Cyber Cold War increases corporate risk

The Cyber Cold War, which started when the US Government launched the stuxnet digital weapon to attack Iranian enrichment of uranium, represents a growing risk for corporates who are now being targeted by state-sponsored hackers.

On 2 January 2015, President Obama issued an Executive Order placing sanctions on North Korea in relation to what he called the “provocative, destabilizing, and repressive actions and policies of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014.”

The Executive Order directly relates to North Korea’s hacking of Sony but is part of what can be called a Cyber Cold War that started when the US Government launched it stuxnet digital weapon to target Iran’s nuclear program in 2009.

Up until now, the main people to focus on the Cyber Cold War have been computer analysts. Whilst the tech world has been full of chatter on the impact of the stuxnet program that targeted centrifuges that Iran was using to enrich uranium to weapon grade, like much that goes on in the world of geopolitics, investors have largely ignored the evolving story.

The story began in 2009 at a time when the U.S was concerned that Iran was on the brink of developing a nuclear weapons. Iran was doing everything it could to hide its enrichment activities, including developing underground facilities. Fearing the consequences if Iran developed weapons – including a possible strike by Israel – the US launched a sophisticated program that spread virally. The purpose of the program was to find certain kinds of industrial computer programs that were controlling the operation of the centrifuges. The stuxnet program was harmless to computers that did not contain certain Siemens software that was used to control industrial machinery. When stuxnet identified a computer running particular Siemens software that was operating centrifuges it would adjust operational settings that would have the impact of destroying the centrifuge.

Stuxnet – and following digital weapons – were successful in achieving their aim. Iran suffered huge problems with its enrichment program with thousands of centrifuges exploding. The US has since been able to use diplomacy to offer a solution that would see Iran uranium enriched by Russia, which would enable Iran to develop nuclear energy without weapons. Talks between parties are continuing.

But for every action there is a reaction.

Once news of the stuxnet program started to creep out on tech blogs, dedicated software analysts dug to the bottom to discover who was behind the program.

Once it was revealed that stuxnet was a digital weapon created by the US, Iran responded in its own way by developing its own cyber warfare capabilities.

According to Cylance’s report, Operation Cleaver, Iran’s cyber program has targeted, attacked and compromised more than 50 victims since 2012.
Iran’s cyber program has been backed up with rhetoric from Ayatollah Ali Khamenei, Iran’s supreme leader, who in February 2014 urged Iranian IT students to prepare for battle, stating “”You are the cyber-war agents and such a war requires Amman-like insight and Malik Ashtar-like resistance. Get yourself ready for such war wholeheartedly.”

According to Bloomberg Businessweek a catastrophic cyberattack on Las Vegas Sands Corp on 10 February 2014 directly targeted the casino’s owner Sheldon Adelson, one of the richest men in the world who had made inflammatory comments about dropping a nuclear bomb in the Iranian desert to send a message to Tehran to stop developing nuclear weapons.

In August 2012, Saudi Arabia’s Saudi Aramco was targeted with a destructive virus called Shamoon that wiped out data on 30,000 machines. It has been speculated that Iran may have been involved in this attack. Whoever was responsible, such attacks are likely to send ripple effects through nation states. The U.S response to North Korea indicates that it will take executive action – even when the target is not critical infrastructure.

The implication of the Cyber Cold War is that the greatest threat to IT systems is no longer from back-room hackers but from state sponsored, sophisticated operations. The Cyber Cold War is becoming a core business risk. The attacks on businesses including Las Vegas Sands, Saudi Aramco and Sony have demonstrated that state sponsored hackers are likely to target hard and soft targets.

What does this mean for investors?

The development of a truly global economy has presented many opportunities for investors, but it also raises the risks of contagion.

At a company level investors should analyse whether a particular company is exposed to attack for any particular reason. It is also important to assess whether a company has adequate risk management practices in place. Questioning a company on their IT security management has not in the past been seen as a material investment risk – but it is now.

It is also important for investors to spend more time reading the political section of newspapers, and not just the business section. Geo-politics – whether it be the impact of Saudi Arabia driving the global oil price down, or cyber hacking by state sponsored hackers – will play an increasing role in the global economy.

In the long term we can expect that governments and tech companies will make investments that will provide better protection of IT systems and will produce a more resilient business environment. Just as defence investments in technology resulted in innovations that were utilised commercially we can also expect that investment cyber defence may result in innovations that have larger commercial applications. But there is no guarantee that this will be the case. Investors have to appreciate the value of IT investments made by companies that reduce risk. The problem of such investments is that they are costly and businesses that are focused on short term profits will have incentives to avoid investment.

We must also hope that global leaders are able to act responsibly to ensure stability. Whether or not a digital attack is an act of war is a question that will be considered by global leaders as they respond to the new environment.


Countdown to Zero Day

Cylance Operation Cleaver Report

Click to access Cylance_Operation_Cleaver_Report.pdf

Iran’s supreme leader tells students to prepare for cyber war

Now at the Sands Casino: An Iranian Hacker in Every Server

Iran hackers may target U.S. energy, defense firms, FBI warns

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s