Cyber Threat Landscape in Conflict Zones and Beyond

During times of conflict, much of the attention goes to the physical front — the war happening on the ground — but in our modern age, another equally dangerous front exists: the digital realm. Jurisdictions around the world are beginning to realize that they must defend their cyberspace just as resolutely as their physical territory, or else risk terrifying consequences.

Why cybersecurity is an important consideration in times of conflict

For example, through a cyberattack, bad actors can access and disrupt critical infrastructure, such as water, electrical power, and more. The consequences of these attacks can be catastrophic, leading to widespread damage and loss of life. The first of these hacks into critical infrastructure happened in 2015, when a power system in Ukraine was hacked, leaving nearly a quarter million residents without power. In the years since, even more attacks of this magnitude have shown the importance of countries protecting their infrastructure.

On the other side of the spectrum, digital warfare can comprise cyberespionage and disinformation campaigns wherein wrongdoers aim to steal sensitive information, which can then be used against their opponents or to manipulate public opinion using falsehoods. These types of cyberattacks can have massive consequences, including eroding the public’s trust in their government.

Beyond that, countries experiencing these cyber attacks can also expect massive economic fallout, including the disruption of businesses. As such, it becomes clear that a state’s sovereignty and independence are fundamentally affected by its ability to defend its cyberspace.

Thankfully, like in traditional warfare, a strong cybersecurity stance can deter potential attacks. This requires a multilayered security approach, fortifying “digital defenses” across all levels.

Steps states must take to fortify their cybersecurity

The most apparent steps an entity can take to fortify its cyberspace are on a physical level. The physical infrastructure that allows users to access information and systems that wrongdoers may wish to access for nefarious purposes — including servers, laptops, and other IT assets — must be secured. Common security methods include surveillance cameras and access control systems requiring safeguards like electronic ID badges or cards.

Next, states must implement stringent network security protocols. Vendors such as Cisco, Fortinet, and Palo Alto Networks offer firewalls to help block unauthorized access and provide monitoring and control for incoming and outgoing network traffic based on predetermined security rules. It is also advisable to use measures like Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to monitor network activities for malicious activities and policy violations.

Identity and access management (IAM) policies can also help protect an entity’s cyberspace by ensuring that only the right individuals have access to resources in the organization at the right times and for the right reasons. In other words, IAM policies manage network users’ roles and access privileges. They initiate, capture, record, and manage user identities and related access permissions in an automated way, ensuring that all individuals and services are properly authenticated, authorized, and audited.

Endpoint security is another critical aspect of a robust cybersecurity approach, as it fortifies every network endpoint, including computers, smartphones, and tablets. Antivirus software such as Norton, Avira, and Bitdefender can protect against malware by collecting data from endpoint devices and scrutinizing it for unusual activities. This makes antivirus software an excellent line of defense to thwart the attempts of those with ill intent.

Of course, data security measures can safeguard information at the most fundamental level. Data should be safeguarded and encryption techniques used, regardless of whether data is at rest or in transit. Tools like Symantec Endpoint Encryption and Microsoft BitLocker provide data protection by converting data into code that can only be decrypted with the appropriate key. These are best used in conjunction with a backup solution, such as Veeam or Acronis, to recover data in the case of loss, a ransomware attack, or corruption.

The final step an entity should implement to protect its cyberspace is a security information and event management (SIEM) solution. These software collect log and event data from various sources within an organization’s IT infrastructure, normalize it into a standard format, and aggregate it into a central location for easier analysis. This allows the system to identify patterns or behaviors that could indicate a potential security threat — for instance, multiple failed login attempts from the same IP address — and generate an alert.

A comprehensive, yet diplomatic approach to cybersecurity

Although these steps may seem like overkill, they provide multiple layers of defense to allow states to rest easier during times of conflict. No single security measure is foolproof, so having multiple layers of defense is the only way to provide comprehensive protection. After all, the more layers of security measures a wrongdoer must overcome, the more likely they are to be thwarted in their malicious actions.

Some have wondered whether implementing such stringent cybersecurity measures could have implications for international diplomacy. However, there is such a thing as a diplomatic approach to cybersecurity.

States should work together to establish global cybersecurity norms, respect privacy and intellectual property rights, communicate about threats and countermeasures openly, and support less technologically advanced entities to improve the world’s overall security. Through collaboration, clear communication, and agreement on norms and standards, the online world can be made safer and more accessible for all, and entities can be protected from the threats that cyberattacks pose to their sovereignty and function.

Learn more about how White Knight Labs can help protect the digital realm in times of conflict.

Related News:

Applying AI in an Ethical Way: Is It Possible?

Digital Twins Poised To Change the Way Enterprise Networks are Managed


About Author

Greg Hatcher transitioned from the military in 2017 and dove headfirst into networking before quickly pivoting to offensive cyber security. He has taught at the NSA and led red teams while contracting for CISA. In 2021, he joined forces with John Stigerwalt to start a boutique offensive cyber security consultancy called White Knight Labs.