While the motivations behind a cyber attack vary case by case, the reality is a large number of these breaches are now state-sponsored.
Look no further than Russia’s widely-documented interference in the 2016 U.S presidential election, or the revelation that last year’s WannaCry ransomware worm was sponsored by North Korea.
With state funding behind them, these attackers have the resources to increase the sophistication of an attack to stay one step ahead of defence capabilities.
Renowned cyber security expert, Chris Painter, believes that deploying strong and significant deterrence is the best way to end state-sponsored attacks.
“By not taking decisive action against the nation states that have been doing this – that actually imposes some cost that they care about – they basically think this is a cost-free exercise and if it’s a cost-free exercise they’re likely to do it again,” he said via videoconference at an ACS breakfast on Friday.
“The analogy I draw in the physical world is that… if someone breaks into your house all the time and even though you do everything to lock the windows and the doors, that’s not really a solution because they’re not deterred, they’ll come back stronger and be emboldened.”
Speaking from Washington D.C, Painter was launching a new national cyberwarfare deterrence policy paper, Deterrence in cyberspace, developed by the Australian Computer Society (ACS), the Australian Strategic Policy Institute (ASPI) and Painter himself.
ACS President Yohan Ramasundara echoed the calls for stronger deterrence.
“Bad actors on the international stage have gotten away with too much for too long,” he said. “The reason this can occur is because up until now, there have been very few repercussions for state based actors that engage in this kind of behaviour.
“We must make these attacks have consequences. This paper provides guidance on how to achieve that.”
Starts at the top
Painter called upon global leaders to take decisive action when reprimanding cyber crime.
“We need to treat this like any other national economic or security issue,” he said. “We also have to use the tools we have and use them in an effective way that’s actually going to make a difference for the adversary
“General sanctions usually don’t really work, you have to tailor the activities you’re taking to the adversary – what’s going to make a difference to them?
“Use all the tools at your disposal, consistent with international law, everything from diplomatic tools, economic tools, cyber tools.”
He gave the example of Barack Obama condemning China’s role in widespread theft of intellectual property throughout his presidency.
“We were willing to take friction in the overall relationship between China and the US unless it was addresses – and that made a difference.”
The report also calls for the mainstreaming of cyber security “as a core national and economic security concern” and a shortened attribution cycle as ways to mitigate cyber crime.
“Public attribution of state conduct is one tool of deterrence and also helps legitimise concurrent or later responses,” it states.
“This recent trend to attribute unacceptable state conduct is a welcome development and should be applauded. It helps cut through the myth that attribution is impossible and that bad state actors can hide behind the internet’s seeming anonymity.”