visible and tangible. Cyberwar targeted countries like Costa Rica, the Dominican Republic, and countries well outside the Ukrainian/Russian front.
We now live in a world where the interconnected world will always be one hop away from the many ongoing cyberwars. We will have multiple hot, cold, and proxy wars, all using cyber as part of their arsenal.
Organizations must recognize the State Threat Actors and their Corporate Contractors and Privateers. They are a risk to your organization, even if you are not part of the “physical battlespace.”
Brendan Ritchie from Insights as a Service picked cyberwar as one of the many topics to focus on in our interview. It is fun to have someone as skilled as Brendan pull out cyberwar insights from the past. Many of these insights I’m going to polish up and post to help organizations add state threat actors to their threat modeling, architectures, and defensive posture.
For now, grab a coffee, tea, or lunch and listen to Brendan tease security insights from someone who started their “Internet warfare” in the ‘80s and never forgot what could happen.