We often talk about cyber threats in different ways. Some speak of them based on who the bad guys are: hackers, terrorists, cyber criminals or nation states. Others use the bad guys’ technical approach as a means to define them: SQL injection, Memory Scrappers, DDoS Attacks, etc.
A third way, one based on distance from targets, was used by Steven Chabinsky of the FBI recently in several venues. I think it adds to the depth of our analysis, and bring to the fore some key areas that are often overlooked.
The types of threats can be listed in four categories based on their distance from intended targets. The one that gets the most attention, indeed, the one that comes to many people’s minds when you say cyber threat, is the Remote Threat. This comes from afar through internet connections. It seems the most sophisticated and the most dangerous. Perhaps, but not necessarily.
Next comes the Proximate Threat. This is a relatively new danger, or at least, new to to the broader public. So much of our cyber activity today has gone wireless that the bad guys have been given a new way to exploit us. By capturing wireless signals, our enemies can not only clone smart phones and steal laptops, but they can enter enterprise networks and systems. It is no longer such a sophisticated task to pluck data out of the air. An example of this was the use of a $39.99 program used to download live Predator Drone camera feeds in Iraq and Afghanistan. They can do it here too.
Better known, and thought to be the biggest threat (by volume anyway), is the Insider Threat. This comes in several forms. The insider could be a full scale agent planted in an organization by a hostile nation, a business competitor or a criminal organization. They can steal, spy or destroy data. The insider could be a disgruntled employee who decides to hurt their organization by deliberate sabotage or by selling insider knowledge and access. The most common insider threat comes from your best employees. It is the simple mistake, the short cut around proper procedure for the sake of speed, or lack of awareness and training. This opens up networks to all sorts of mischief.
A huge threat that is actually multi-distance, and therefore a critical one, is the supply Chain Threat. Some people think that all we need to do is stop building things outside the United States and this one will stop. This shows a complete lack of understanding of the complexity of this threat. Supply Chain threats affect hardware, software and peripherals, even innocuous products like digital picture frames. An enemy could exploit the supply chain at five different parts of the process. Clearly in design, malware and backdoors can be baked into the product. Even with a clean design, dangers can be placed in the product during manufacture, the second vulnerability. If you get through the design and manufacture phases, you have worldwide transport during which your nice safe items can be diddled and made into digital time bombs. You still have two to go! In installation, bad guys can intervene again, and if you make it all the way through these four steps, there is always maintenance that must occur, and this gives them another set of opportunities to act malevolently.
All of these actions can be highly targeted or a metaphoric shotgun blast that does not care who it hits. I am not playing Chicken Little, but before we can mitigate these threats, we must make everyone in our organizations, from the CEO to the junior work force, understand them. This is a task in which we are much better than we have been in the past, but still not nearly as good as we need to be.