CHICAGO -- Former CIA officer Valerie Plame said the landscape for nation-state cyberattacks has shifted toward more complex and potentially dangerous "strategic, geopolitical motivations."
Plame, a former CIA officer who specialized in preventing the proliferation of nuclear weapons and other weapons of mass destruction, spoke at the 2017 Cloud Identity Summit about the dangers of cyber-offensive capabilities and state-sponsored hacking in today's world. Plame became a national figure in 2003 after her identity as a covert CIA operations officer was leaked to the press by George W. Bush administration officials. But prior to that incident, she spent years working on preventing nation-state attacks on the U.S., which she said gave her an inside look at the emerging dangers of technology.
"I was able to see very early on the inherent power of cyber capabilities for both good and bad," she said.
Plame said recent nation-state cyberattacks -- specifically the North Korean hack of Sony Pictures Entertainment in 2014 and, more recently, the Russian cyberattacks on Democratic Party organizations and state election systems -- show a troubling trend for the U.S. "These incidents have had the most immediate national impact, but they were not really attacks, per se," Plame said. "They were influence operations."
These attacks weren't about stealing money, intellectual property or even sabotaging critical infrastructure, Plame said, but instead were focused on achieving geopolitical goals. Even seemingly benign campaigns around generating "fake news" are dangerous, she said, because operations such as the Pizzagate conspiracy theory have "real-world consequences."
In addition to Russia, Plame noted that China, Iran and North Korea were the top nation-state cybersecurity threats for the U.S. In particular, she emphasized the potential for increased nation-state cyberattacks from the latter two countries.
"Of all of America's adversaries, Iran has been the most persistent in conducting attacks meant to disrupt U.S. companies and infrastructure," she said, adding such attacks have decreased somewhat following the recent U.S.-Iran nuclear agreement. But Plame said if the U.S. government dismantles the agreement, "I am almost certain that Iran will act out again using a wide range of means, including cyberattacks."
North Korea, meanwhile, is using cyberattacks to gain attention from the international community and further its agenda in lieu of military action. "It's a way for North Koreans to actualize their tantrums and have a direct, though limited, impact on the U.S. and South Korea," she said. "They know they can't keep pace with the Americans and South Koreans, so cybersabotage offers unique benefits, and cybercrime is a way for them to raise hard currency."
Plame also warned of the risks of terrorists leveraging cyberattacks to accomplish their goals. "Terrorists will not hesitate to use cyber capabilities if it offers an easy way to act out their hatred," she said, adding that so far, most terrorist organizations have been on the receiving end of U.S. cyber-offensive capabilities, rather than a source of cyberattacks. But Plame said that could change very quickly.
During the Q&A session with the audience, Plame was asked what the cyberattack equivalent of a nuclear bomb would be. "I would actually combine the two," she said, citing an editorial in The New York Times from Bruce Blair on the technical vulnerabilities in the U.S. nuclear command-and-control infrastructure. "We are already so vulnerable there because we're human and because there could be accidents -- miscalculations that could lead to a nuclear incident. You add to that the potential for hacking, and it's really frightening."
Cyber attribution and deterrence
On the plus side, Plame said cyber attribution of nation-state cyberattacks isn't "nearly the challenge that it used to be," and private sector companies like CrowdStrike and FireEye, in conjunction with intelligence efforts from the U.S. government, have made "tremendous gains" in determining the source of nation-state cyberattacks. However, she said she'd like to see "more proof" of Russian cyberattacks on U.S. elections.
Plame also noted that while cyber attribution methods have improved, the U.S. is still struggling to develop effective deterrence for nation-state cyberattacks.
"Deterrence remains the most poorly understood dynamic," she said. "To my knowledge, no one has yet died directly from a cyberattack, and this suggests that nations are showing some restraint."
But Plame said deterrence is not working below that threshold for loss of life. "All of the major cyberpowers, the U.S. included, are enjoying a free-for-all, which is growing worse every year," she said. "Developments in cyberconflict are driven less by new technologies than the increasing and incredible audacity of the major cyberpowers and the evermore escalatory activities.
Learn more about the dangers of cognitive hacking and 'fake news'
Read about why information security and privacy requires a balancing act
Discover how the WannaCry ransomware attacks exposed enterprise security failures