Vulnerabilities / Threats

10/18/2017
02:20 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

The Future of Democratic Threats is Digital

Public policy and technological challenges take center stage as security leaders discuss digital threats to democracy.

CYBERSEC EUROPEAN CYBERSECURITY FORUM - Kraków, Poland - Technology has transformed the geopolitical landscape and nature of conflict, said Sean Kanuck, director of Future Conflict and Cyber Security at the International Institute for Strategic Studies last week.

"Cyber operations are being used to achieve traditional, economic, political, and criminal ends," he emphasized in his keynote for the conference's State track. "The challenges to global interoperability are not limited by physical connectivity of networks."

Kanuck listed a few key strategic trends in cyber conflict: offensive operations below the level of armed conflict, private sector companies as enablers and targets, automation and higher visibility, collateral damage, and data manipulation and fabricated information campaigns.

Cyberattacks to influence democracy are stealthier; crafted to cause uncertainty. "What we actually see is nation-states intentionally operating below the threshold of armed attack that would lead to military response," he explained. "Citizens are unsure who perpetrated attacks."

The idea of compromising users' trust in the democratic system is at the foundation of many geopolitical threats, said Janis Sarts, director of the NATO Strategic Communications Centre of Excellence in Latvia. He pointed to recent attacks on voting systems as an example.

"When you think, 'What is the fundamental element of democratic society?' -- that is elections. We trust it will bring us results," he explained in a panel titled "From Cyber With Love: Digital Threats to Democracy."

"If you take away trust, either by hacking or by making people believe you did, it's enough," he continued.

Michael Chertoff, cofounder and executive chairman at the Chertoff Group and former US Secretary of Homeland Security, pointed to attacks on integrity of information and their ability to manipulate people. He pointed to attacks on media and advertising as an example.

"We haven't really appreciated what it means to lose control of information, including information about ourselves," he said. "The EU is ahead of the United States in realizing what it means to have someone else control your data."

Threats to critical infrastructure

Some threats don't target citizens' trust but critical infrastructure and the economy.

"The IoT and poorly designed devices that are easily infected present a real threat to the US economy," says Melissa Hathaway, president of Hathaway Global Strategies and former cybersecurity advisor for the George W. Bush and Barack Obama administrations, in an interview with Dark Reading.

"There needs to be an urgent focus on the few problems that affect many," she continues, citing energy, telecommunications, and finance as three sectors vulnerable to cyberattacks. "It's easy to disrupt service and get malware to destroy capabilities, and we lack resilience."

Hathaway emphasizes the importance of collaborating with allies, fixing infrastructure, and focusing on trade and diplomacy. Right now, the United States is more worried about cyber weaponry than how cyberattacks could influence its economic structure, she explains. Cybersecurity isn't always about inbound weapons, but about economic opportunity based on how actors change market forces.

We need to engage -- and right now, she says, the US is not engaging. It's critical to work with all nations in diplomatic exchanges, not only those which are like-minded. "I mean real diplomatic negotiations, understanding what the other side wants," Hathaway explains.

The Internet is core to international interactions, trade negotiations, and communications technology. It could present a real risk, and any nation could abuse it. "Anybody can be a geopolitical threat depending on how they use or misuse technologies and market forces," she says.

Fellow experts agree the issue of democratic threats is as much about public policy as it is about tech.

"Cybersecurity lies at the interface of a number of different areas -- home, abroad, civilian, and military," said Sir Julian King, European commissioner for the UK Security Union, in his opening keynote remarks. "Many different actors need to be involved when [a cyberattack] happens, and they need to work together swiftly and efficiently."

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/22/2017 | 10:49:15 AM
Long problematic
Considering that (1) security researchers have been pointing out the technical flaws with actual digital voting for years and (2) we still haven't resolved the issues of low-tech threats (e.g., actual coercion, ballot-box stuffing, etc.), these sudden realizations are neither surprising nor promising.
Researchers Offer a 'VirusTotal for ICS'
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.