CISOs everywhere should pay attention when ODNI outlines cybersecurity threats coming from nation-states and independent groups around the world.
When the Office of the Director of National Intelligence (ODNI) highlights a threat in its unclassified assessment and intimates that there is substantive supporting evidence available, one should not sit back and let the data points pass idly by β and we arenβt. The ODNI minced no words as they addressed China, Russia, North Korea, and Iran as the key nation-states responsible for cyber threats and then continued to highlight other non-state actors that are equally worthy of our attention in the 2023 Threat Assessment.
The ODNI is the focal point of numerous intelligence organizations within the US and has the all-source optic into their work vis-Γ -vis intelligence gathering on the topic of cybersecurity. While this assessment is US-centric, the findings will be of interest to the United Statesβ allies and partners. From a CISO perspective, borders are meaningless when it comes to the threats identified by the US intelligence community, the source of the warning carries with it an all-important credibility factor.
CISOs should be discussing international cyber threats
CISOs would be well served to use these findings as a starting block in discussions with available interlocutors from the Department of Homeland Security (DHS), the FBI, and other US government agencies about the dangers they or their sector may be facing and about which the CISO lacks visibility and has a need to know.
The commonality across the four nation-states identified is that each is not only able, but they are also willing to engage adversarial targets of interest in the cyber domain. China is identified as βthe broadest, most active, and persistent cyber espionage threat to US Government and private-sector networks.β Since the OPM hack of 2015, followed by the various credit reporting agencies, then health organizations, social matchmaking sites, and finally TikTok, China is continuously collecting bits and pieces of data building mosaics on both companies and individuals. Even the recent spy balloon incident may have been a Chinese gambit to collect more data.
China plays the long game. Its strategy isnβt measured by quarterly reports but focused on generational change. The inhibitor to their long-term planning is the United States, which is viewed as standing in the way of Chinaβs global expansion and threatening the Chinese Communist Partyβs (CCP) hold on power. That said, the current US administration makes clear both publicly and privately to China they are interested in competition, not confrontation.
China is preparing for both competition and confrontation
It is the domestic audience to whom Chinaβs CCP mouthpieces are playing, and the continued exclusion of US web content is demonstrative of the CCPβs fear that such would cause its hold on power to be placed in jeopardy. Thus, China is preparing for both competition and confrontation.
China brings to the table a panoply of cyber espionage capabilities as evidenced by successful operations that have βincluded compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations.β In other words, Chinaβs cyber espionage intent when it targets an entity is for sustained and continuous access.
The assessment notes that βif Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against US homeland critical infrastructure and military assets worldwide. Such a strike would be designed to deter US military action by impeding US decision-making, inducing societal panic, and interfering with the deployment of US forces.β The ODNI assesses China as capable of currently being able to βdisrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.β
Chinaβs cyber intrusions will likely target the political narrative
In their effort to control the narrative, the intelligence services in support of the CCP target US and non-US citizens alike via βcyber intrusionsβ targeting those who they view as a threat to include βjournalists, dissidents, and individuals β¦ critical of CCP narratives, policies, and actions.β
Both China and Russia were assessed by the ODNI as being both capable and successful in running operations designed to influence audiences, both foreign and domestic. With respect to China, its efforts are designed βto sow doubts about US leadership, undermine democracy, and extend Beijingβs influence, particularly in East Asia and the western Pacific.β When engaging the US as an audience, its efforts have largely been focused on improving the perception of China by the US populace. To accomplish this, they βuse a sophisticated array of covert, overt, licit, and illicit means to try to soften US criticism, shape US power centersβ views of China, and influence policymakers at all levels of government.β
Russiaβs priority is Ukraine, but the US remains a target
Russia, for its part, is also engaged in influence operations and is viewed by the ODNI as the βmost serious foreign intelligence threat to the US, because it uses its intelligence services, proxies, and wide-ranging influence tools to try and divide Western alliances β¦ undermine US global standing, sow discord inside the US and influence US voters and decision making.β US elections are viewed as fair game by Moscow and whose various intelligence arms have been conducting βinfluence operations against US elections for decades, including as recently as the US midterm elections in 2022.β
On the cyber front, Russia has prioritized Ukraine since 2022 and its efforts in that realm were assessed as falling short of expectations. That said, Russia should be viewed as the βtop cyber threatβ as it goes through refinement of its attack processes and procedures. With respect to the US, the critical infrastructure of the United States is at the top of Russiaβs targeting folio, βparticularly focused on improving its ability to target critical infrastructure, including underwater cables and industrial control systems, in the United States as well as in allied and partner countries, because compromising such infrastructure improves and demonstrates its ability to damage infrastructure during a crisis.β
ODNI identifies lesser players who are powerful nonetheless
The minor-league players identified in the ODNI assessment are minor only in their geographic size and ability to project their power. They remain and continue to demonstrate that they are formidable adversaries in the cyber world.
Iran has adopted an βopportunistic approach to cyber-attacksβ which makes US critical infrastructure a prime target, as Iran may choose to βdemonstrate it can push back against the USβ by taking advantage of lax security by critical infrastructure owners. Skeptics need only look at the recent successes which Iran has enjoyed against Israel, including the compromise, recruitment, and exploitation of insiders and their access to targets of interest.
North Korea is cash poor and thus uses its cyber capabilities to fund the regime. To watch North Korea in action, one would think they were observing a masterclass on how to conduct cybercrime, with a side serving of espionage and attack threats. A blockchain entity in Singapore was light $225 million after North Korea danced through their infrastructure heisting their cryptocurrency. ODNI notes how βPyongyangβs cyber forces have matured and are fully capable of achieving a range of strategic objectives against diverse targets, including a wider target set in the United States.β
Nation States target who they target. Iβve long said, you donβt get to choose whether you are the target, the adversary chooses who they target. You can, however, be better prepared by engaging in public-private partnerships when available to stay on top of what is happening on a broad scale.
