By: Doug DePeppe, Esq.
Founder at eosedge Legal
SPORTS-ISAO IS MOBILIZING TALENT FOR ASYMMETRIC THREATS, AND YOU SHOULD TEAM UP!
This piece looks at the WannaCry global ransomware attack and changes the narrative. Our view, shared by others, is that this near-catastrophe is a Call to Action, particularly for industry leaders. Global disruption via cyberspace is upon us. Raising our game requires new talent, new strategies, and new implementing structures – and not just from inside the tech world. Our team and our partners have put into practice a magnetic approach for attracting talent and generating cyber threat collection and information sharing relationships – all working together to combat the growing cyber threat. And we are announcing this capability to attract more interested contributors, participants, partners, and sponsors.
But before connecting the dots announced in the title, we should first state what’s asymmetric about the disruptive threat from cyberspace. And that is, the attacker environment is now scaling. The exploit kits are now so user-friendly even non-technical malicious threat actors can initiate attacks at the press of a button. Moreover, attacker strategy is now combining with social media efforts in a complex operation, often having far-reaching impacts. Combating this morphed threat requires an All of Society response!
MORE ON THE SCALING THREAT
- Before WannaCry, there were other debilitating attacks – like attacks on Sony and Saudi Aramco; and there was the inside knowledge dimension of the attack on the SWIFT funds transfer network. In important ways, the SWIFT attack was ‘hacking the system’, and its ramifications could undermine trust in the global financial transfer system. This new, more sophisticated, more pervasive, and more destabilizing aspect of cyberattack creates a greater urgency and calls for a greater scope of response.
- Another ‘hacking the system’ attack was the reported $3-5 million-a-day Methbot hack on the advertising industry. Our assessment of that attack included an approximate 20 percent financial exposure to the sporting industry, likely because sport-associated advertising has such high attraction. Also in the world of sport, the Sports-ISAO demonstration project, coinciding with American Olympic athletes competing in Rio, monitored the Anonymous attacks and the reported Russian influence operations hacks against the World Anti-Doping Association. After the Games, the United States Anti-Doping Association similarly suffered a Fancy Bear hack.
- Like the Fancy Bear attacks during the US election and recent attacks in France’s election, state-actor hacking has become a geopolitical phenomenon. And increasingly, the lines between criminal hacking groups, anarchists, terrorists, and state-affiliated groups have become blurred. For example, North Korea is reported to have engaged in financial cyberattacks to steal bank monies to fund its militarization efforts. With the WADA, USADA and DNC attacks, those were widely viewed as retribution by Russia from various perceived slights and official athletic sanctions from doping. These examples represent something more than a network compromise, these are instances of a Clausewitzian campaign! This is Geopolitik through the cyber domain.
CAPACITY BUILDING IN RESPONSE TO THE THREAT
What does this spiraling cyber threat pandemic have to do with sport and interns, you may rightly ask? Fair enough. Sports-ISAO launched the Crowdsourced Cyber Threat Intelligence Internship this spring, and engaged in coordination with a growing number of universities. We launched this program for several reasons.
- First, the elixir of sport triggers passion and attracts a following. Sport can be the themed activity to generate broad-based involvement in a cyber mobilization – an All of Society response. For a college student interested in cyber, having a sport tie to hands-on experiential training is a real draw. The proof for this claim are the 70 college students from universities across the country on-boarded into the Sports-ISAO internship for this summer! There exists no better platform in society than sport to excite and engage a crowdsourced model to build talent development capabilities.
- Second, indeed our society needs to grow cyber threat intelligence and analytic talent. The North Koreans reportedly have 7700 cyber warriors at their disposal. Russia and China have influence operations and asymmetric warfare doctrine. The realm of cyberattack is not going to end anytime soon. Indeed, it’s likely to worsen. The backstory to the WannaCry attack were the many researchers from around the world and information sharing groups that studied, reverse engineered, and uncovered causes and fixes for this attack. In our involvement and collaboration with many, we know the long hours put in by these experts. Cyber intelligence and analysis, not the traditional discipline of computer science, is an area where the need for unique skills is growing. Digital exhaust from attacks, social media threat analysis, darknet intelligence, geopolitical dimensions, public-private collaboration – these are a few of the sources and methods needed in commercial intelligence. And this genre is the core competency and training afforded under the Crowdsourced Cyber Threat Intelligence Internship.
- Third, in an experiential learning environment supporting a high visibility sporting event, Sports-ISAO also demonstrates to interns and interested stakeholders the value proposition of cyber threat intelligence. To too many, WannaCry and similar malware attacks are viewed primarily from the InfoSec CIA Triad lens of Confidentiality-Integrity-Availability. That is, they focus on the network, and look to the vulnerabilities exposed by the attack, like patching, access control, and user training. Fair enough. But, the real story from WannaCry – and all the other malware attacks – is that there’s an adversary out there! Patching won’t stop a determined hacker who, coupled with a strategic motive, won’t be deterred by blocking efforts. Instead, defenders need to be armed with intelligence. They need to look outside the network and get early warning about attacks and attacker trends. So, teaching tradecraft skills and geopolitical motivations is part of our approach.
- And finally, growing the talent base in cyber intelligence and analysis affords a prevention and a deterrence capability for the nation. First, indications are that information sharing communities are harder to compromise. Like a Neighborhood Watch group, attackers must devote greater resources to compromise and sustain a presence inside an entity engaged in a sharing community having better cyber hygiene. Second, America needs to become the global cyber intelligence and analysis leader, and indeed Western Societies all need to respond similarly. Aside from transferable skills afforded from our tradecraft training, no adversary wants the geopolitical pressure resulting from getting digitally fingerprinted and caught red-handed. Even if complete attribution is not possible, analysts can often make a strong case about sources of attack. In the world of geopolitics, courtroom proof is not the standard.
At the start of this piece, we called upon industry leaders to get involved. Indeed, we believe the Crowdsourced Cyber Threat Intelligence Internship provides an attractive, scalable, and important project to get behind. Programmatic features include: sport-based theme; talent development; patriotism and societal outreach; and addressing a shared risk. Partners have also expressed interests in access to talent and job placement, helping with programmatic scaling, and pursuing government capacity building intersections.
The internship kicks off in a few weeks, and includes an experiential, distributed learning, sport-themed capstone activity in August. We are looking for partnerships with corporations, universities, cyber experts and mentors, sponsors, and government agencies. Become a participant by contacting us at email@example.com.
There’s a national call to action in cyber. WHAT TEAM ARE YOU ON?!
Figure 1 – Our platform partner, TruSTAR, depiction of the threat campaign correlations from WannaCry.