By Franck Cecile - TheExpert Cybersecurity Squad
Offensive cyber warfare, cyberattacks, information control... All these topics are increasingly in the news and are gradually shaping our world, without us necessarily realizing it. They all contribute to the implementation of what is commonly referred to as cyberwarfare—or the war of the future—through a new weapon that is still relatively unknown or misunderstood by the general public: cyber weapons. But what exactly is it? Who uses it, how, with what impact, and on what targets? What strategic, economic, or military advantages does it offer? How is the world responding to this new threat? And what impact could it have on our lives? But above all, how does it affect us as individuals?
These are the questions we will attempt to clarify and begin to answer in this report—it would be presumptuous to think that the subject can be presented and understood in its entirety, given how recent and rapidly evolving it is, and how varied its implications are. We will begin by looking at the facts to establish the current situation. The aim will be to highlight the sources of risk and identify the potential threats posed by this new weapon. We will then look at trends to try to glimpse how things might unfold and what events we should fear. Finally, we will attempt to list a number of proposals for improvements aimed at better protecting us from these new threats.
But before getting to the heart of the matter, let's clarify the meaning of the terms we will be using.
What do cyber terms really mean?
For a decade now, the term "cyber" has been regularly in the spotlight. Cyberspace, cyberattack, cyberdefense, cyberwarfare... These terms often evoke confrontations carried out in a virtual space. However, many experts in the field still have a poor understanding of these different terms, and few are able to explain them in detail. The term "cyber" is used indiscriminately and attached to just about any type of activity to generate interest and flatter the ego. However, all these terms are related to one activity: digital security.
What is the cyber world?
The etymology of the term "cyber" means "to govern." This does not tell us much more about what it is, and it is more relevant to look at what it is made up of. Cyberspace is a virtual environment composed of tangible assets ( computer equipment) that process intangible assets ( information ordigital operations).
Equipment or a system is considered computerized—and therefore subject to cyber risk— if a change in its nominal behavior can be modified via a logical layer (i.e., it is "programmable"). For example:
- A door with a mechanical handle requires manual action to open it. No computer component or electronic card can trigger the opening. These therefore do not belong to cyberspace.
- On the other hand, an autonomous vacuum cleaner that can be controlled remotely (particularly those controlled via the internet) may be the target (or source) of a cyberattack: its program could be modified, altering its original mode of operation.
The physical assets that make up cyberspace are therefore not limited to smartphones, PCs, servers, etc., but also includethe IoT (Internet of Things) and, more generally, all electronic components that are described as "smart" or "connected."
This cyber equipment hosts and transmits a setof digital information ( data such as a website, photo, document, company directory, etc.) ordigital operations(actions that control industrial robots, for example—we will come back to this in more detail later).
This set of information and operations are interconnected and hosted by information systems, which are set up and managed by theIT ( information technology) sector.
The cyber world—or cyberspace—is therefore made up of a multitude of computerized systems (PCs, servers, industrial automation systems, smartphones, electronic cards, etc.) that convey information or digital operations through a shared network. The best known of these is the Internet, but we must not forget private or isolated networks.
Cybersecurity VS Cyberdefense
The very definition of cybersecurity is not agreed upon by all stakeholders and experts involved in this field. Few are able to explain the difference between cybersecurity and cyberdefense. Fortunately, in France we are fortunate to have ANSSI, which has established itself as the leading authority on digital security and proposed a definition in 2011 in its publication "Defense and Security of Information Systems - France's Strategy":
- Cybersecurity: the desired state of an information system that enables it to withstand events originating in cyberspace that could compromise the availability, integrity, or confidentiality of stored, processed, or transmitted data and related services that these systems offer or make accessible.
- Cyberdefense: all technical and non-technical measures enabling a state to defend information systems deemed essential in cyberspace.
In summary, cyber defense is defined here as the activity of Information Systems Security (all technical, organizational, legal, and human resources aimed at protecting the availability, integrity, confidentiality, and traceability of digital information belonging to a company or individual) that enables cybersecurity.
However, cyber defense differs somewhat from IT security. The targets are different. The term "cyber" is preferred when a state, administrative authority, operator of vital importance (OVI), military entity, or even one or more human lives are affected by a digital risk. For everything else, the term "IT security" is more appropriate.
Official definitions and activities related to cybersecurity
Except that! The cyber world has evolved considerably in recent years, and so has the meaning of terms. New ones have appeared, and France took the opportunity to publish a series of definitions in the Official Journal of September 19, 2017. These clarifications serve to bring consistency between the various state entities setting up a cyber organization, particularly within the military world. Without going into detail or listing the definitions one by one, SSI's activity amounts to cyberprotection, while the meaning of cyberdefense is evolving. We can summarize things as follows:
Cybersecurity = Cyber Protection + Cyber Defense + Cyber Resilience
- Cyberprotection represents IT security. It consists of implementing security measures (organizational or technical) to slow down or block attacks, in particular through system partitioning and the implementation of the defense-in-depth principle.
- Cyberdefense represents LID (Defensive Cyber Warfare). Its purpose is to supplement protective measures by implementing capabilities for detecting, identifying, and responding to attacks, in particular through the implementation of SOCs (Security Operation Centers). These rely primarily on integrity checks, anti-malware/virus analysis, intrusion detection and prevention, and event collection and correlation (particularly through SIEM).
- Cyber resilienceis ensured by MCS (Maintenance in Secure Condition). This activity aims to maintain the security level of an IS over time, to resist an attack, and to return to its initial state in the event of an incident. This mainly involves monitoring system vulnerabilities and flaws and performing security updates. It can also be supported by the implementation of a BCP/DRP (Business Continuity Plan or Disaster Recovery Plan) to ensure the cyber resilience of an IS in the event of a hardware failure.
Other increasingly common cyber terms are also given an official definition in this JO publication. The most interesting of these is LIO (Lutte Informatique Offensive, or Offensive Cyber Warfare). France has recently adopted a military doctrine (both public and confidential) in this area. A future article will be published on this subject. All of these terms nevertheless retain their state connotation, with the stakes now extending beyond property to include people.
IT vs. OT
The last concept that seems essential to address is the distinction between Information Technology (IT) and Operations Technology (OT), a much more recent term that is still not widely used.
While IT has historically been associated with information systems, OT is its counterpart in the industrial world. This refers to business information systems that deal not with digital information, but with digitized operations (carried out using IT tools) that enable the activation, management, or control of automated systems and machines. These are the systems found in critical infrastructure, such as water, gas, oil, and energy management, but also in road and air traffic management, aircraft and ship control systems, etc. Where IT generally offers office information systems (client-server workstations, administrative tools, telephones, printers, etc.), OT offers industrial (computerized) systems for controlling automated machines.
The two worlds have historically evolved in parallel, with a few attempts at rapprochement, which have regularly ended in failure. While the IT world has been structured strategically (governance and organization, standards, WSIS, risk analysis, etc.) and operationally (defense in depth, hardening and technology watch, implementation of security solutions, etc.), the OT world has not (or only slightly) followed suit. Although the connectivity and attack surface of OT is minimal compared to IT, it is nonetheless subject to cyber risk. In some ways, even more so. The impact of a cyberattack on one of these systems would have much more serious consequences. Added to this are growing problems. On the one hand, there is the lack of security in industrial systems (flaws and vulnerabilities, obsolescence, etc.), which is constantly being highlighted. On the other hand, there is the increasingly obvious convergence between IT and OT; the growing connectivity between these information systems will significantly increase the attack surface and, therefore, cyber risks. OT is therefore an integral part of cyberspace.
Conflict in cyberspace
In an increasingly connected world, it is now clear that cyberattacks are no longer limited to making a website unavailable or stealing information. With the attack surface growing day by day, the potential impacts are increasing exponentially. The days when simple geeks had fun defacing websites for the sake of it are now giving way to structured attackers with much more harmful motives, often financed by states or mafias. Terrorist attacks on nuclear power plants or dams, neutralization of enemy military systems (ships, aircraft, weapons systems, etc.), disruption of rail, banking, and communications systems, and even crowd manipulation...
Cyberspace has become a place of constant conflict, to the point where a new offensive weapon has been developed: cyber weapons. What exactly are they? >> Another article coming soon.
See also on the same topic:
