A Bleak Landscape
Nation-states will continue to exploit gaps in security since there doesn't appear to be any way to stop breaches in the near future, according to Kevin Mandia, FireEye's CEO and board director.
Mandia told the more than 1,600 attendees at the FireEye Cyber Defense Summit 2018 in Washington, D.C., that threat actors face virtually no risks or repercussions for carrying out attacks, which will continue unabated unless a deterrent is established.
These actors continue to exploit human trust through spearphishing, Mandia said, convincing employees to execute something that's inherently malicious since it's hard to delineate the bad stuff from the good stuff. And a lack of security professionals at smaller organizations means that businesses will continue to see their supply chain being compromised.
Here's a look at what Mandia said to attendees and members of the media about the potential for rules around offensive cyberoperations, threats to the 2018 U.S. midterm elections, and which nation-state actor is the most dangerous.
5. Nations Will Agree To NATO Offensive Cyber Doctrine Within Next Few Years
Nation-states publish military doctrines to give adversaries a sense of the consequences they'll face when certain events happen, Mandia said. For instance, Mandia said the international community understands that the United States will intervene—as it did in Syria—if chemical weapons are used anywhere in the world.
But while doctrines exist to govern military behavior in the air, land or sea, Mandia said there's currently no cyber equivalent. Mandia said this has resulted in a less predictable and more aggressive cyber environment that's disliked by pretty much every nation, including Russia and North Korea.
Mandia expects a majority of nations will agree to an offensive cyber doctrine coming out of NATO within the next couple of years. The resulting document will be loose, have blurred lines, and be far from perfect, but Mandia said it'll help citizens and countries understand when offensive cyber activity is going to be provoked and why.
4. Emails Aren't Private Anymore, And People Shouldn't Treat Them As Such
Mandia responds to every single email he receives the same way, avoiding anything that could be interpreted as an affirmative or negative response and typing just 'Roger' or 'Roger That.' That's because if the most insidious nation-state actors want to gain access to the emails of a CEO or another corporate leader, Mandia said they will almost certainly succeed.
Emails aren't private anymore, and Mandia recommends that people start treating them like they're not. The permanence of the internet means that executives will likely have their career ruined if their emails are stolen and publicly disseminated, Mandia said, even if they didn't write anything that merits such a reaction.
"No one should ever have to go through that. It's one of the most heinous things you can do to somebody, because you've taken all of their private thoughts and thrown them out into the world," Mandia said. "I hope that I'm never that interesting that I become targeted."
3. U.S. Is Only Seeing 80 Percent Of Cyber Capabilities From Russia, China
Every nation is pulling punches in cyberspace, Mandia said, meaning that the United States is only seeing roughly 80 percent of the offensive cyber capabilities out of places like Russia and China. Those countries could likely do more, Mandia said, but recognize that there's a line somewhere out there that we all don't want to really cross.
Actors like Russia and China are probably also worried about the cybertools and capabilities of the United States, Mandia said, and don't want to risk a massive confrontation.
Russia has the best offensive cyber capabilities of any adversary as well as the widest berth on how they'll deploy them, Mandia said. But even they stick to what Mandia categorizes as fair game for espionage and avoid wildly targeting.
2. No Nation Will Attempt To Change The Vote Tally In The U.S. Election
Modern nations won't go after elections directly and attempt to change the tallies of votes because it's too overt and would elicit an aggressive response from the international community should it be detected, which Mandia believes it would.
"I think it's the last tool they're going to grab out of the bag to influence an election because they recognize that it's probably an intolerable thing," Mandia said.
A softer target would be going after base systems in municipalities and localities to make them inaccessible and erroneous by deleting names and scrambling party registrations in the voter databases, Mandia said.
Disinformation ops via fake news or disingenuous sites don't seem too preventable in today's internet, although Mandia said major platforms are moving toward being able to stop those things. Mandia expects everyone—including American citizens—to conduct information ops online to amplify their messaging and attempt to sway the hearts and minds of others.
1. Nation-State Actors Will Eventually Impersonate One Another
No nation has seriously attempted to masquerade as another country when conducting an offensive cyber operation, Mandia said. Countries have sometimes taken steps to plant seeds of doubts at a high level about the origin of the attack, but to date, Mandia said people on the front lines haven't ever seen a threat actor go all out in impersonating the tactics, techniques and procedures of another nation.
Sooner or later, though, Mandia expects that a nation with excellent offensive cyber capabilities will masquerade as an Advanced Persistent Threat (APT) group from a different nation for false attribution.
A decade ago, Mandia felt that organizations should just focus on defending themselves and not worry about who's attempting to carry out an attack on them. But now, Mandia and FireEye alike firmly believe that attribution is vital for convincing the global community to hold an aggressive nation-state accountable and responsible for its behavior.