Elsine van Os February 21st 2017 at 12:55
Our dependence upon the Internet is the new revolution of our time. By 2020 the number of devices connected to the Internet will be approximately between 26 to 50 billion. In 2011 these devices exceeded the number of people across the globe. For every PC or handset connected to the Internet, 5 to 10 other devices will be sold with their own internet connection.
In the West, we naturally see this development as the greatest but we still live comparatively in the Stone Age when it comes to the safe use of our devices in the digital world. Yes, we are working hard with technological advances and with our technological response to cyber threats. But is this the most appropriate response? Perhaps in part. However, it is not the most complete solution. I would like to demonstrate with three examples how important the role of the human factor is in cyber security.
Influence by Hackers
Our computers are significantly better protected. For example, a firewall keeps an intruder outside the door. However, by tempting a person behind the firewall to click on to a link in an email, smart hackers and spies know how to bypass this technical protection. In fact, the computer is not hacked, the human is.
“In fact, the computer is not hacked but the human is”
Hackers call this social engineering. The basis of all social engineering sits within the discipline of Social Psychology. Consciously influencing an unconscious person to relinquish data that s/he would normally keep private. Awareness of this type of influencing process is extremely important in order to better protect oneself. “Know your enemy and how s/he works!”
Cyber Awareness and its Impact on People’s Lives
Traditionally the Internet has been about e-mails, chats, banking and websites. We are now seeing a new type of internet: The Internet of Things (IoT). Hackers already know how to steal money from bank accounts and read our e-mails. They can also attack self-propelled cars, infiltrate our drinking water systems and disrupt our operating rooms.
Where initially the damage was limited to financial fraud or personal image, it can now threaten people’s lives on a mass scale. With the push of a button one can carry out a very asymmetric war. Hackers now possess significant technological power to disrupt on a global scale. Nation-states are gearing up capacity to commit sabotage in other countries through cyber roads.
For example, Iran’s alleged cyber-attack on a dam in New York demonstrates where future warfare may be conducted. On a larger scale, possibly also from Iran, Operation Cleaver, unleashed a coordinated malware attack on critical infrastructures across 16 countries and affected at least 50 organisations. These included oil, gas, defence, transport, airports, airlines and hospitals resulting in colossal adverse human impact. We are clearly currently ill-prepared to deal with such attacks whilst in tandem the IoT revolution shows no signs of abating.
“We are clearly currently ill-prepared to deal with such attacks whilst in tandem the IoT revolution shows no signs of abating”
Psychological Operations: From Russia with love?
One party that is very familiar with the “human factor” having used it for decades in conventional as well as cold warfare is Russia. Their expertise in this field has migrated to cyber level activity. A recent example has been the cyber Psychological Operations (PSYOPS) that brought into question the integrity of the American election results. (See also the hack of the Democratic Party)*.
Neither the Netherlands nor the wider European Community have a robust response to PSYOPS. Whilst Europe is slowly waking up to this type of threat it is still a moot point whether PSYOPS did have any effect on the outcomes of the Dutch and French elections. Germany goes to the polls on September 24th 2017 and no doubt this will be closely monitored by the EU and from other “interested parties”.
The New Normal
PSYOPS will play a primary role in future warfare strategies; it’s the new “normal”. This begs the question, ”Who are our biggest threats?” Parties with the largest cyber capacities. These parties include national states, activists such as Anonymous and terrorist organisations. Technology alone will not be able to combat such diverse threats in a meaningful manner.
We will need to crawl deep inside the brains of those that wish to harm us. Fathom their mind set in order to detect and counter their proposed cyber-attacks. By understanding our enemies’ strategic thinking, we can improve the likelihood of protecting ourselves. Of course, our foes seek to do the same. It’s fast becoming a game of “Cat and Mouse!”
What does this mean in the broader context of cyber threats? Firstly, we should seek to gain a deeper insight into the behavioural thinking and patterns of our attackers. Simply having knowledge of their whereabouts is no longer enough to proactively combat them.
Secondly, we need to equally monitor and tune into their analogue and digital channels to deepen our understanding of the “human factor”. When we unravel all the elements we seem to always get back to the “key driver” specifically the human factor. By better understanding the hacker’s motivation and modus operandi our response can be far more robust and comprehensive.
The Internet is the new battleground where this warfare is being played out. High-level intel on the hacker’s motivations will enlighten our response with improved platforms to protect ourselves as individuals, organizations and nation states. The human factor is unique. It embodies the high-level risk and solution simultaneously.
Source: NRC Next