Like every year, we have asked experts who are members of the European Cybersecurity Forum – CYBERSEC community and who represent different fields of the public sector, the academia and the private sector to share their opinions on challenges in cybersecurity that we are going to face in 2018.
1. Online information war will continue, attacks on critical infrastructure will increase in number
While 2017 was a year of ‘electoral hacking’ and an intense information war aimed at shaping the recipients’ viewpoint, experts say that 2018 could, unfortunately, be a year of cyber attacks on critical infrastructure. Ambassador Marina Kaljurand, Chair of the Global Commission on the Stability of Cyberspace and former Minister of Foreign Affairs in Estonia, emphasises that this trend will challenge the fundamental values that underlie the Internet – openness and freedom. Paul Timmers, an academic at the Oxford University and former Director of the Sustainable & Secure Society Directorate in the EU’s DG CONNECT, shares Kaljurand’s opinion, and adds that we witnessed attacks on systems that are crucial for the functioning of the state and society, including logistics, health and energy, as early as in 2016 and 2017. In 2018, the risk of attacks may spread over to other sectors of the economy, such as water or transport. An important element of the potential incidents will be their predicted international and cross-sector nature, which creates a dire need for cooperation between international organisations, governments and companies.
This state of affairs brings economic challenges related to the current lack of experts in cybersecurity. Furthermore, Paul Timmers continues, the fact that digitisation blurs the border between sectors makes cooperation all the more important.
However, the increased number of attacks on CI will not reduce the extent of information war. According to Commander Wiesław Goździewicz, Legal Adviser to the NATO Joint Force Training Centre in Bydgoszcz and Kosciuszko Institute’s expert, they will continue to be an important part of hybrid conflicts.
‘Massive disinformation campaigns, often conducted with the use of botnets created to produce social media messaging via fake, spoofed or taken over accounts, will continue to occur in order to create false perception or at least influence the perception of selected groups or societies, to draw public opinion’s attention away from the actual aims of state and non-state actors engaged in hybrid activities.’
Liisa Past, Chief Research Officer at the Cybersecurity branch of the Estonian Information System Authority, predicts a similar threat. According to her, 2018 will challenge governments and bodies responsible for the cybersecurity of electoral processes in terms of the ability to respond to potential threats. This concerns the bodies responsible for organising elections as well as the parties and candidates who use business or private devices themselves. Liisa Past adds that even if 2018 will not affect the key electoral processes in EU member states, we should still focus on the future and prepare for the 2019 elections to the European Parliament.
The subject of serious attacks on critical infrastructure is related to an increasing activity of states, a trend explicitly underlined by experts, who point out that such countries as Russia or North Korea will become even more active. According to Baroness Pauline Neville-Jones, a member of the House of Lords and a former member of the UK National Security Board, these countries will attempt to harm democratic societies by disrupting their functioning and national unity. This is especially dangerous, adds the Baroness, since democratic societies are driving towards an increasing dependency on ICT systems without properly securing them first against incidents. Dean Valore, attorney at Law, Valore & Gordill and former Assistant US Attorney for the Department of Justice, makes a similar diagnosis, indicating North Korea and Russia as the sources of threat. In his opinion, the risk from North Korea will grow with the increasing political tension in the region. A Korean cyber attack could aim for large-scale disruptions to infrastructure.
The potential threats from nation states force us to build a deterrence strategy that would be based on the ability to attribute responsibility for particular events. Liisa Past suggests that 2018 will challenge this very ability, which is why we should expand the potential (technological, political as well as legal) required to detect attackers.
Sean Kanuck, Director of Future Conflict and Cyber Security at the International Institute for Strategic Studies and formerly the first US National Intelligence Officer for Cyber Issues, predicts a period of an intense use of sanctions as a diplomatic tool against entities that undertake offensive actions in the cyber space.
The growing likelihood of ever-escalating conflicts in the cyber space makes it necessary to address standards of operation in the digital space. Marina Kaljurand points out that the fiasco on the part of the UN Group of Governmental Experts (GGE) forces us to look for new areas that would enable a successful collaboration in this respect. Commander Goździewicz agrees, and lists issues that we cannot afford to ignore. These include new and existing threats, strengthening abilities, skills and trust, creating recommendations for the implementation of standards, legal acts and rules of responsible national conduct and the application of international law in IT and communication.
The lack of consensus in the UN indicates an extensive, deepening divide between the viewpoints typical for two blocks: the western block and the block that includes such countries as China and Russia. According to Marina Kaljurand, such a clear division in ideologies makes it all the more necessary for the countries of the western block to focus on expanding the possibilities for collaboration.
Another trend predicted for 2018 is continued activity on the part of cyber criminals. Commander Wiesław Goździewicz suggests that criminal groups will still be one step ahead of security specialists in this ‘arms race’. He points out particular actors, such as the APT34 group (allegedly associated with Iran), which is intensifying their intelligence activity. Liisa Past also indicates a collaboration between cyber criminals and states, underlining that proxies will continue to be employed in 2018 to achieve political goals.
Dean Valore shares this opinion. He warns about a serious threat concerning cryptocurrencies: the more they gain in value, the more criminals are going to consider stealing them. Valore stresses that preventing the theft of cryptocurrency remains a priority for the US Department of Justice, especially since criminal groups from North Africa, Russia and the Balkans shows no sign of declining.
On the subject of cryptocurrencies, Mauro Tortonesi, an academic at the Faculty of Engineering of the University of Ferrara in Italy, predicts that the speculation bubble may burst in 2018, leading to a multitude of financial problems.
Paul Timmers underlines that another area that is particularly vulnerable to cyber theft is intellectual property. Continued intervention is required by the public sector, which should designate more funds for research programmes to strengthen the abilities that can prevent this type of crime.
Paul Timmers notes that even though there are many cybersecurity policies, and more still are waiting to be implemented, we can expect them to develop further. One of the areas of development will be the protection of intellectual property on an international scale. Wherever the activity of states is lacking, industry, especially the automotive and energy sectors, will increase its engagement in global cooperation.
According to Paul Timmers, Europe is going to become a reference point for teleinformation security standards and other policies related to cybersecurity.
Joanna Świątkowska, Programme Director of the European Cybersecurity Forum, Chief Editor of the European Cybersecurity Journal and Senior Research Fellow of the Kosciuszko Institute, also predicts that 2018 will see the implementation and further development of EU policies. We can expect a heated debate on the solutions that have been proposed as part of the EU Cybersecurity Package. Certification is going to be a particularly interesting subject. Oleksandr Potti, Expert for JSC Institute of Information Technology of the National University of Kharkiv in Ukraine, addresses the same issue, pointing out that harmonising the functioning of standards on the national and international scales will prove to be a serious challenge.
Joanna Świątkowska adds that 2018 is also going to be a year when the NIS Directive will be implemented and the GPDR will enter into force. Both developments will significantly change the cybersecurity landscape in Europe. According to Sean Kanuck, the GPDR will limit the scope of services related to the computing cloud and social media.
In addition to EU’s activity in cybersecurity, we expect NATO to take decisive steps in 2018. As Commander Wiesław Goździewicz points out, the decisions made during a meeting of the North Atlantic Council at the level of Ministers of Defence that took place on 8 November 2017, allow us to expect the establishment of a NATO Centre for Cybernetic Operations as part of the Allied Command Operations. A doctrine for cybernetic operations is going to be adopted soon, as well; its aim is to regulate political and operational control over national cyber abilities that will be shared voluntarily to support Allied activity. Commander Goździewicz adds that we may also expect structural changes. The on-going restructuration in NATO command creates an opportunity to include a cyber cell in the remodelled Supreme Headquarters Allied Powers Europe and the relevant bodies in Allied Joint Force Commands.
Military cyber abilities are also being strengthened by operations undertaken on the level of nation states. Oleksandr Potii suggests that an upcoming priority will be to tighten cooperation between departments responsible for digital operations and those responsible for other types of armed forces. According to Potii, states will aim for an even more intense development of a strategy related to the application of digital defence means.
The experts indicate that 2018 will see a high number of attacks that take advantage of vulnerabilities detected already in 2017. Mauro Tortonesi provides Intel ME and 802.11 as examples, and warns that the consequences of these vulnerabilities becoming abused could be even more dire. He predicts an increase in the number of attacks on the Internet of Things and cautions against botnets (even more dangerous than Mirai) and intensifying ransomware attacks.
Paul Timmers agrees with Tortonesi’s assessment of vulnerabilities, stating that we are dangerously behind with eliminating systemic vulnerabilities. Failure to take appropriate preventive actions may result in many serious consequences.
There can be no doubt that 2018 is going bring further development in technologies that will constitute extreme challenges for the cybersecurity sector in the future. Guido Noto La Diega, a Lecturer in Law at the Northumbria University and President of the Ital-IoT Centre of Multidisciplinary Research, underlines that 2018 will see a very rapid development of Distributed Ledger Technologies and lethal autonomous weapons.
According to Oleksandr Potii, an important challenge that the international society faces is the need to develop a methodology for assessing the cyber potential of each country.
Joanna Świątkowska underlines that as far as the policy in Poland is concerned, the key consideration is the final shape of the Act on Cybersecurity and the Operation Plan for the implementation of National Cybersecurity Policy Framework in Poland for 2017–2022. The steps leading to the implementation of both documents will play a significant role here.