Cyberwar blurs lines between military/civilian, public/private sectors [CyCon Tallinn] The danger that the cyberwarfare threat spectrum could pose a sustained future risk to both military sites and critical civilian infrastructure – such as power grids, hospitals and telecom networks – is certain to stimulate deeper levels of collaboration between defense and law enforcement agencies and industry cyber experts. The fundamental dynamic driving closer cooperation between state agencies and industry is formed from the common objective of not alone defending against threats in cyberspace, but devising the tools to respond using precise surgical strikes against aggressors in the cyber battlespace. A higher degree of cooperation between state cyber defense agencies and industry will focus on developing more robust vertical data traffic analysis tools to improve the general understanding and interpretation of high malware activity and trends, nationally and globally, as used by hostile parties in the cyberspace domain. The opening up of new channels of collaboration between state and industry actors in the cybersecurity area featured prominently at CyCon 2017 in Tallinn, Estonia. Notwithstanding collaboration with industry, the state will retain a primary responsibility to defend its country’s systems, said James Lewis, a Senior Vice President at the Washington-based Center for Strategic and International Studies. “There are now an infinite galaxy of vulnerabilities. Collaboration with industry and the private sector will increase. The core question for the nation state is how can it best protect its citizens,” he said. The gateway to deeper and more practical cooperation between state and industry actors in the cyberspace domain remains complicated said William H. Saito, a special adviser on cyber technologies and threats to the government of Japan. “Only 10 years ago, the 10 biggest companies globally were oil companies. Now the biggest 10 companies are all technology. The state and industry have room to collaborate more in the area of finding better cybersecurity solutions, but there are issues of intelligence transfer and trust. The private sector too has problems sharing intelligence,” said Saito. The greater threat of cyberwarfare actors targeting military sites and critical civilian infrastructure, such as airports, electric grids and telecom networks, requires closer cooperation between the state and private cybersecurity sectors, said Isaac Ben Israel, the head of the Blavatnik Interdisciplinary Cyber Research Center at Tel-Aviv University. However, Ben Israel concedes that state-industry collaborations, such as operational cyber-security partnerships, can be problematic for governments and militaries. “Companies are not doing the kind of cyber-defensive and offensive tools and weapons work that is being done by the state and its agencies. States do not generally outsource this kind of work to the private sector,” Ben Isaac said. Martin Libicki, a cyber/IT research scientist with Rand Corporation, holds the view that collaboration between governments and industry in the cyber battlespace must be highly regulated and disciplined. “We need a consensus that cyber threats are bad. We need to be able to detect the attackers and respond effectively. I’m not so sure that companies using offensive cyber weapons to stop attacks is a good thing. This may just lead to counter-measures by hostile cyber actors that escalate situations,” said Libicki. The prevailing reality for governments and their various national defense infrastructures is that the war in cyberspace is being waged against both military and civilian targets, said Olaf Kolkman, the chief internet technology officer with Internet Society, the Geneva-based internet security policy organization. “There is no longer a military world and a civilian world. In cyberspace, the two have merged. Most targets are military, but attacks are also being launched against power plants and financial systems,” Kolkman said. The pressing challenge for the cybersecurity industry, says Vitrociset’s Sinibaldi Giorgio, is to develop pre-emptive architecture and specialized tools that can detect cyberattacks. “We need to become better at finding threats that have not been detected. We need to have stronger predictive capacities to counter threats at all levels,” said Giorgio, who is the senior Technologies Solution manager at the Rome-based system defense and security solutions corporation. The added motivation for industry, in working more closely with state law enforcement agencies in the cyber battlespace, comes from the stark potential for financial loss, said Robert Koch, a cybersecurity research scientist at the Universität der Bundeswehr in Munich. “We are dealing with serious intrusion of information networks and the loss of valuable data. It is estimated that the financial cost of data losses from cyber crimes to the present day amount to US$800 billion. The financial cost from cyber crimes could exceed US$2 trillion by 2029,” Koch said. For industry, the organizational integration of offensive cyber capabilities must focus on the optimal product design solutions that are sophisticated, effective, legal, cost efficient and be at the user’s disposal on a permanent basis, said Max Smeets, a cybersecurity and technology expert at the University of Oxford’s Cyber Studies Program. “It becomes more difficult, from the defenders viewpoint, to recognize the cyberattackers intention and accurately respond. This makes a proportionate response harder,” said Smeets. Traffic data analysis is one area where governments, militaries and law enforcement agencies can work more productively with industry and the private sector, said Kenneth Geers, a senior research scientist with Toronto-based Comodo Corporation. “There is a wide range of operations for information gathering on malware activity and its correlation, that it should make it possible, given a sufficiently large incidence of malware activity, to predict future threats. This is all about cooperation and the ability to understand patterns and know where to look,” Geers said. Geers, who is a non-resident senior fellow at the Atlantic Council’s Cyber Statecraft Initiative and a NATO Cooperative Cyber Defence Centre of Excellence Ambassador, believes higher performance predictive modelling tools have the capacity to more precisely track terrorist organizations such as ISIS. “We need to develop more forward-looking detection models. It should be possible to deliver improved predictive modelling on known actors, like ISIS and Daesh. This can be done by developing superior intel tools to more closely track malware and other communications activity patterns, and use traffic analysis on data to better understand these patterns and anticipate events,” said Geers.