The nation of Costa Rica is famous for its biodiversity and lush rain forests. In the past month it has also become synonymous with advanced cyber attacks [1]. It is battling a vicious large-scale advanced ransomware attack on its core government finance offices and civil ICT systems.
There are in fact, deep parallels between the domains of cyber security and rainforests. Both are complex adaptive systems and both need to be carefully analysed in the light of multi-scale interactions, over extended time periods.
In the case of the Costa Rica forests, they are under threat from both climate change and local agricultural/economic demands. Only careful observation over time and at all scales, reveals the true status and allows planning to restore them.
In like manner, cyber defence requires long-term observation and a full-spectrum analysis of sophisticated attacks in order to reveal the true situation [2]. In this specific case, a Russian cyber gang is evolving its attack vectors and targeting state bodies in countries that lack advanced cyber protections.
In both worlds, natural and synthetic the local system can take some measures to defend itself, i.e., reducing logging and improving eco-tourism to replace agricultural impacts, or raising local cyber defences. However, in both cases, the targeted systems also require global shifts in human behaviour: reducing climate impact and CO2 emissions, and international pressure and norms against state-level cyber games. We may even analyse computational threats using biological models [3].
This example is intended to highlight the multi-scale nature of cyber threats and the complex interactions between local, regional and global processes and actors. The communities defending cyber assets tend to focus on the local impact of an attack and fail to see the international dimension. A system penetration in one organisation is often merely the creation of a launch platform, for a more global launch of an attack vector.
We all require a greater effort to achieve improved international norms of behaviour and standards that lift the security of the global cyber commons. However, this process is a minefield of cultural and social values. For example, the access to quality end to end encrypted services, is a topic of heated debate between societies and groups seeking defence against criminals and hostile governments, versus those who argue states must have the right to override individual freedoms, in the name of security.
The author is in favour of strong encryption for the masses, for many reasons, but the most basic is that any backdoor quickly creates major new vulnerabilities for criminal use.
Defending the cyber commons, just as we seek to defend natural resources, is a contest of values and perspectives. There is no simple technical fix for either.
Hence, here in the GALLOS community, we have attempted to fuse a range of deep talents and diverse perspectives, in order to best address the true complexity of cyber defence.
References:
1. Costa Rica ransomware, a state level national crisis: https://www.theguardian.com/world/2022/may/12/costa-rica-national-emergency-ransomware-attacks
2. https://www.zdnet.com/article/ransomware-conti-gang-is-still-in-business-despite-its-own-massive-data-leak/
3. Architecture for an artificial immune system, Steven A Hofmeyr, Stephanie Forrest, 2000/12 Journal of Evolutionary computation, Volume, 8 Issue 4, Pages: 443-473, Publisher, MIT Press.