Since quite some years, governments are building Cyber forces – either within the military or within national intelligence. This is a normal trend and was expected even back then. When I met these governments, I typically asked them how they see the risks that the people they train actually leave the government (or get fired) and then hit the underground market. Normally, I did not get any answer.
I often use this model to talk about security:
Before we go back to the statements above, let’s briefly look into the five types of possible attackers:
- Vandals typically work for fame and recognition
- Hacktvists want to make a political statement
- Criminals work on their business case
- Terrorists disturb and attack the values of the country
- Governments do it for espionage or sabotage
Now in the recent years we have seen more and more sophisticated attack patterns initially being applied by governments showing up in the black markets and with criminals. This can be because the criminals learn and/or because some government employees start to work as criminals.
An interesting concept can be found in Israel. They definitely run one of the most sophisticated intelligence agencies – especially when it comes to Cyber. Unit 8200, the signal intelligence unit, typically has the right to employ the brightest talents leaving the technical universities in Israel. Then they stay there for a few years and then leave to the private industry. Quite some of them are actually building startups to create new technology to defend networks and data against cybercrime.
A really good and interesting model – if they do not move to the dark side.
Now, there is a claim out there that even more happened: NSA hacked? Top cyber weapons allegedly go up for auction – which is definitely not a good sign but was to be expected – sophisticated tools showing up in the dark market.
To change the game and be able to defend against such attacks, we need to apply new and surprising technology to defend against as well as detect attacks. There are promising approaches from Israel as well as the US (and guess, where the people initially came from…). But we definitely need to re-think our approaches. Looking at the outdated approaches and technologies we see applied in the industry, I am actually surprised that we do not see more outages based on security incidents.