Undisclosed cyber incident information in the nonclassified environment puts U.S. security and the economy at great risk, writes blogger Kevin Coleman.
Hostile activities in cyberspace have grown, and by many accounts the growth rate has been dramatic. But few people have a real appreciation of just how big this issue actually is, and for good reason. When we look at the cyberattacks, we break the collective environment into three distinct areas:
- What happens in the classified environment?
- What happens and is disclosed in the open environment?
- What happens and is undisclosed in the open environment?
In the classified environment it is necessary to have controls in place to protect the information about cyberattacks from being disclosed. For these reasons information about cyberattacks in this environment is typically restricted to those with a need to know. The disclosure of this information could hinder ongoing investigations or compromise covert cyber missions.
In the open environment businesses, government entities with nonclassified-but-sensitive data, educational institutions and other organizations can and most of the time do disclose when they fall victim to cyberattacks. In some cases there are regulations that actually require the disclosure of these events. Organizations have learned that proper and timely disclosure of successful cyberattacks can actually help mitigate the total amount of attack damage to the organization.
In the undisclosed environment, government entities with nonclassified or sensitive data, educational institutions and other organizations either do not have or choose to ignore their requirement to disclose successful cyberattacks. When an entity is compromised, it often is concerned about how its organization will be viewed because of the incident. In other incidents management or those who are responsible for securing the systems tend to operate in their own self-interests and do not inform management of the incident.
The largest area is the undisclosed environment. That is why we call the cyberattack economic damage to the undisclosed environment "the big unknown." In one case, a privately held company experienced a cyberattack that was successful by anyone’s standard. The information on more than 200 pieces of intellectual property was copied and exfiltrated from their corporate systems. In a short period of time after the incident, the company noticed that a few patents had been filed in a foreign country. After examination of the foreign patent document, it was determined that they were clearly based on pieces of the intellectual property that had been stolen.
The United States is the most innovative and creative country in the world.The national security implications associated with the theft of classified intellectual property and data are well recognized. However, the theft of our unclassified intellectual property and the economic impact on the company and the U.S. economy are underappreciated.
The economic and national security implications of the recent publicly disclosed “Shady RAT” cyber espionage incident that operated for at least five years are unknown. Researchers into this incident are quick to warn that only one of the multiple control servers was analyzed; therefore, the number of entities compromised is likely to grow, as is the amount of data and intellectual property that were compromised in the attack.
In a rare public statement, the Government Communications Headquarters, a British intelligence agency (much like the National Security Agency in the United States), expressed its concern and pushed for increased defenses. The United States has significant intelligence collections capabilities. Many claim they are the best in the world. It is important to recognize our intelligence agencies do not work alone. Our allies and their intelligence organization share intelligence they collect with us and we respond in kind. There are those who warn at some point in time, international intelligence providers to the United States might choose to mitigate the risk to their intelligence assets and stop providing the intelligence to the United States about these breaches. In fact, that could be one of the motives behind the constant attacks.