With the adoption of remote work by most organizations, the need to join cloud computing and invest in solutions that provide security in this context has also increased.

Therefore, we recommend using Cloud IAM to limit the privilege of users according to their roles, ensuring the protection of data and corporate files in the cloud.

This is only possible through practices such as the use of mechanisms with multi factor authentication (MFA), as we will explain in this article. To facilitate your understanding, we divided our text into topics:

• What Is Cloud IAM?
• What Does IAM Mean?
• How Important Is Cloud IAM?
• Advantages of Cloud IAM
• How Does Cloud IAM Work?
• Cloud Types
• The Principle of Least Privilege in Cloud Environments
• What Is the Difference Between Cloud IAM and ICES?
• About senhasegura
• Conclusion
  Enjoy reading!

What Is Cloud IAM?

Identity and access management (IAM) consists of a process structure that enables information technology managers to manage users’ access to critical information in their companies.

Its capabilities include privileged access management and mechanisms such as two-factor authentication, multifactor authentication, and single sign-on systems.

All this ensures the security of sharing only the necessary data and also the possibility of storing profile and identity information in a protected manner.

You can deploy IAM systems using a cloud-based or hybrid subscription model through the services of a third-party provider. In an IAM system:

• One can protect sensitive information within a system;
• Users and groups can have different levels of access;
• Users and their roles can be added, removed, and updated in the system;
• One can identify roles in the systems and verify their attribution to each user;
• One can identify the users in the system.

What Does IAM Mean?

IAM stands for Identity and Access Management.

It is a technology that allows people to have access to a company’s data in a limited way, in order to ensure a higher level of information security.

As mentioned in the previous topic, this is possible through the following resources:

• Single sign-on systems;
• Privileged access management; and
• Multifactor authentication.

How Important Is Cloud IAM?

When we talk about cloud computing, we refer to the possibility of accessing data and files from any environment, not just from a company’s devices, which is increasingly common with the growth of remote work.

This situation creates great challenges for leaders responsible for protecting corporate documents and data, after all, if access control was made possible based on the network perimeter in the past, today, this is no longer possible.

Thus, what should be considered when granting access to cloud data is the user’s identity.

However, manually assigning and tracking user privileges can be quite a risky procedure. With that in mind, we recommend using IAM, an automated solution.

Affordable for businesses of all sizes, it has a wide range of capabilities, including AI, behavior analysis, and biometrics.

Advantages of Cloud IAM

Cloud IAM brings several benefits to the companies that invest in this solution. Check out the main advantages below:

It Contemplates Cloud Services

In the context of digital transformation, organizations prioritize the migration of identity infrastructure to the cloud. With Cloud IAM, this process occurs faster and more affordably, since cloud services do not require investment in staff and hardware.
Performing an upgrade also becomes easier, especially for companies that rely on cloud providers.

It Reduces Operational Costs

With remote work on the rise and professionals using personal devices for work, there is a greater mobilization of IT teams to manage these resources, which increases the costs of hiring experts and purchasing and maintaining equipment.
By investing in Identity as a Service (IDaaS) and Cloud IAM, these costs can be reduced.

Scalability

No matter how many employees a company has to add in a new location or if its website will attract numerous visitors to shop online during a sale: one can scale Cloud IAM solutions easily for new users.

More Security

With Cloud IAM, you can use features such as multifactor authentication, which ensures more cybersecurity for your company. This is possible because this technology strengthens password security, as it requires more than one authentication factor.

To make the procedure even simpler, eliminating the need for passwords, it is also possible to opt for authentication without using them.

It Saves User Time

Through Cloud IAM, single sign-on allows one to log in and access resources in an agile manner. With this, customers of e-commerce can log in seamlessly and employees can use several applications to perform their activities without wasting time.

It Decreases the Need to Reset Passwords

IAM reduces the need to reset passwords, as well as the occurrence of problems with stolen access. Today, it is believed half of IT technical support tickets are aimed at resetting passwords and each reset would cost about $70.

How Does Cloud IAM Work?

With an IAM solution, one can control people’s access to a company’s critical data. This control is based on the roles of each user within the organization, defined according to their position, authority, and responsibility.

IAM systems capture and record login information, manage the user identity database, and enable the assignment and removal of access privileges, allowing the oversight and visibility of all user base details.

In addition to managing the digital identities of humans, they manage the identities of applications and devices to ensure more security.

It can work as identity or authentication, and the service provider is responsible for registering and authenticating users and managing their information.

Cloud Types

There are several cloud options available, which allow you to use the one that best suits your business needs and your budget. Check it out:

Public Clouds

They are hosted by cloud service providers, such as Google Cloud Platform (GCP) and Amazon Web Services (AWS).

Private Clouds

They are usually hosted in the organization itself, providing flexibility and security.

Partner Clouds

They are often hosted in a public cloud by a partner who manages the environment.

Hybrid Clouds

They combine different types of cloud to ensure security, flexibility, and value for money.

Multiclouds

In general, they combine more than one of the top three public cloud providers, Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS).

The Principle of Least Privilege in Cloud Environments

Each cloud provider offers different capabilities for access permissions. Therefore, IT security teams need to control entitlements when migrating the infrastructure to the cloud, following the principle of least privilege.

This is because conventional IAM permission models are not appropriate for cloud environments, but are designed to protect systems and applications deployed in an organization’s data center.

Cloud environments are accessed by a larger number of people, from any environment, which makes their management much more complex to monitor.

Unlike traditional data centers, a cloud environment belongs to and is operated by the cloud provider by following a shared responsibility model.

In this case, traditional privileged and non-privileged access designations do not apply to the cloud. Information security makers should extend permission models to cloud environments.

IAM permissions control access to cloud resources such as Kubernetes containers, virtual machine servers and files, and cloud services such as database, virtualization, storage, and network services.

What Is the Difference Between Cloud IAM and ICES?

More and more organizations use public cloud providers to simplify their operations and ensure innovation, with many adhering to multi-cloud solutions in order to increase availability and reduce costs.

In this sense, conventional identity and access management (IAM) practices are not enough to protect these dynamic resources, since they are designed to protect static local applications and infrastructure.

For this reason, cloud services create their own IAM resources to contribute to companies that need to protect cloud environments.

Despite this, the diversity, scalability, and dynamism of this solution still generate challenges when it comes to information security.

But with CIEM solutions, one can address these challenges by viewing and correcting incorrect IAM settings and enabling access with the least privilege in this context.

In practice, the difference between Cloud IAM and CIEM is that while CIEM manages privileges (entitlements) and their policies in the environment, Cloud IAM manages, including provisioning credentials such as users and access keys.

About senhasegura

We at senhasegura believe in the importance of promoting digital sovereignty, providing our clients with control over privileged actions and data, and avoiding theft and leaks of information.
When it comes to Cloud IAM, we offer a unique solution in relation to competitors, allowing provisioning, de-provisioning, and access flow for users and access keys.

Conclusion

By reading this article, you learned that:

• IAM is a process structure that enables information technology managers to manage users’ access to critical information in their organizations;
• One can deploy IAM systems using a cloud-based or hybrid subscription model through the services of a third-party provider;
• In Cloud IAM, the user’s identity is considered when granting access to cloud data.
• Some advantages of this solution are the fact that it includes cloud services, allows cost reduction, provides scalability, security, and saves user time, in addition to reducing the need to reset passwords.
• In Cloud IAM, three authentication factors are usually used. These are: knowledge factor, possession factor, and inheritance factor.
• CIEM solutions allow one to address viewing and fixing incorrect IAM settings in cloud environments and enable access with least privilege.

Did you like our article on Cloud IAM? So, share our text with someone else who might be interested in this topic.

The cyberwarfare subject has come to light recently due to the attacks that preceded the conflict between Russia and Ukraine. However, this concept is not new and Ukraine is not the first country to suffer politically motivated cyberattacks.

Despite this, the definition of actions involving cyberwarfare still generates controversy among experts, and many people may confuse it with cyberterrorism, as we will explain in the next topics.

On the other hand, we know their damage exceeds a cyberattack action and involves specific motivations.

In this article, we will address the concept of cyberwarfare, pointing out its objectives and how it can impact the lives of the population. We also bring numerous important statistics on the subject. To facilitate your understanding, we divided our text into the following topics:

• What Is Cyberwarfare?
• What Are the Main Goals of Cyberwarfare?
• How Did It Emerge?
• How Does Cyberwarfare Happen?
• Most Common Types of Attacks in Cyberwarfare
• Government-Associated Hack Gangs
• Sectors Attacked in Cyberwarfare 
• Cyberwarfare Facts & Data
• Stuxnet: The Most Famous Event Linked to Cyberwarfare
• Is Cyberterrorism Synonymous with Cyberwarfare?
• Cybercrime, Cyberespionage, or Cyberwarfare?
• Cyberattack and Cyberdefense
• Cybersecurity as a Priority for Anatel (Brazil)
• Biden Executive Order
• Russia and Ukraine: Prospects for New Cyberattacks
• About senhasegura
• Conclusion

Enjoy the read!

• What Is Cyberwarfare?

Cyberwarfare consists of one or several cyberattacks that have targeted a country, which can impact its government and civil infrastructure and harm the state, even putting lives at risk.

Experts have not yet reached a consensus on how to define which procedures relate to this concept.

The U.S. Department of Defense (DoD) understands cyberwarfare as malicious activities on the Internet that can threaten national security, without going into clarifying details about this definition. However, some interpret cyberwarfare as an action that can cause death.

In cyberwarfare, one country attacks the other, promoting hostility, and often this initiative comes from a terrorist organization or non-state actors.

Recently, several cases of cyberwarfare have been reported. However, there is still no unanimity when it comes to defining when a cyberattack is actually cyberwarfare.

 

• What Are the Main Goals of Cyberwarfare?

There are several reasons for cyberwarfare. Malicious agents can often be determined to seek advantages in actual confrontations. This is what happens when the military centers of the countries are targeted by the attacks, which are intended to impact their strategy and operations.

Another goal of cyberwarfare is to impress people living in the target nation, causing problems for civilians, who may suffer from a lack of internet and energy, for example. In such cases, those who attack expect the government to be pressured by the population and do whatever is necessary to put an end to the conflict.

Another motivation related to cyberwarfare is the sabotage of adversary industries in order to make their projects unfeasible.

An example occurred in Iran in 2010, when the Stuxnet virus was implanted in the control systems of the uranium enrichment centrifuges. The idea was to interfere with their engines and promote damage inside the plant.

As there was no internet access, it is believed the virus was implanted by an infiltrator. What’s more, we are talking about a highly complex threat, which was probably commissioned by a nation interested in impacting Iran’s nuclear actions.

Cyberwarfare always results from the tension between the countries involved. The current Ukrainian war is a typical example: before the Russian invasion, this country was already the target of attacks on its digital systems, which may continue to occur.

 

• How Did It Emerge?

The concern about cyberwarfare is recent. It was not long ago that people began to wonder if malicious agents could attack an entire city leaving it without electricity or making it impossible for a nation’s ATMs to work.

Nowadays, these are not only remote hypotheses but concrete facts. Despite seeming to be an element of a dystopian narrative, cyberwarfare is real, and its consequences go beyond what is usually reported as a hacker invasion.

Although we do not have proven cases of deaths related to cyberattacks, a single malicious action has already caused the loss of 10 billion dollars.

In practice, companies of all sizes may have their structures compromised to damage a government.

In addition, cyberwarfare is becoming increasingly threatening, especially with its frequent evolution in countries such as the United States, Russia, China, North Korea, and Iran.

 

• How Does Cyberwarfare Happen?

To promote cyberwarfare, hackers can damage a country by attacking strategic targets and affecting the routine of the entire population or by reducing the resources of the armed forces in order to pressure their rulers to end the conflict.

This means they can act under the communications system of the target nation, even interfering with its media. Attacks that affect the supply of electricity are also common, causing great inconvenience to people.

Another goal of cyberwarfare is to invade systems of rival nations by gaining access to strategic secrets and influencing their operations.

Because of the potential of cyberwarfare, many countries rely on intelligence services that are tasked with preventing threats. Here’s how a cyberattack occurs:

• First, hackers evaluate existing information about their target in order to define their attack front.
• Then, the weak link of the network is found, which can be done by different methods, such as replicating a website used by the victim, or sending an attachment with viruses in an email.
• Next, the malicious agent tries to exploit this vulnerability in order to gain unauthorized access.
• Finally, they perform the activity they want within the system.

 

• Most Common Types of Attacks in Cyberwarfare

Like the other hacker attacks, cyberwarfare can include a series of actions. One of them is overloading a web address, using several machines to access it.

With millions of access attempts per second, it is possible to paralyze the server that operates the resource and cause the service to stop.

This type of action, in cyberwarfare, may have the purpose of taking government websites off the air to compromise services and information provided to the population and cause confusion.

Another common type of attack is fake news – rumors made public with the interest of causing disinformation, generating tension and distrust between people in relation to their rulers, so that they do not get popular support.

In cyberwarfare, hackers can still act to get sensitive information from their target, such as strategic data about the war.

Another very serious hacker action when it comes to cyberwarfare is the interference in the population’s infrastructure, which paralyzes services such as the distribution of electricity or the internet, in order to put the population against their government.

In addition to these two examples, hackers can interfere with drinking water distribution, security services, and the financial market.

 

• Government-Associated Hack Gangs

The Russian government has taken no action against ransomware and cybercrime gangs installed in the country, and the favor has apparently been returned by the Conti gang in the current context of the Ukraine invasion.

This group was known to attack medical facilities and law enforcement agencies in 2020, exploit the Log4J vulnerability to carry out ransomware attacks and victimize the Irish Health Services Executive, among other targets.

Recently, the gang went public through its dark website, used to receive payments from its victims and post private documents from non-ransom payers, and announced support for the Russian government and the goal of promoting retaliation.

In turn, the United States government warned the country’s organizations to prepare for a possible response.

As we suggest, the Russian government chooses to ignore the actions of the Conti gang, however, it has been questioned whether this bond is not stronger than previously thought, due to the current patriotic position of the group.

In contrast, the Conti gang strengthens its independence from the Russian government while declaring itself protective of Russia’s peaceful citizens and promising to respond to Western attacks on Russian-speaking regions.

On the US side, the Anonymous group has demanded the removal of Russian ISPs and the Russia Today news website, under the threat of hacking into the website of the Russian Ministry of Defense.

A recent report pointed out that groups of hackers associated with the North Korean government are renting elite hacker tools and access to hacked networks from TrickBot botnet operators.

Anchor was apparently developed for hacker gangs interested in economic espionage and operators of POS malware lines, but would have been used by nation-state hacker groups.

According to a report published by cybersecurity startup SentinelOne, the Lazarus Group – a cybercrime gang linked to North Korea – has allegedly rented access to an infected system through the TrickBot botnet and used the Anchor attack structure to install PowerRatankba, a PowerShell backdoor on an organization’s network.

Another Russian-led cybercrime gang is Revil, which used the Happy Blog website to extort companies and leak their data.

One of its attacks, which targeted the Colonial Pipeline, has led to a lack of gas on the east coast of the United States. According to the authorities, this attack used encryption software called DarkSide, created by members of Revil.

At the time, law enforcement and intelligence officials prevented the gang from taking action against other companies, and after the group compromised software management company Kaseya, the U.S. government tried to stop it from paralyzing organizations around the world.

• Sectors Attacked in Cyberwarfare

In cyberwarfare, there are critical infrastructure sectors, which are those usually attacked by hackers to cause instability in the opposing government.

These sectors consist of vital services for the population of a country, whose interruption could impact safety, public health, economy, or other essential areas in the routine of people.

Some of the critical infrastructures are hydropower and energy systems, water networks, transport and communication services, government and military systems, and emergency services, which can be stopped, impacting the entire population.

According to the U.S. Cybersecurity and Infrastructure Agency (Cisa), there are 16 critical infrastructure sectors vital to this country and protected by Cisa. They are:

• Chemical Sector;
• Commercial Facilities Sector;
• Communications Sector;
• Critical Manufacturing Sector;
• Dam Sector;
• Defense Industrial Base Sector;
• Emergency Services Sector;
• Energy Sector;
• Financial Services Sector;
• Food and Agriculture Sector;
• Government Facilities Sector;
  • Health and Public Health Sector;
• Information Technology Sector;
  • Nuclear Reactors, Materials, and Waste Sector;
• Transportation Systems Sector; and
• Water and Sewage Systems Sector.

Additionally, in 2010, U.S. security firm McAfee issued a report called “Under Firestorm. Critical Infrastructure in the Age of Cyberwarfare.”

To this end, threats to critical structures were assessed, based on information from 600 IT executives on cyberattacks and security practices.

This analysis allowed them to conclude that critical structures are constant targets of cyberattacks involving other nations, even if this is not declared.

We also add that cybercriminals can present different profiles and modes of action. Check them out:

• Cyber soldiers: These hackers are commonly government-sponsored and direct their attacks with actions that include spying, exposing sensitive data, extortion, and destroying critical infrastructure.
• Organized Cybercrime: These malicious agents carry out large-scale attacks, having access to the data of their victims and carrying out extortion, among other actions in order to obtain profits.
• Hacktivists: Here we refer to groups of hackers who act according to a political ideology and usually use non-violent but illegal digital means in their attacks. One of its most common actions is to use features that allow them to control millions of devices.
• Cyberterrorists: Cyberterrorists act by spreading terror among their victims. Their operations include the interruption of internet services, such as websites, theft and exposure of confidential data, and attacks on financial institutions and other critical infrastructure sectors.

• Cyberwarfare Facts & Data

There is a lot of relevant data about cyberwarfare. Here are some of them:

• • 26.3% of cyberwarfare attacks target the United States.
  • 20% of global organizations believe cyber espionage is their biggest threat.
  • Up to 64% of the world’s organizations have been the target of some kind of cyberattack.
  • China and Russia are believed to be linked to up to 35% of all politically-motivated cyberattacks.
  • The attacks related to espionage total 11% of the actions promoted in cyberwarfare and have the goal of collecting information from people, companies, and governments.
  • Iran is one of the fastest-growing countries when it comes to cyberwarfare since 2009. In 2018, 144 universities and 33 companies in the US were targeted by Iranian hackers, who stole $3.4 billion in data.
• In 2018, two Chinese were accused of hacking American, Japanese, German, and Canadian organizations, among others. Among their targets, NASA stands out.
• It is believed that 69% of the cyberattacks and violations suffered by the United States in 2019 were caused by hackers who were abroad, which makes it more difficult to track them.
• In 2015, the Obama-Xi cyber agreement between China and the United States was held, which contributed to reducing attacks on U.S. targets. However, the agreement represented only a truce between the two countries. In 2018, Chinese hackers targeted hotel chains targeting VIPs and U.S. telecommunications companies.
• Between 2009 and 2018, the number of cyberwarfare-related attacks has increased by up to 440%, involving at least 56 countries.
• According to information from the New York Times, it is believed that since 2015, Russia has supported a group of 400 hackers who have devoted themselves entirely to cyberattacks.
• According to information from the University of Maryland, every 39 seconds, someone is the victim of a cyberattack.
• 62% of hacks consist of social engineering attacks, such as phishing. In addition, ransomware and DDoS attacks are also very common.

 

• Stuxnet: The Most Famous Event Linked to Cyberwarfare

In 2010, a pest was identified that had the potential to impact industries. Stuxnet is not used to attack home computers, but Siemens industrial control systems (SCADA).

In practice, this malicious program is mirrored through flash drives and connects the hacked computers to a remote system, where stolen information, such as reports, is sent. With it, hackers can also access SCADA system settings remotely.

This system is used by industries of all sizes in order to control automated processes in the production line, without human presence. In 2010, Stuxnet was identified at the Iranian nuclear facilities in Natanz, as well as computers located in China, India, Indonesia, Australia, Pakistan, England, and the United States.

As mentioned earlier, it is believed the virus was inserted through a device installed on the plant’s computers, since there was no internet on site. It is speculated that the action was commissioned by a country interested in Iranian uranium enrichment centrifuges.

Here are other cases of cyberwarfare attacks:

• Attack on Sony

After the release of The Interview, which negatively portrayed Kim Jong Un, an attack was carried out on Sony Pictures allegedly by hackers from the North Korean government.

According to the FBI, there are similarities between this action and malware attacks previously performed by North Koreans, including data deletion mechanisms, code, and encryption algorithms.

• Estonian Government

In 2007, Estonia transferred the Bronze Soldier, a statue depicting a Soviet soldier in uniform, from the center of Tallinn to a military cemetery. Subsequently, the country suffered a series of cyberattacks, which overwhelmed government, bank, and media websites with traffic in denial-of-service attacks, leaving them down.

• Ukrainian Artillery Rocket Forces

According to CrowdStrike, an organized group of Russian hackers called Fancy Bear allegedly attacked Ukrainian rocket and artillery forces between 2014 and 2016.

An Android app used by the D-30 artillery unit is believed to have been used to spread X-Agent malware.

This attack was successful, as it destroyed more than 80% of Ukraine’s D-30 howitzers.

• Qatar Government

In 2018, American businessman Elliott Broidy filed a lawsuit against the Qatar government, alleging that it had stolen and leaked his emails in order to discredit him.

The accusation involved Qatar emir’s brother, who allegedly organized a cyberwarfare campaign, along with other leaders in the country, and claimed 1,200 victims, known as “Qatar’s enemies.”

• Google

Human rights activists residing in China had their data violated in a 2009 cyber-attack directed at Google’s Chinese division. This intrusion gave access to internal codes of the organization’s services and users’ emails.

Those responsible were not identified, but it is believed the initiative came from Chinese agents interested in registering actions of opponents of the regime.

• Pegasus Spyware

In September 2018, researchers stated that 36 governments attacked targets in at least 45 countries with Pegasus spyware.

According to Swiss authorities, two Russian spies were located in the Netherlands, preparing to attack the Swiss defense laboratory.

• Phone Calls

In October 2018, former U.S. President Donald Trump was alerted that Russia and China had access to calls made from an unsecured phone line.

At the same time, the Israel Defense Force requested the development of projects that would allow monitoring correspondence between social media users.

• Drug Cartels

Following the death of a journalist investigating drug cartels in 2018, a group linked to the Mexican government allegedly used spyware to attack their colleagues.

• Chilean Interbank Network

After manipulating an employee to install malware during a fake job interview, North Korean hackers broke into the Chilean interbank network in December 2018.

In the same period, the United States, along with Canada, the United Kingdom, Australia, and New Zealand, accused China of promoting cyber espionage for 12 years to uncover the IP and sensitive business information of organizations from 12 countries.

• German Politicians

Hundreds of German politicians had their private communications, financial data, and other personal information stolen in January 2019. This attack had members of all parties, except for the extreme right-wing AfD, as its political targets.

• UN Civil Aviation

At the end of 2016, UN Civil Aviation Organizations were attacked by hackers linked to the Chinese government to use their access to spread malware to websites of various governments.

• Cryptocurrencies

In March 2019, the UN Security Council revealed that North Korea had used hackers to prevent sanctions and stolen $670 million in currency and cryptocurrency over three years between 2015 and 2018.

• Hong Kong International Amnesty

In April 2019, Amnesty International’s Hong Kong office revealed it was targeted by Chinese cybercriminals who had access to personal data from its supporters.

In the same period, Lithuania’s Ministry of Defence was the target of a disinformation campaign, which spread rumors of corruption using counterfeit email addresses.

• More False Information

In May 2019, Iran spread fake news about the US, Israel, and Saudi Arabia using a network of websites and accounts developed for this specific purpose.

• Microsoft

In July 2019, Microsoft stated it had identified about 800 cyberattacks carried out in the previous year, which targeted NGOs, discussion groups, and other types of political organizations.

Most of these attacks are believed to have originated in Russia, North Korea, and Iran.

• ProtonMail

Also in July 2019, email provider ProntonMail was targeted by a government-sponsored group seeking to access accounts of former intelligence officers and reporters for information on Russian intelligence actions.

• Internet of Things

In August 2019, Russian hackers used vulnerable IoT devices to access corporate networks. In the same period, hackers associated with the government of China attacked U.S. cancer institutes for information related to research against the disease.

• Huawei Business Operations Disruption

In September 2019, the US government was accused by Huawei of invading its intranet and internal systems to make its business operations impossible.

• Is Cyberterrorism Synonymous with Cyberwarfare?

Cyberwarfare and cyberterrorism are commonly associated concepts, but they are not synonymous. When we talk about cyberwarfare, we refer to attacks motivated by conflicts between countries, possibly commissioned by governments with intentions motivated by political factors.

Cyberwarfare involves cyberattacks, but not all cyberattacks involve a dispute between rival countries. That is, one of the factors that differentiate a cyberattack from cyberwarfare is intent.

Cyberterrorism, on the other hand, consists of a one-off action with consequences that can be devastating, such as conventional terrorist attacks.

The concept of cyberterrorism gave rise to cyberterror, which defines the way people experience the fear of an attack, especially when they live in a country that is in the midst of an international conflict.

Cyberterrorists’ targets include public security systems, governments, and hospitals, and their goal may be to compromise the image of a country’s rulers towards its population. As in cyberwarfare, acts of cyberterrorism may be related to political motivations. However, they can also be triggered for ideological reasons.

 

• Cybercrime, Cyberespionage, or Cyberwarfare?

Cyberwarfare is a controversial expression and is often questioned by cybersecurity experts. Many believe that the acts thus defined would fit into classifications such as crime, terrorism, and espionage, but not war. This is because war involves more complex legal, political, and military issues.

One explanation is that an act of espionage alone, whether through cyberspace or traditional methods, would be insufficient to lead to war. An example of this is the accusations of Chinese cyberespionage against countries such as the United States, Germany, and India, which did not have the power to undermine diplomatic relations with these nations.

Likewise, cybercrime is seen as a matter of law and not of the military. On the other hand, if there is a cyberattack by one nation against another, targeting critical structures such as those mentioned in this article, and the attribution is proven, the action is equal to an armed attack.

Armed conflict experts question whether cyber activities could lead to war, arguing that the resources used do not give rise to a new type of war.

Cyberwarfare usually precedes armed conflicts and continues after they end, such as the conflict between Israel and Hezbollah in Lebanon in 2006, and the Russian invasion of Georgia in 2008, but it cannot be said it is the cause of these conflicts.

This reflection, however, leads us to believe that cyberwarfare will integrate the initial phases of future conflicts.

 

• Cyberattack and Cyberdefense

Cyber Warfare grows day by day, posing a series of challenges for those who attack and assume the role of defense. This is because cyberattackers need to overcome cyber defense actions, and cyberdefense must confront them, protecting vulnerable networks that are still managed by human users.

A cyberattack, to be effective, needs to be successful only once, while cyberdefense must have repeated successes.

Another feature of cyberwarfare is the need to differentiate combatants from ordinary users, after all, cyberspace is increasingly accessible to anyone who wants to use it. This enables civilians to participate in cyberattacks against governmental and non-governmental organizations, among other targets.

 

• Cybersecurity as a Priority for Anatel (Brazil)

 

Cybersecurity is one of the priorities of the National Telecommunications Agency (Anatel) and has become the subject of the Cybersecurity Requirements Act for Telecommunications Equipment and the Regulation of Cyber Security applied to the Telecom Sector.

Check out the public policies adopted by the National Telecommunications Agency below:

• Brazilian strategy for Digital Transformation

The Brazilian Strategy for Digital Transformation was approved by Ordinance No. 1.556/2018 of the former Ministry of Science, Technology, Innovation, and Communications (MCTIC), and aims to map the challenges of digital transformation in Brazil.

Its vision for the future involves eight strategies related to trust in the digital environment, based on the protection of rights and privacy, defense, and security in the digital environment. They are as follows:

• Create a national cybersecurity policy, with a body responsible for national coordination involving the private and public sectors;
• Establish a legal framework for cybersecurity in the country, which allows the development of new means of investigation for the digital world in harmony with existing legal guidelines;
• Create a national plan to prevent and recover incidents, including those that may involve critical infrastructures;
• Create a collaboration link between government entities, federated entities, and the private sector that enables the adoption and sharing of cybersecurity best practices, including security standards, critical infrastructure protection, and incident response;
• Empower public agents to prevent threats and respond to cyberattacks and foster partnerships for the training of private-sector professionals;
• Raise awareness among the Brazilian population about information security through educational campaigns;
• Invest in research in the area of cybersecurity, training human resources, and promoting national technological autonomy;
• Strengthen international cooperation between access and content providers and authorities from different countries in order to ensure law enforcement and solve cybercrime and cyberattacks of a transnational nature.

• National Information Security Policy (PNSI)

The national information security policy was enacted in 2018 through Decree No. 9.637/2018 in order to carry out one of the actions indicated in E-Digital. It must include the entire public administration and involves:

• Cybersecurity;
• Cyberdefense;
• Physical security and organizational data protection; and
• Actions were developed to ensure the availability, confidentiality, authenticity, and integrity of the information.

The National Information Security Policy is equipped with national plans and the National Information Security Strategy, which, as we suggest, will be constituted in modules.

These modules should contain strategic initiatives and goals associated with information security, reconciled with federal government programs and public policies, and will address:

• Cybersecurity;
• Cyberdefense;
• Critical infrastructure security;
• Security of confidential information; and
• Protection against data leaks.

• National Cybersecurity Strategy

The National Cybersecurity Strategy — E-Ciber — involves strategic initiatives of the Brazilian government associated with the area of information security, which should be implemented by 2023.

This is the first module of the National Information Security Strategy, which should modify the position of people and entities on this topic.

It aims to guide the population on the initiatives of the Federal Government related to cybersecurity.

The goals of the National Cybersecurity Strategy are:

• Ensure more reliability and prosperity for Brazil in the digital environment;
• Make the country more resilient to cyber risks;
• Strengthen its performance in the international scenario when it comes to cybersecurity.

For this, ten strategies have been developed:

1. Strengthen initiatives that promote cybersecurity;
2. Centralize the governance model in the country;
3. Bring together the public and private sectors and society in a secure, reliable, collaborative, and participatory environment;
4. Increase the level of government security;
5. Provide more protection to the country’s critical infrastructure;
6. Improve the legal terms about cybersecurity;
7. Encourage the creation of innovative solutions related to cybersecurity;
8. Increase the country’s international cooperation when it comes to cybersecurity;
9. Increase partnership between the public and private sectors, society, and academia to promote cybersecurity;
10. Increase the maturity of the population in terms of cybersecurity.

The role of regulatory agencies in the sector and critical infrastructure security involves, among other aspects:

• Create a cybersecurity governance structure in critical infrastructure organizations, with security rules to be respected by employees, contractors, and suppliers;
• Conduct annual external audits on cybersecurity;
• Adopt cybersecurity standards when developing new projects, programs, actions, and products;
• Each company and sector must have Computer Security Incident Response Groups, which communicate and collaborate with each other;
• Promote employee training;
• Whenever there is a cyber incident, it is necessary to notify the Government Cyber Incident Treatment and Response Center;
• If there is a leak that compromises consumer data, they must also be notified;
• It is essential to promote awareness campaigns aimed at users about cybersecurity care;
• Suppliers of computer equipment, programs, and services must take all measures recommended by national and international bodies to ensure information security;
• It is also critical to develop recovery plans for critical environments and incident response.

 

• Biden Executive Order

U.S. President Joe Biden has launched an Executive Order (EO) to help detect, prevent, and respond to recurring cyberattacks in the country.

In this sense, lessons learned from recent cyberespionage campaigns will be applied to make U.S. government systems more difficult to invade.

For this, it was necessary to modernize its cybersecurity using concepts such as the zero-trust architecture and invest $70 billion in information technology, stimulating the development of software focused on security from the beginning.

With this Executive Order, the United States government has created targets to respond to cyberattacks effectively and agile, and all IT providers must report incidents to government entities.

Moreover, different entities must respond to cyber incidents together, following a manual that standardizes the procedures to be adopted.

According to the Executive Order, the trust placed in the government’s digital infrastructure must be proportional to its reliability and transparency and the possible consequences of having that trust misplaced.

This measure is only the first action to prevent and address attacks on the supply chain of countries and should impact the following sectors:

Federal executive agencies, which must modernize their cybersecurity methods and IT environments;

Government suppliers, who will have new cybersecurity standards inserted under the terms of the contracts, being required to share more information about cyber incidents; and

Software companies and IoT devices, which must deal with new evaluation standards and security criteria, ensuring transparency and security for the user.

The Executive Order of the U.S. government sets security goals that must be made feasible in the short term, impacting federal contractors first and then other sectors.

• Russia and Ukraine: Prospects for New Cyberattacks

During a conference held in early March 2022, Kaspersky’s director of research, Constin Raiu, stated that Ukraine should suffer even more sophisticated cyberattacks than it has suffered to date.

The researchers who participated in the event revealed details about the attacks and stated that some strategies used against Ukraine are unprecedented.

As explained, for the main attack, a wiper similar to NotPetya used in 2017 was used. What also drew attention in the current context is the absence of trends.

The attacks are being monitored, which allows us to know that most come from Russia, the United States, and China.

 

• About senhasegura

We are part of MT4 Tecnologia, a group of information security companies founded in 2001 and currently present in more than 50 countries.

Our commitment is to provide digital sovereignty and security to the organizations that hire us, granting control of privileged actions and data. In this way, we contribute to preventing leaks and theft of information.

We follow the lifecycle of privileged access management through machine automation, before, during, and after accesses. With this, it can:

• • Avoid interruptions in the activities of companies and increase their productivity;
  • Automatically audit the use of privileges;
  • Automatically audit privileged changes to detect privilege abuse;
  • Provide advanced PAM solutions;
• Reduce risks;
• Also bring companies into compliance with audit criteria and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

 

• Conclusion

By reading this article, you learned that:

• In cyberwarfare, there are one or several cyberattacks targeting nations;
• Experts have not yet reached a consensus on this concept;
• Cyberwarfare is believed to have the potential to cause death;
• One of the motivations of those who attack in cyberwarfare is to seek advantage in real confrontations;
• Impacting a country’s population to destabilize its rulers is another common cause;
• Another recurring motivation is the sabotage of industries in rival countries in order to make their projects unfeasible;
• An emblematic example of cyberwarfare occurred in Iran in 2010 with the deployment of the Stuxnet virus in the control systems of uranium enrichment centrifuges;
• The current confrontation between Russia and Ukraine was also preceded by cyberwarfare;
• Cyberwarfare is not a recent concept;
• Due to the destructive potential of cyberwarfare, many countries rely on intelligence services that have the mission of preventing them;
• Attacks in cyberwarfare can be of many kinds. One of them is spreading fake news about a government;
• Hackers can also steal sensitive data and strategic information from rival nations;
• In cyberwarfare, there are several critical infrastructure sectors, which are vital services for the population and used by cybercriminals to generate vulnerability in their target;
• The United States is the target of 26.3% of cyberwarfare attacks;
• Attacks related to espionage represent 11% of the actions promoted in cyberwarfare;
• Between 2009 and 2018, the number of cyberwarfare-related attacks increased by up to 440%, involving more than 50 countries;
• Cyberterrorism and cyberwarfare are close concepts, but they are not synonymous;
• One of the factors that differentiate a cyberattack from cyberwarfare is intent;
• Cyberwarfare often precedes armed conflicts and continues after they are over;
• Cyberwarfare represents a major challenge to cyberdefenders as well as cyberattackers;
• Future cyberattacks on Ukraine are believed to be even worse than those suffered so far.

Was our article on cyberwarfare helpful to you? So share it with someone else who may also be interested in the topic.

ALSO READ IN SENHASEGURA’S BLOG

Achieving DevSecOps through PAM

How to Properly Manage Secrets in Development Projects

Common Questions about Privileged Access Management (PAM) Solutions