Beginning January 2020, the Cyber Statecraft Initiative will feature a monthly CSI5x5, in which five featured experts answer five questions on a common theme, trend, or current event in the world of cyber. Interested in the CSI5x5 and want to see a particular topic, event, or question covered? Contact Simon Handler with the Cyber Statecraft Initiative atSHandler@atlanticcouncil.org.
The past ten years have, among other things, witnessed the most-costly cyberattack on record, the discovery of a computer worm capable of wreaking physical destruction, and USCYBERCOM’s elevation to unified combatant command status. As we turn the page to 2020, we’re looking back to recap the most significant, overblown, and emergent cyber incidents of the decade.
Our Cyber Statecraft Initiative experts go CSI5x5 to put the 2010s into perspective.
#1 How will the 2010s be remembered as a decade in cyber history?
Beau Woods, cyber safety innovation fellow, Cyber Statecraft Initiative; founder/CEO, Stratigos Security: “[As] the era our neglect was put on display. After decades of the private sector and policymakers ignoring warnings from security researchers and warning signs from data breaches, high-profile, high-consequence cybersecurity incidents like Mirai, WannaCry, and NotPetya catalyzed a collective “oh sh*t” moment. While the increased focus has generated more activity than effectiveness (so far), it now seems accepted that cybersecurity can have a significant impact on public safety, public confidence, and national and economic security.”
Megan Stifel, non-resident senior fellow, Cyber Statecraft Initiative; senior policy counsel, Global Cyber Alliance: “The 2010s will be remembered as the decade of destructive cyber operations and unexpected consequences. From Stuxnet to Shamoon, Sony, and NotPetya, as the decade progressed the effects of actors’ operations were felt more broadly than their assessed intended targets. Whether the collective response, or lack thereof, to these attacks contributed to their escalating nature remains an open question.”
Bobbie Stempfley, non-resident senior fellow, Cyber Statecraft Initiative; director, CERT Division at the Software Engineering Institute at Carnegie Mellon University: “[As] the decade of the data breach. Major breaches impacted every sector, impacting individual privacy, corporate intellectual property, and national security.”
JD Work, Bren Chair for cyber conflict, Marine Corps University: “The teens were the decade in which the last of our comfortable illusions of a free (libre), stable, and peaceful cyberspace were shattered, as the covert competition and conflict that has long marked the interactions of states, proxies, and new powers publicly surfaced in a fashion that could no longer be denied. [It will be remembered as the decade of consequences ranging] from the disclosure of persistent espionage inflicting industry-breaking losses to the recognition of the environment as a new warfighting domain, in which covert action and sustained strategic exchanges play out across the pervasive vulnerabilities of private systems and networks.”
Kenneth Geers, non-resident senior fellow, Cyber Statecraft Initiative; ambassador, NATO Cyber Centre: “Militarization. We created USCYBERCOM in 2009, and other nations quickly followed suit. Likewise, Stuxnet broke in 2010, which gave the world an eye-opening glimpse of “cyber war.”
#2 What do you consider to be the most significant open-source cyber incident of the past decade?
Woods: “Stuxnet. The (alleged) US- and Israeli-led cyberattacks against Iranian nuclear capabilities is a Rubicon-crossing moment. First, it established a norm that using a destructive cyberattack is an acceptable means to achieve a political objective. Second, it put other countries on notice that their cyber offensive programs were behind, encouraging them to ramp up. Third, the malware ended up spreading to dozens or hundreds of facilities worldwide, spreading capabilities to much less advanced adversaries.”
Stifel: “NotPetya due to the global scale and scope of its immediate impact as well as the longer-term consequences of trust in connected technologies.”
Stempfley: “The Myrai-bot demonstrated the unintended consequences of poor design, and the true nature of the environment where those that pay the cost for poor product security are often not the same people who caused the issue.”
Work: “The sustained Lazarus/HIDDEN COBRA intrusions compromising transactions across the global financial backbone, which left destroyed institutional networks in its wake, monetized to prop up the illicit power of an isolated, paranoid Democratic People’s Republic of Korea (DPRK) dictatorship and the Kim family’s twisted, dangerous ambitions towards a nuclear and ballistic missile arsenal. Beyond the significance of the funds stolen, this campaign crossed a fundamental red line in offensive cyber operations by altering the integrity of account and messaging information—options deliberately not pursued by responsible state actors since at least operation ALLIED FORCE two decades before. This is also the campaign which saw key change, where great powers at last chose to no longer abandon private sector actors to fight hostile military and intelligence services alone—but began to shape new strategic approaches and associated concepts of operation to counter threats that directly challenge our sources of national power.”
Geers: “Not even close. The 2016 US Presidential Election was the greatest hack in history, blending SIGINT, HUMINT, and Information Warfare at the highest level of grand strategy.”
Leave a Reply