In March 2017, documents released by the Department of National Defence (DND) announced plans to “strengthen” Canada’s cyberwarfare arsenal. “Cyber ... (is) increasingly prominent among the security and defence challenges facing Canada and its allies,” the documents noted, adding: “…[In 2017] we will advance our research in the future of cyber warfare to improve and strengthen both our defensive and offensive capabilities.”
The documents serve to reinforce the requirements outlined in the December 2016 Defensive Cyber Operations Decision Project, under which the DND will evaluate capabilities that will allow its forces to effectively operate in the current cyber domain, and to support its international allies.
As part of this project – which will ultimately culminate in a plan that will be submitted to the federal government – the DND has asked industry to propose technologies that can hunt for Advanced Persistent Threat hacks.
One of the major challenges associated with cyber threats is their rapidly evolving nature. Cyber exploitation tools are easily accessible and are susceptible to abuse by relatively low-skilled hackers.
The motivations and skills of cyber-attack perpetrators also transform over time. Today, these can be broadly categorised into six groups: cyber criminals with access to advanced tools; state-sponsored actors; terrorists; hacktivists; malicious employees; and script kiddies. In a worst-case scenario, this landscape can shorten the length of time it takes an attacker to pose a national security threat.
Adopting an intelligence-driven defence approach is crucial to safeguarding citizens and national assets in an environment where cyber attacks quickly evolve and ‘mutate’, leaving organisations that utilise a static defence system vulnerable to exploitation.
A proactive cyber defence framework of operations also includes a mix of appropriate products and skilled security personnel, said Dan Seamans, international business development lead for Lockheed Martin Cyber Solutions.
“Working closely with our partners, we are seeking to evolve governments and organisations from ad hoc users of intelligence to producers of proprietary intelligence that can be actioned to protect networks.
“A fundamental line of first defence in cyber security involves monitoring systems to detect potential threats. The cyber attacks framework we’ve developed enables security personnel to identify and anticipate tactics associated with cyber threats and covers seven steps: reconnaissance; weaponisation; delivery; exploitation; installation; command and control; and actions on objectives.
“The framework aims to monitor and adapt to the attacker’s actions, ensuring that they are ‘blocked’ at a stage of the chain before completing the attack.”
Cyber hardening is another critical area for cyber security that continues to gain significant momentum across governments and organisations ultimately to prevent adversaries from taking over and potentially deteriorating the performance of these systems. Cyber hardening entails securing various threats and challenges across multiple domains to span all facets of cyber security: physical; human; supply chain; engineering; and operations. As government platforms become more sophisticated, cyber hardening will need to extend to all systems within the platforms as well as support systems and mission systems.
Seamans concluded: “In the future, more governments will continue to see an increase in systems that are more autonomous, integrating humanmachine collaboration and energy effciency-smart grids. As the number of these interconnected platforms grow, it will be critically important for governments to adopt a combination of our approach to the framework and cyber hardening as effective cyber security solutions in addition to training the next generation of cyber protectors.”