Jan Wünsche: In retrospect of Recent Cyber Events – what have we learned?

I have had the pleasure of editing the recurring Recent Cyber Events reports for almost two years now, and it is time to look back at what we have achieved. When we started this series in 2020 our objective was to show, using examples from very real events in the cyber domain, what the threat looks like and what it could mean to a military organisation. The CCDCOE conducts a fair bit of research but a publication like Recent Cyber Events gives us a chance to put this research into a current context in a more concise and timely manner.

The intent has never been to compete with the up-to-the-minute technically oriented information provided by CSIRTs and IT security companies, aimed at managing current threats here and now. Neither are we trying to cover every cyber incident or link every news article related to cyber. Instead, we pick a few good examples of recent developments, including threats and incidents and new developments and guidance for managing and responding.

Using these real-life stories we can show the importance and potential impact for the military and national security, highlighting what considerations decision-makers need to understand and what options for response may be available, drawing both from recent commentary in the media and from the Centre’s own research and extensive experience.

During the two years we have covered a diverse set of issues from individual cyberattacks to the development of international norms for responsible state behaviour. If there is one thing that has stayed with us all the way from the first issue, it is the growing impact of ransomware and the search for effective responses and deterrence against this threat. With a number of attacks that have affected society through effects on importance services, the potential of these attacks to cause serious harm to a nation is becoming more and more apparent. For me this became real when we reported on the attacks that shut down the Coop supermarkets in my home country Sweden.

A related topic that we made the focus of one issue is the importance of the software supply chain. Sneaking malicious code into popular software products gives attackers a way to reach many targets in one blow. This was, of course, the tactic behind the Solarwinds attack, which was the first big incident we reported on in 2021.

I’m happy to say that we haven’t only been listing the threats and incidents. In every issue we try to highlight some of the things that can be done to deter attackers, prevent attacks and respond to them. The latest issue was, for example, dedicated to the Zero Trust security model that is really gaining momentum as a framework for increased cyber security.

I believe the resolve from both nations and the NATO alliance to try to deter future attacks has also grown during the period. This can be seen in clear guidance or even regulation to providers of critical services, in the wording of new strategy and policy documents and in the cyber operations aimed at disrupting criminal gangs behind malicious cyber activities. One example we reported on was the take down of the EMOTET botnet in Operation Ladybird – a success story even though the network seems to be remerging now, a possibility we hinted at in the story.

It is clear to me that effective regulation is needed to raise cyber security to an acceptable level across the board. Finding the right way to do this, setting achievable requirements that actually contribute to better security, is a challenge for regulators. In the Zero Trust issue we discussed the US approach of mandating a Zero Trust approach for federal agencies and argued that this may be a useful tool. It will be interesting to see how this works out and if others follow suit.

The format of Recent Cyber Events has evolved over the two years, and we hope to continue to develop the concept based on feedback from our readers. This year we have added a cover with hyperlinks to the articles to make it easier for readers to pick and choose from the content. We have also made the reports more focused, mainly covering one specific topic or theme in each issue from several different perspectives and trying to tie those together.

We are looking forward to continuing to cover developments in the digital domain in the new year.

By Jan Wünsche, Strategy Researcher at the CCDCOE