Nation State Cyber Attacks- Impacts and defenses

by Marry W
Sept. 30, 2017 2 comments 3 minute read Management espionage incident handling nations
Download PDF

Introduction to Nation-State Cyberattacks

Nation states and their proxy’s cyber-attacks so far remain to be one of the most persistent and advanced threats to the United States, especially from China and Russia. Nation-state attacks are known to prey upon the standard business practices of having untrained or unaware employees in business units as the targets of their security practices. Many nation-state attacks have for instance attempted to infiltrate a network via organizations in HR Departments. Depending on the sophistication of a given enterprise to be able to detect or identify malware, the presence of a non-commodity-based malware or purpose-built malware is an indicator that the organization may be face risk of a nation-state threat actor who may be targeting the organization. Attacks are especially interested in Personally Identifiable Information as well as Intellectual Property. Most industry dependent or geo-specific nation attacks are driven by the motivation that there is likely to be a competitive advantage when the attack occurs. Unlike the other criminal world hacker counterparts, nationally backed hackers are at times part of the country’s military security and intelligence organization. Factors such as the magnitude of the attack, kind of the damage resulting from the attack, identity of attacks and the manner through which compromised information is utilized all redefine nation-state cyber espionage.


Tools used during a nation-state cyber-attack are just the normal tools that are used by hackers while gaining access to a normal system or device. They are however used to a much larger extent than the normal hacking mechanisms. DDoS attacks are the most prevalent when attackers want to disrupt the victim nation-state’s communication system. The reason as to why they remain the preferred method for perming the attacks is as a result of the limited resources that are required even when a more powerful or larger victim is the target. Malware such as viruses, worms, and Trojan horses have also become popular tools that can be used in the disruption of normal computer operations such as secretly collecting data or sabotaging it totally. Logic bombs that are set to trigger at a specific point of time or when triggered by a certain event are also used in nation-state attacks. These kinds of attacks can turn out to be disastrous especially when carried out on a large scale to between warring nation-states. Advances in digital technology are also key in motivating these kinds of attacks. This is especially due to advanced photo and video manipulation when an attacker gains access to a victim’s network.

Impact of a Cyberattack

The daily internet user may fail to realize the implication of a nation-state cyber-attack. The truth of the matter is that implications may range from monetary loss, damage of systems, leaking of data, physical infrastructure damage that may result to civilian casualties. Hindrances in communication would also result in compromise of a country’s defense

Elements that may alter the world’s cyber-security landscape.

  • Outage of critical national infrastructure
  • Cyber arms treaty signed by world leaders after joining and creating a cyber-arms control regime.
  • New actors such as Poland, Brazil, and Taiwan on the cyber stage.
  • Stronger focus on evasion

Precautions against/combating against nation-state cyber-attacks

  • Deterrence is a great strategy for use by the authorities, and a nation should make it convincing to the rival group that the country has the mechanism to respond to the cyber intrusion even through the use of military force. This scares away other countries that may be planning an attack hence preventing a real intrusion. Persuading troops to other nations that a computer virus attacks are the reason as to why troops should be deployed in a certain country is however very hard. A reasonable solution towards deterrence should thus be found.
  • International Cooperation and treaties through conferences and diplomatic missions
  • Countering the attack through a similar and more powerful cyber-attack. Estonia, for instance, suspended certain Russian IP address following a DDoS attack that had been launched by Russia.
  • Development of a robust cyber-security Framework that every employee is required to follow with set consequences for noncompliance.
  • Trusted Internet connection initiatives
  • Public-private partnerships and information sharing. Alliances, coalitions, and partnerships should also be built abroad as this helps understand the threats that other nations face, the mechanism used to mitigate the threats. This helps in building one’s defense and to counter potential adversaries when necessary.
  • Regular review of company’s vulnerability management program that can report events in order to understand where the vulnerability lie and actions that can be taken in order to mitigate the risk.
  • Employ threat model and detection especially with the evolving cyber threat environment.
  • Diligence in not overexposing a company to vendors before the company’s data infrastructure has been secured.
  • Intergovernmental partnerships
  • Development, implementation, and testing of a valid incident response plan.

Strategies for use by the armed forces include;

  • Build and maintain ready forces and capabilities in conducting cyberspace operations.
  • Jamming the information system of the rival
  • Damaging the enemy’s information system
  • Ensuring that the Department of Defense or armed forces systems deny any sort of intrusion in the system and that their systems are resilient.
  • Having a tested and proper alternative solution to ensure continuity even when the system is shut down or accessed.
  • Dispersing enemy forces arms and fire while concentrating on one’s forces.
  • Reverse deception to the enemy. Later on, a virus may be released to muddy the flows.
  • Intimidation by building considerable momentum and playing with the enemy’s psychology. This can be achieved by having information based capability demonstrations.
  • Prevailing over the enemy through the use of extraordinary means that surprise the rival. *

Published with the express permission of the author.

2flash 5 months, 2 weeks ago

A pretty well written analysis on cyber attacks. I really like the author's point of view here! :)

Mitchell Rowton moderator 5 months, 2 weeks ago

Cyber espionage has gotten much more dangerous these last few years. You can look at the work that Russia did and the tools the NSA uses to understand this is a growing threat.