The fragmentation of the internet into multiple segments that launch cyberattacks against one another is now all but inevitable. In fact, a “Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet” report published by the Council of Foreign Relations notes that from 2005 to 2021 there were 152 suspected state-sponsored cyber operations associated with China uncovered. That compares to 87 for Russia, 44 for Iran, and 38 for North Korea.
The authors of the report even go so far as to note the era of the global internet is over. “The utopian vision of an open, reliable, and secure global network has not been achieved and is unlikely ever to be realized. Today, the internet is less free, more fragmented, and less secure.”, according to the report.
Countries not only block content and data as part of propaganda and disinformation campaigns; they are also more than ready to launch attacks against critical infrastructure. The North Atlantic Treaty Organization (NATO), for example, just declared that a cyberattack would trigger the Article 5 convention that holds an attack against one member of NATO is an attack against all.
Many cybersecurity professionals, of course, have seen this fragmentation of the internet coming for some time but with the start of the war in Ukraine business leaders now realize that global digital business strategies enabled by the internet will need to be adjusted as policies evolve and trade restrictions are imposed.
Those same business leaders also now have a greater appreciation for the cybersecurity threat that nation states represent. Historically, most of the focus on cybersecurity has been on preventing ransomware attacks that disrupt business operations. Nation states, however, are typically hunting much bigger game either in the form of intellectual property that can be stolen or, in the event of all-out war, finding ways to disable communications networks that militaries rely on.
As a result, there’s a lot more pressure on organizations to improve cybersecurity as part of a larger effort to shore up national defenses. The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S., for example, has launched a Shields Up initiative that among other things recommends organizations validate all remote access; implement multi-factor authentication (MFA); prioritize software updates; disable all ports and protocols that are not essential for business purposes and also review cloud security practices.
In effect, organizations are being asked to defend their own segments of the internet. It probably won’t be long before governments launch campaigns to remind organizations the role that cybersecurity now plays in defending a way of life. In fact, failing to maintain cybersecurity in some quarters may soon be viewed as unpatriotic.
Not every cybersecurity professional is necessarily going to welcome that change in tenor and tone but at the very least cybersecurity will now always be on the board room agenda. After all, when government agencies responsible for national defense start asking questions, the implications of a security breach now go way beyond being an IT issue that only impacts that business.
By Mike Vizard
This article originally appeared on Journey Notes, the Barracuda blog.
Back