COVID-19 and cybersecurity – who would have guessed that these two words would be spoken in the same sentence? But for our cyber adversaries, it is a common tactic out of their playbook — take full advantage of disaster-like situations and prey upon the unexpectant during their most vulnerable moments.
Although cyberattacks can take many different forms, the human element continues to be the focal point for obtaining credentials necessary to access critical information in the cyber domain. Two of the most common methods our adversaries are using to exploit the global pandemic is through the use of phishing activities and influence campaigns.
Emails, web pages, text messages and telephone scams are the most common phishing activities that turn the unexpectant user into a statistic. As of this writing, Google returns 146,000,000 results when you search for COVID-19. Although the majority of these instances are legitimate articles, papers and blogs, they are entwined with web pages that are true phishing activities. As individuals seek the most recent COVID-19 information and news, they are swept into clicking on unsavory links with eye-catching titles, which promise vaccine updates, home cures, death statistics, local and government updates, as well as the roll out of the CARES Act stimulus package.
Research and development efforts on coronavirus vaccines and treatments are also becoming prime targets for digital espionage and intellectual theft. A joint announcement by the Federal Bureau of Investigation and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) accuses China of doing exactly that:
“These actors have been observed attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research. The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
Our adversaries are also exploiting the misfortunes of others through the use of influence operations and disinformation activities. Disinformation is false information that is deliberately proliferated to deceive others. Current activities have focused on the spreading of false information to discredit and undermine trust in our government, and to circulate COVID-19 fear and panic amongst the population.
Some military practitioners see all of this – including the spread of disinformation about the origin of the virus — as potentially part of a larger premeditated military strategy. Sun Tzu’s The Art of War highlights that “all warfare is based on deception and the greatest victory is that which requires no battle.” Honed by centuries of warfare, the Chinese have taken the historical lessons of the past and become masters of the art of asymmetric and unconventional warfare.
The book Unrestricted Warfare, written in 1999 by two colonels in the People’s Liberation Army, discusses how a nation can defeat a technologically superior opponent and highlights potential future tactics this way:
“To our way of thinking, a planned stock market crash, a computer virus attack, making the currency exchange rate of an enemy country erratic, and spreading rumors on the Internet about the leaders of an enemy country can all be thought of as new concept weapons.”
The 2018 National Defense Strategy highlights that “China is leveraging military modernization, influence operations, and predatory economics to coerce neighboring countries to reorder the Indo-Pacific region to their advantage,” as well as to “displace the United States to achieve global preeminence in the future.”
As China marches forward to gain economic domination, cyberwarfare will continue to play a large part of their strategy. We must continue to improve our day-to-day security operations and posture by:
- Educating and training our nation on cyber threats,
- Practicing basic computer hygiene,
- Improving system credentialing requirements,
- Identifying and remediating network gaps and vulnerabilities,
- Improving incident response capabilities, and
- Evaluating and mitigating supply chain IT risks.
Although many of these recommendations seem “old hat,” when implemented correctly they form the cybersecurity foundation needed to protect our networks. To ensure we stay ahead of our cyber opponents, industry must continue to find ways to innovate and simplify cybersecurity processes by eliminating the user when possible. In the near term this can be accomplished by replacing legacy systems with emerging technologies, managing cyber risk with automation and continuous monitoring, enhancing IT resiliency and continuity, and migrating applications to the cloud. As emerging technologies mature in the areas of data analytics, machine learning, quantum computing and artificial intelligence, we must ensure cybersecurity is not an afterthought and must be built in upfront. We must remember that the same emerging capabilities we are developing to protect ourselves, will be part of our adversary’s tool kit and eventually used against us.
Our adversaries are always looking for the next opportunity to inflict pain on our nation. The ongoing demonstrations over the death of George Floyd provide our adversaries another favorable combination of circumstances, time and place to phish, disinform, and entangle the unwary. As Sun Tzu reminds us, “In the midst of chaos, there is also opportunity.”