A recent bulletin from the US Department of Homeland Security indicates that Russia would consider initiating a cyber-attack against the US if it perceives a US or NATO response to a possible Russian invasion of the Ukraine, that threatens Russia’s long-term security. Last week, the FBI and Homeland Security have seen a rising level of scanning, in particular with US law enforcement targets.
It is important to consider geopolitical friction, especially if a full-blown Russian – Ukrainian conflict occurs, as this could potentially mask a variety of cyber-attacks and threat actors. It appears that the most likely targets will be within the Ukraine itself, with companies that have business ties, or a supply chain component in the Ukraine being most at risk. There is also the ever-present risk to Critical Infrastructure, which poses a significant threat target. This has been outlined by a General Security Advisory release today from the NZ National Cyber Security Centre, where it is recommended that ‘Nationally significant organisations in New Zealand, consider their security posture.’
There has been an indication that the Ukraine has already suffered Denial of Service (DoS) attacks, targeted towards the Armed Forces, The Ministry of Defence, and entities that have been considered important to Ukraine’s financial markets.
So, is this important, and do we need to be concerned in New Zealand?
Dos attacks are one of the most difficult threats to prepare for, and respond to, as has been seen with the attacks on the NZX, KiwiBank and even MetService. There are processes and procedures that can mitigate the effects of a DoS attack such as utilising Network Behavioural Analysis Software and having and effective and up-to-date Security-Breach Response Plan. Perhaps most importantly, having an existing IR Partner can present the most effective mitigation strategy.
Another concern, is that New Zealand is currently looking to fill many vacancies in the Cyber-Security field, (the US is looking for almost 600,000 Cyber-Security experts,) with 279 results from SeekNZ when searching ‘Cyber Security’ and 2,053 results from SeekAU. The NZ Government Careers website states that there is a shortage of experienced security analysts and that nearly two thirds of IT employers report skills shortages. Training takes time and skilled talent is difficult to locate.
Finally, the ability to analyse your organisations threat posture / risk exposure levels is an important concern. Cyber-security is the art of understanding, managing, mitigating and thus, controlling risk to your organisation’s critical assets / core functionality. Being able to identify your organisations critical IT and IS assets (in particular, the data that, should it be exposed, lost or inaccessible, would have a major impact on your business,) and your key business processes, will enable you to evaluate threats that could affect your organisation’s ability to function. This process forms the basis of a security risk assessment and threat identification.
Perhaps the best response to these concerns is to be prepared. Look at your organisation’s key business processes and identify potential threat / exploitation vectors. Make sure that you have access to skilled personnel to ensure your organisations cyber-defence. And, most importantly, have a recovery plan in place that has been tested and works.
PhD, MISDF (1st Class), MBA
Senior Cyber Security Engineer