Management of Cyber-Espionage Intrusions

Abstract

The soft side of Information War is called either Digital War or Cyber War, and gets larger use worldwide, due to the difficulty of proving the aggression culprit. The defensive posture of the Digital War, cybersecurity, is better developed, at least because everybody needs defense, while less global actors are hostile. However, while the focus is on protection against unexpected destructive actions, digital espionage keeps the victim system running, and uses concealed procedures meant to avoid security measures and continue the illegal exploitation of network data.

In cyber-espionage, the objective may be top-secret data, which are strongly protected, but it may also be apparently unimportant customer data, information such as e-mail addresses and credentials. The latter kind, which usually gets less protection, can be later used not for strategic hostile decisions, but for subsequent clandestine operations. Such information becomes of national security relevance for governmental institutions and critical infrastructure facilities. At that level, confidential data are better protected in local servers, but are available to scrutiny by system maintenance software. Therefore, specialized software trusted specifically for system security and technological upgrade can be used by hostile actors for penetrating various wide area networks. Such gateway is the logistic chain of IT companies, whose software products become a force multiplier for cyber-espionage by state organizations or hackers at large. This is the case for the recent SolarWinds cyber-espionage operation, which provides useful insight on clandestine activities, and prompts to the need for improving cyber-security in view of espionage threat. 

Beyond software solutions meant to strengthen digital system protection, the overall problem requires macro-system solutions leading to better resilience of national information systems. Such requirement surely pushes national security institutions toward improving the organisational architecture of national cyber-security.