30 minute read
Cyberwatch Finland Quarterly Review Q1 2020
1. Cyber Security Forecast 2020
Advertisement
There are many similarities to a global cyber crisis. We do not know exactly what has happened, or why, and we do not know who is behind these phenomena. Most visibly, we see the after-effects and all possible actions and resources need to be focused on managing them. Reliable and up-to-date communication is worth an incomputable amount.
Fierce rumours have already circulated about the use of biological weapons, and speculation about the motives will certainly continue for a long time. Cybercriminals has also taken advantage of the crisis; for example, various phishing messages and fake websites have increased significantly. Attempts are being made to exploit people’s distressed state of mind and to create more chaos and uncertainty.
Influencing electoral results has been particularly prominent, while other forms of influence and cyber-espionage have received less attention. The fragmentation of the internet has long been talked about. Huawei has offered to build a new, better global internet that can overcome the weaknesses of the existing internet. This initiative was presented at the ITU (International Telecommunication Union) meeting. China is striving to become a global actor and a key player in all digital foras of the world.
A good example is Iran’s increased cyber-impact following the US air strike, although Iran’s missile strikes attracted the most media attention. The US-China trade war has also increased cyber operations between countries.
Many studies have mentioned ransomware as the biggest trend in cybercrime and its rapid increase. Ransomware is constantly evolving into new and more sophisticated forms, and the ‘ransomware as a service’ concept is very popular in the ‘Dark Internet’. Increasingly, ransomware programs also target government organisations. The malware can spread throughout the organisation’s internal network, which can at worst encrypt all network drives, cloud files, and even backups.
Cybercrime is becoming more and more professional
Cyber criminals are becoming more professional and are quickly learning new skills to efficiently identify vulnerabilities and to exploit them in attacks. Cybercrime attacks are strategically well planned. Attacks are increasingly complex, progressive, combining multiple means, and thus more challenging to defend against. It is likely that the number of sophisticated, targeted and long-lasting attacks will increase. Cyber-criminals are looking for deeper architectural access into the systems of different organisations, into the heart of the hardware. Attacks that exploit BIOS or other firmware vulnerabilities indicate that the deeper the technology extends, the more system access they will have. Successful hardware attacks allow an attacker to gain access to a physical machine without triggering any alarms. It is challenging to detect these attacks in a timely fashion, as virtual machines, the entire memory, and all disk drives continue to function normally, even after a reboot and reinstallation.
The technical aspects of artificial intelligence are gaining new nuances. In principle, artificial intelligence will adapt and personalise according to the individual’s own needs and behaviour. Continuous iterations, algorithms and machine learning support the development of artificial intelligence, which will allow it to make decisions independently in the future. In the future, we will see more and more hybrid work between man and artificial intelligence, where both parties are responsible for a specific issue. The purpose of artificial intelligence is to create new tools that enable us to achieve better and more effective results in less time. Working with artificial intelligence will also become more common, with the automation process taking big leaps forward.
Authentication services have become more widespread and a variety of means have been developed for authentication. Fingerprint recognition, face recognition and iris recognition are currently the most well-known means of identification in biometrics, and progress is being made towards clear personalised identification. People are genetically diverse and have personal habits, and therefore no additional passwords will be needed for authentication in the future. Although the situation facilitates the individual identification of people, it also carries risks.
A good example is the facial recognition technology, which has already been harnessed to some extent. It facilitates individual verification, but there is a risk of losing personal privacy. Losing and changing a single password is common and easy, but if a person loses their biometrics, the risks of abuse are unpredictable. The same issue applies to iris recognition and fingerprint recognition. The intention of banks and companies is to move towards biometric identification. Authorities should monitor whether the resilience of banks and companies is enough to protect customer privacy and usage.
Foresight Plays a Key Role
All organisations should constantly test their own cyber capabilities in their current operating environment. For example, in telecommunication testing, it is not enough to only perform stress tests in a controlled manner, or in simulated situations. Sensors cannot collect alarmed data and samples only as anticipated, but they must continue to do so in real-time by collecting behavioural data that is slightly different. Only this will allow threats to be detected in a timely manner and reduce the response time.
Prevention and anticipation are key.
The human element is often the weakest link. Human activity is more difficult to anticipate, so knowledge management and education are becoming increasingly important factors.
Some sort of malfunction or damage will be a part of our daily lives. Revealing these problems, asking for guidance, and responding quicker are the most important precautions for any organisation. Lowering the notification threshold strengthens the performance of the organisation. High-quality fraudulent mechanisms are so advanced that even the best expert cannot avoid falling for them.
We need to be able to act and secure the vital functions of our society in situations where global connections are not working. We have already seen the GPS system shut down at critical moments, and the submarine cables being cut off. In the future, we will surely see the disruption of the 5G network, and even the internet going dark as a whole.
Even in these situations, the most critical functions of society must operate, such as government leadership, health care and the livelihood of the population. In the future, it is not enough for us to be prepared to secure critical infrastructure and services. In the planning process, we must understand what is ‘supercritical’ to our society.
Securing the supercritical functions of society must not be based on commercial platforms and services, but on strong national digital sovereignty. Suitable technological solutions have been developed in Finland. The expertise already exists, only the right situational awareness is needed for decision makers and there is enough determination to be prepared for the worst-case scenarios. Threats have already changed and are becoming increasingly challenging. Good leadership’s significance rises to the peak of the mountain. Practical implementation of the Emergency Law has just been implemented. Hopefully this has improved the understanding of preparedness and the importance of a reliable situational awareness has become evident.
2. US Cyber strategy and its priorities for 2020
The political goal of the United States is to maintain its position as a global leader and the only superpower. Cyber influencing is an increasingly integral part of its military operations. Cyber capabilities have even been seen as a new line of defence. On the other hand, cyber capabilities are part of land, sea, air and space defence.
In military operations, cyber-attacks are in many cases seen as an alternative option of attack with a smaller possibility of escalation than physical attacks. At the same time, cyber-attacks target all critical U.S. operations and services. Therefore, the ability to secure vital functions of society has been raised as a priority.
The main goal of the U.S. cyber strategy is to secure the November 2020 presidential election from various attempts of influencing. The hacking of candidates’ information systems and e-mails in previous elections, as well as the targeted influencing through social media, are to be prevented in the forthcoming elections. The U.S. offensive cyber capabilities are maintained at a high level and must be able to be used actively and spectacularly as cyber-attacks as part of political and military operations.
At the same time, the level of cyber security in America’s own systems is suffering from incidents, and Iran is expected to target large-scale cyber operations against the United States this year. In addition, global technological developments pose growing challenges in combating government intelligence and industrial espionage.
The Four Key Points of Cyber Strategy
The current US cyber strategy was drawn up in 2018 and includes four pillars, i.e. the main themes: 1. Defending the United States by protecting networks, systems, operations and data, 2. Supporting American well-being through digitalisation and innovation, 3. Maintaining a state of peace by developing an American cyber deterrent and, if necessary, punishing hostile actors, and 4. Promoting American from influencing operations an open and secure Internet.
The first pillar of the strategy will be tested this year as a result of the presidential election. Russia’s attempts to influence have already been identified and are likely to increase as the election approaches.
Elections are the cornerstone of democracy, securing them is vital in every western country. The Cybersecurity and Infrastructure Security Agency (CISA) considers the US presidential election, of November 2020, to be the biggest cyber security challenge of 2020. Efforts are being made to avoid any ambiguity as seen in previous elections, and CISA released a special Protect 2020 program at the beginning of the year. In addition to CISA, the program includes other governmental security and intelligence organisations, as well as, private cyber companies, social media companies, and universities and research institutes.
The practical measures of the program can be divided into four different areas. The first component is the electoral infrastructure, i.e. the election information systems and the communication between them, the databases of those entitled to vote, the polling stations and their IT equipment and software. National and local authorities as well as IT service providers will be supported in implementing the technical security of the electoral infrastructure.
Secondly, CISA assists candidates in securing information systems by assessing the risks and vulnerabilities, as well as providing guidance on their repairs. In addition to the United States, in several other countries there have been hacking incidents on party information systems in the run-up to the elections, as well as the publishing of negative information about specific candidates. There is a desire to prevent such influence.
The third component is US citizens, who want to be protected from groundless media influence. Citizens will be provided with information campaigns to identify information influencing and be warned about perceived disinformation campaigns.
The fourth component is the Threat Intelligence and Operation Center, maintained by the authorities and the private sector, which seeks to identify hacking and influencing attempts in advance and to alert all parties involved in the election to the identified threats. Good preparation, close co-operation between the authorities and the private sector, and experience of hacking and influencing attempts in previous elections provide a good basis for ensuring the cyber security of the elections. It must be considered likely that the US will be able to prevent major data breaches and reduce the negative effects of outside information influence in the presidential election.
The Cyber Strategy is becoming more precise
The cyber strategy has been further refined by different ministries, for example in the Ministry of Défense (DoD), which has at the same time drawn up its own cyber strategy. Naturally, the objectives of the Ministry of Defence’s strategy are more directly related to the development of military cyber-attack and defence capabilities than the national strategy. In line with the National Cyber Strategy and its third pillar, the United States has actively used cyber deterrence against other states. The operations that came to light have been successful.
The United States succeeded, at least in part, in repelling Russian attempts to influence in the 2018 congressional election. The United States used pre-election cyber deterrent to warn Russian troll factories directly of interfering in the election, and on election day itself managed to drive down the troll factories ’servers. The U.S. offensive cyber capability and global leadership will remain at least at the same level this year as before.
Last year, relations between the United States and Iran tightened in various conflicts in which the United States launched several cyber-attacks against Iran. For example, in June 2019, the United States crippled Iran’s missile systems with a cyber-attack and in September, after Iran’s drone attack on Saudi Arabia’s oil fields, the United States momentarily paralyzed Iran’s telecommunications systems and propaganda channels. The tightening of borders between countries and Iran’s rapid technological development in offensive cyber operations have made Iran a key concern for the United States in 2020.
In early January, after the United States eliminated Iranian Armed Forces General Suleiman, a U.S. government server had been hacked and Iranian propaganda communications had been deposited on its home page. Several bodies estimate that strong counter measures are expected from Iran during the first half of 2020. However, by the end of February, Iran had not carried out or at least succeeded in any wider attacks. Along with Iran China, Russia and North Korea will maintain their positions as the most significant opponents of cyber warfare of the United States, but Iran’s status as an opponent is expected to grow this year.
The United States has successfully conducted spectacular offensive cyber operations against other countries. However, a major concern for the United States is the poor level of cyber security of its own systems and thus its vulnerability to cyber intelligence and influence. The tactics of the opponents have been different from those of the United States. Instead of large and spectacular operations, several smaller and more targeted operations have been conducted that have not triggered the U.S. threshold for counter-operations.
The main concern is the vulnerabilities at the private sector
Instead of the armed forces and the state administration, the main concern is the level of cyber security at the private sector. The so-called “third-party risk”, i.e. the attack on the main target through vulnerable partner networks, is one of the most significant weaknesses that has emerged in recent
years. Another significant factor is the sharp increase in the use of civilian technology and services in the U.S. armed forces. In terms of cyber security, civilian technologies such as satellites are not on the same level as technology purely designed for the military and allow hostile cyber operations against the United States. In addition to the armed forces, critical infrastructure, and in particular the energy and financial sectors, are estimated to be most at risk due to the low level of cyber security.
Global technological advances pose a growing threat to U.S. cybersecurity, particularly from the perspective of intelligence and industrial espionage. New US Counter-Intelligence Strategy 2020-22 identifies foreign cyber intelligence and hybrid engagement as one of five counter-intelligence priorities. Constantly evolving technology and methods of cyber espionage enable secret information retrieval from the United States as well as hybrid influence on society easily, quickly, and inexpensively.
In particular, the use of IoT, 5G, quantum computing and artificial intelligence technologies as cyber intelligence tools are growing. The operational capacity of cyber counterintelligence will be improved in three areas. To develop cyber counterintelligence, a new intelligence unit will be established with the best technical expertise in cyber-threat intelligence in the United States. New tools and software are being developed to enhance cyber threat intelligence and improve situational awareness. In addition, co-operation and exchange of information between different security authorities and the private security sector will be intensified.
The U.S. cyber strategy, in all its areas, will face significant challenges this year. Active development efforts aiming at one goal; ensuring the security and independence of the presidential election. The security and credibility of the elections, as well as the narrative of the external threat to the elections, will play a major role in itself. The election is the single most significant yardstick for how successful the United States will be in cybersecurity in 2020.
3. Russia´s Cyber Capabilities
In June 2019, the United States acknowledged that since 2012, it has conducted cyber intelligence on Russia’s power grids and prepared for cyber-attacks by installing malware on Russia’s information infrastructure. According to President Putin’s press secretary, Dmitry Peskov, vital parts of the Russian economy are a constant target of cyber-attacks and Russia is constantly fighting to prevent the damage caused by these attacks. Foreign intelligence services are trying to penetrate Russia’s information infrastructures, especially in the logistics, banking and energy sectors.
According to the Russian definition, cyberspace is an operating environment consisting of the Internet and other telecommunication networks and the technological infrastructure that guarantees their operation and the human activity performed through them. Cyberspace is a clearly defined as a limited part of information domain. According to the Russian definition, an information space is an operating environment related to the shaping, creation, modification, transmission, use and storage of information which affects the information infrastructure. The Russian concept of information security includes technological and psychological information security. The information-psychological threat is directed at the human mind, its moral and spiritual world, its socio-political and psychological orientation, and its ability to make decisions. According to Russian thinking, the information technology threat, i.e. the cyber threat in Western countries, targets information technology systems, i.e. the cyber environment.
In Russia’s cyber threat perception Russia is a “besieged fort” threatened and surrounded by the United States and its Western allies. The threat is increasing and diversifying, and so are the threats presented by terrorists and extremists. The transformation of the cyber environment into a military area of operation poses a strategic threat to Russia, and large-scale cyber operations are already being carried out in peacetime. In Russia’s view, Western countries are exercising their technical dominance in a cyber-operating environment, and the development of a Western cyber weapons and preparation for a cyber war has led to a cyber arms race.
Western intelligence services are thought to have infiltrated Russian information systems for the purpose of intelligence, manipulation and alteration of information, or destruction of information. Access to information is affected by denial of service attacks. Automated industrial control systems are the target of cyber-attacks, and the Internet of Things (IoT) is also increasing Russia’s dependence on information networks and vulnerability to cyber-attacks.
The invasions of the Mongols, Napoleon and Germany in the two world wars have created a sense of vulnerability and fear of a surprise attack on the Russians, heightened by technological backwardness and a lack of easily defensible borders towards Europe. The Russian leadership describes Russia as a besieged fortress in a constant war, and warfare in its various forms is seen, according to Clausewitz, as an extension of politics. The internal opposition, which, according to the Russian narrative, is directed and funded by Western intelligence services, creates a sense of internal threat. External and internal threats, as well as a political system largely based on power ministries, have increased the importance of the armed forces and security services.
The fear of a surprise attack and internal enemies, and, for example, the feeling of vulnerability caused by technological backwardness, is also reflected in the cyber threat perception of Russia. The narrative of constant warfare and the belief in the use of force as a tool for policymaking can be seen both in the cyber threat perception and in Russia’s means of responding to the cyber threat must be experienced. Russia has sought to protect its besieged cyber fortress by preparing to isolate the Russian segment of the Internet from the global Internet, improving the protection of critical information infrastructure, and seeking to replace foreign-imported information and communication equipment and software with Russian-made equipment and software.
The internal threat will be fought through enhanced computer network monitoring, the closure of websites classified as malicious, and the identification of network users. Russia will continue to develop its cyber defence with the aim of forming a deep-rooted defence, the outer ring of which will be monitoring Russian cross-border communications and having the ability to isolate the Russian segmentfrom the global internet if necessary. The inner perimeterincludes the telecommunications intelligence system SORM and the GosSOPKA system which is for the protection of critical information infrastructure, as well as the increasingly strict user control of citizen and censorship.
Russia wants to keep the level of its own cyber capabilities secret and therefore uses proxies such as various activist groups and cybercriminals in its offensive cyberoperations. The goals and manner of which of these outsourced attacks operate are also likely to reflect the cyber capabilities of Russian state actors. Cyber operations are primarily seen as a means of hybrid influencing that always achieves significant information influence both domestically and in target countries. Russia’s active cyber espionage creates the conditions for cyber-influencing operations by collecting so-called target library of potential target countries. All security and intelligence organisations in Russia have created their own active and passive cyber capabilities.
4. The Importance of the Submarine Cable Network for Cyber Security
Recently, global attention has focused on the development of 5G technology and the new security threats that it brings along with it. This is important, but still 95% of international telecommunications travel through the submarine cable network, and not through satellites as it is commonly believed.
The global submarine cable network is the backbone and enabler of the global internet. A lot of critical information is made available through cyber-espionage. This information is of interest to state actors as well as cyber criminals, terrorists and hackers. In Finnish waters, the construction of the Russian submarine cable network has been seen mainly as an environmental problem.
All major powers are interested in the global submarine cable network in much the same way as developing a 5G network. The hidden agenda is the increase of political influence and the desire to create new hybrid modes of action. China has been increasingly willing to finance the construction of new cable networks as part of its global New Silk Road Initiative. China’s particular interest is the construction of cables that transit through the Arctic into Europe and thus apparently seeking to reduce dependency on existing cable networks.
The Northeast cable plays a key role in the redistribution plays a key role in the division of roles of political superpowers. For China in particular, the cable has an important role to play in China’s efforts to gain a permanent foothold in Europe; it is one of the key components in building a global digital silk road. The Northeast cable drops network latencies to milliseconds, enabling Chinese telecom operators, cloud service providers and e-shops to compete, somewhat on an equal front, for the usability against American platform and service companies such as Amazon, Google, Facebook and eBay.
From a European perspective, the northeast cable presents an alternative for American service providers, but Chinese services, in turn, have their own challenges. Russia, through whose territorial waters the cable will pass, will add its own challenge. It will not hesitate to use its ability to monitor traffic and, at worst, sabotage cable activities.
From Finland’s point of view, the strategic submarine cable is the new Baltic submarine cable, which offers the Northeast channel and a direct extension to Central Europe past Sweden. It is also part of the China’s strategic digital silk road, although its financial involvement in the construction of the cable is not needed this time. The Baltic Sea cable is also one of the main routes for Russian data traffic to Europe and beyond. Finland’s importance as a hub for new submarine cables will grow significantly from the perspective of the great powers. China and Russia, in particular, have a strong interest in making data traffic move smoothly on the new cables. The U.S. interest is almost the opposite, as its current data traffic hegemony can only be reached in one direction - down.
Cybersecurity threats on the submarine cable network are part of the national security of every state and the safeguarding of a vital function in society. When looking at the cyber threat of the submarine cable network, one has to look at the whole associated ecosystem and its vulnerabilities, which are exploited by cyber attackers.
The submarine cable network should be part of every state’s cyber risk analysis. Cyber espionage is certainly the most likely threat. However, the most catastrophic effects are caused by the paralysis and destruction of the cable network as part of a wider hybrid impact, or military crisis. The national contingency planning and continuity management are key tools here. System backups and alternative methods of communication are needed to secure the most critical functions of our society in all circumstances.
A significant challenge is the monitoring of the submarine cable network. Various intelligence and surveillance systems can be connected in the depths of the seas and used as part of the intelligence systems of state security organisations. They serve as good sensors in modern AI-based intelligence systems. We know that the control and destruction of the submarine cable network is part of the submarine and underwater strategies of the great powers.
The protection of submarine cables is also a challenge to national and international law. National responsibility and scope for action are limited to each state’s own territorial waters. The international water area remains a grey area. The International Law of the Sea defines the disruption and destruction of a cable network as a criminal offence, but it speaks nothing of cyber espionage and influence. In addition, damage investigation and attribution are difficult and always requires international cooperation. The great powers, which have the resources to operate the monitoring and repair of submarine cables, can, of course, invoke the right to self-defence of the UN Charter and take retaliatory action on that basis. Smaller countries do not have this opportunity.
Countries like Finland must plan their communications intelligently, using cryptological solutions to protect confidential information, and plan to ensure the use of alternative telecommunications solutions. New technologies also offer many new opportunities to protect and secure our vital communications. “End-to-end” encryption is the easiest and most secure solution to ensure the most critical communication.
5. Information Influencing is part of Cyber Operations
Some countries have introduced so-called ‘troll factories’ designed to spread false propaganda. A Russian troll factory in Africa was recently discovered. Russia appears to be building up the network of troll factories, making tracing more difficult and increasing the efficiency.
The best countermeasure against disinformation is fact-based journalism, which combats large masses of social media information. Media giants have a huge responsibility for the content they publish to their citizens and the direction in which their opinions are directed. The different rules of the internet also make it a challenging situation. Restrictions and limitations are in principle determined by the different states. State actors and critical companies are the target of continuous information influencing, and may also be targeted at a single employee, in a prominent position, whose activities they wish to complicate.
Identifying fake news is becoming increasingly difficult as the media is fragmented and information influencing is increasingly campaigned.
Information influence and disinformation create distorted images and direct people’s opinions and behaviours.
Information influencing is increasingly intertwined with cyber operations. For example, malware attacks associated with information operations shake up our basic infrastructure. The events seem to be the handwriting of individual factors, but there is still state influence behind it. As an effective means of information influencing, malware attacks are sophisticated and false information that is published is of much higher quality. Its appearance and content are designed to look as real and high-quality as possible, with added images and videos to dispel doubts and to reinforce authenticity. The whole false news package is thus very compact, which makes it difficult to question the truth of the information. Cyber operations and the information effects they generate are part of, for example, the basic concept of Russian hybrid operations.
Denial-of-service attacks are not only aimed at disrupting the sites of the selected target but have become an alternative model for producing massive amounts of false news. The intention is to replace quantity with quality, but at the same time the amount of information and news that has been shared has exploded, making it increasingly difficult to extract fact-based news from the masses.
Artificial intelligence has extended its helping hand to prevent and support information influencing. Artificial intelligence has begun to be used to detect and prevent false news and bot activity.
With advanced text-comprehension and audiovisual technologies combined with a sophisticated algorithm, AI is already able to make some independent decisions.
To make operations more efficient, algorithms incorporate people’s prejudices, desires, expectations, and unacceptable vocabulary, which are used to screen content that should be removed from the news stream.
Challenges have arisen in artificial intelligence-based information filtering. For example, as a result of the Covid-19 epidemic, social media usage has increased dramatically, which together with staff quarantines and illnesses has led social media giants to increasingly resort to artificial intelligence-based information filtering, which has been reflected in increased data filtering errors.
6. Cyber Sabotage has Become a Major Cyber Threat
International experts have recognised cyber sabotage as a new threat. It is an activity in which an attacker operates at a lower level than war, trying to stay belowthe threshold of war. Objectives may include creating instability in the target country, testing offensive cyberattacks, hybrid operations preparation, or preparing for war. Russia is using cyber sabotage as part of its hybrid operations.
Shamoon is a modular computer virus from 2012. The virus was used in a cyber-attack on the national oil companies in Saudi Arabia and RasGas in Qatar. The attack targeted 35,000 Saudi Aramco workstations, causing the company to interrupt the operations for the week it took to restore its services. A group called the “Cutting Sword of Justice” took responsibility for the attack.
In December 2015, hackers struck a Ukrainian energy company and succeeded in cutting off electricity distribution. This multiple entry cyber-attack left 225,000 Ukrainians without electricity for six hours. A similar attack took place in the Kiev region in December 2016. Russian security organisations are suspected to have been behind those attacks.
Already in the spring of 2014, James R. Clapper, Senior Director of US Intelligence, pronounced that the largest global threats are cyber-attacks and cyber-attacks on critical infrastructure, even though he considered the potential for a major cyber-attack in the next two years to be minimal. In the summer of 2016, the correspondent of Internal Security of England, MI5 director, Jonathan Evans, said a major cyberattack (such as an electricity network paralysis or a banking disruption) could at worst paralyse British society as a whole.
In June 2017, the Petya / NonPetya malware infested the widely used M.E.Doc accounting software in Ukraine, which quickly spread to Ukrainian and international operators who had access to the accounting software. Banks, ministries, newspapers and power companies were targeted in Ukraine. Over 80 percent of the sites were in Ukraine, however, dozens of international players were also targeted. This malware, following WannaCry, spread rapidly around the world and paralysed many IT systems. Petya / NonPetya was disguised as blackmail, but the demand for ransom was just a smokescreen. The real purpose of the attack was to paralyse the critical functions of society and bring about political instability, or at least to test the operation of an offensive attack. This multi-stage attack by a state actor was also a testament to the attacker’s ability to produce a deterrent effect. So far, The cost of the attack has been over $ 2.2 billion.
These examples illustrate how critical infrastructure is being attacked causing serious damage to vital functions of society and, at worst, to human life and health. According to various estimates, cyber-attacks currently cause 1-2% of GDP loss in the western countries. Information manipulation is one of the actions typically used in cyber sabotage. Finnish companies operating in Russia are potential targets of cyber sabotage. The goals may be political and economical purposes and cybercrime ambitions.
There is no internationally accepted definition of cyber sabotage. However, it can be defined in the light of the cases described above. Cyber sabotage is the use of cyberattacks to achieve maximum physical destruction and human deterrence. Cyber sabotage operations are preceded by careful target intelligence and grounding to maximise physical destruction by digital attack, produce significant information effects, and destabilise the target’s social structures and cause fear and insecurity in humans. Most commonly the targets are the critical infrastructure and services of society.
7. Building a Cyber Culture Requires a Lot of Small Actions and Collaboration
Organisations’ Cybersecurity Culture (CSC) refers to information, beliefs, perceptions, attitudes, assumptions, norms, and values regarding our cybersecurity and how they are reflected in our behaviour in the digital operating environment. The purpose of CSC is to make cyber security attitudes an integral part of an employee’s work, habits and behaviour by incorporating them into daily activities. Adopting employees’ cyber-safe habits and processes enables the flexible cyber culture to evolve naturally and become part of the broader organisational culture of the company.
However, as business environments are constantly changing, organisations need to actively maintain and adapt their cyber culture to respond to new technologies and threats, as well as changing objectives, processes, and structures. A successful cyber culture changes the security thinking of all employees (including the security team), improving the resilience of the company, especially when it is launched, whilst taking into account the diverse needs of employees. It helps to avoid the need for intense and time-consuming security measures that prevent the employees from executing their assigned roles effectively. Most internal information leaks within organisations are the result of human error, and even though cyber security practices are common, employees can consider them as guidelines rather than rules.
Against this backdrop, developing a cybersecurity culture will bring about a changed mindset, promote security awareness and risk perception, and maintain a tight organisational culture instead of trying to force everyone to behave safely. The need for a cybersecurity culture has been recognised within organisations by several groups of staff.
It reflects the commonly accepted thinking that the way in which an organisation operates depends on the common beliefs, values and actions of its employees and that their attitude towards cyber security is embedded in it.
It has also been recognised that cyber security awareness campaigns, or the communication of possible threats, do not provide sufficient protection against ever-evolving cyber-attacks. It is also acknowledged, that technical cyber security solutions are not in a vacuum. They must be consistent with other business processes so that employees do not have to choose between doing their jobs or following the security policy. In the end, however, it is argued that people are the weakest link in the organisation. This statement can be changed by working together, educating and building a work community where employees are knowledgeable and cyber security advocates.
Building cyber culture requires tools and practices that are contextualised to the needs and circumstances of individual organisations. While they are generally targeted at those employed in security functions and/or teams responsible for enhancing the security of the digital work environment, cybersecurity capabilities need to be enhanced for all employees, regardless of role or seniority. This is to ensure common understanding on what is required to initiate and produce the construction of the organisation’s own cyber security culture.
