The Evolving Cyber Landscape
2023 and beyond
The cyber landscape
1. The policy challenges presented by
cyberspace are not solely technological
in nature. The cyber domain is a human-
made environment and is fundamentally
shaped by human behaviour. It amplifies
such behaviours for better or worse,
the impacts of which are usually also
felt in the physical world. Cyberspace
is owned and operated by private
companies, governments, non-profit
organisations, individual citizens and
even criminals. This means that any
strategic response to this context must
link geostrategy and national security,
criminal justice and civil regulation,
economic and industrial policy and
requires a deep understanding of the
different cultural or social contexts and
value systems interacting online.
2. Cyberspace also transcends
national borders. Technology supply
chains and critical dependencies are
increasingly global, cyber criminals
and state-based actors operate from
around the world, powerful technology
companies export products and set
their standards, and the rules and
norms governing cyberspace and the
internet are decided in international fora.
Cyberspace is also continually evolving
as technology and the ways people use
it change, requiring us to adopt an agile
and responsive approach.
What is cyberspace?
To many of us, cyberspace is the
virtual world we experience when
we go online to communicate, work
and conduct everyday tasks. In
technical terms, cyberspace is the
interdependent network of information
technology that includes the internet,
telecommunications networks,
computer systems and internet-
connected devices. For the military,
and when considering our efforts to
counter threats in cyberspace, it is an
operational domain, along with land,
sea, air and space.
How is cyberspace experienced?
Cyberspace is, by definition, a ‘shared’
space and its scale and complexity
means that every person’s experience of
it is unique. Citizens access cyberspace
when they check their bank accounts
online or stream a film at home.
Businesses use cyberspace to connect
their staff with the resources they need,
whether this is access to information or
control over a manufacturing process.
Governments provide public services to
their citizens using online portals. Cyber
professionals look ‘under the hood’ at
the technology, standards and protocols
that make it all ‘just work’ for users. All
these groups use cyberspace in different
ways and for different purposes, and we
are all making an ever-greater use of it.
Cyberspace can be described in terms of three layers:
Virtual
The part of cyberspace most people experience. It consists of
representations of people and organisations through a virtual identity
in a shared virtual space. Virtual representations could be an email
address, user identification, a social media account or an alias.
One person or one organisation can have multiple identities online.
Conversely, multiple people or organisations could also create just a
single, shared identity.
Logical
The part of cyberspace made up of code or data, such as
operating systems, protocols, applications and other software.
The logical layer cannot function without the physical layer and
information flows through wired networks or the electromagnetic
spectrum. The logical layer, along with the physical layer, allows
virtual identities to communicate and act.
Physical
The physical layer of cyberspace includes all the hardware on which
data is transmitted, from the routers, wires and hubs that you have in
your home, to large complex telecommunications systems operated
by big tech companies. As well as physical infrastructure it includes
the electromagnetic spectrum on which data is transmitted, such as
WiFi and radio.
Cyber attacks can have devastating consequences for both companies and their customers. Network compromise can lead to unauthorized access to and theft of both business and customer data. In 2022 in the US alone, there were 1,802 recorded data compromises, with 422.14 million people affected by said compromises.
Manage cyber
security risk
1. In order to manage cyber
security risk, government
organisations must be able
to identify, assess and understand them.
The foundation of this lies in the visibility and
understanding of assets, their vulnerabilities,
and the threat to them - whether internal
to an organisation or emanating from its
supply chain. Clear accountability and
robust assurance will ensure that risk
owners are aware of the risks they have the
responsibility to manage, and that they are
doing so appropriately.
2. Information about vulnerabilities must be
shared across governments to provide a
central view of critical vulnerabilities that
will enable cross-government risks to be
identified and managed, facilitating rapid
assessment, coordination and mitigation
at scale.
Protect against
cyber attack
1. The protective stance of
individual government
organisations will be
inextricably linked to their assessment and
management of risk. While it will never be
possible to protect against all attacks, those
accountable must be able to demonstrate that
they have appropriately considered those
risks and responded accordingly.
2. Proportionate cyber security measures must
be embedded in the technology government
uses, and technology and digital services
will be correctly designed, configured and
managed. Crucially, governments must develop
its shared capabilities, tools and services
to address common cyber security issues
at scale, improving cyber security across
the whole of government as well as driving
efficiency and value for money.
3.At the heart of any government’s
responsibility must be to protect the data it handles.
As well as appropriately classifying
information, governments must handle and
share it in a way that is commensurate with
the risks it presents, using the appropriate IT Systems.
Detect cyber
security events
1. Building on the foundation
of risk management and
commensurate protective
measures, governments must develop its
capability to detect cyber security events
across every part of its estate to ensure that
risks can be mitigated before they critically
impact government functions and services.
2. This means having the capability to monitor
systems, networks and services to detect
cyber security events before they become
incidents. Enhanced coordination will enable
governments to have the agility to use these
data inputs to detect at pace and scale,
facilitating coherent responses as well as
providing the capabilities to detect more
sophisticated attacks.
Minimise the impact of
cyber security incidents
1. While effective risk
management, appropriate
and proportionate
protective measures and
enhanced detection capability will make
governments a considerably hardened
target, government organisations will still be
impacted by cyber security incidents.
2. Governments must therefore be fully prepared
and able to respond to cyber incidents with
the capability to restore affected systems
and assets and resume the operation of
its functions and services with minimal
disruption. A critical component of this will
be establishing the mechanisms to test
and exercise incident response plans, both
organisationally and across government,
as well as the ability to learn lessons from
incidents and ‘near misses’.
Cyber Critical Infrastructure | Nuclear impingement
CCI | Nuclear Reimagined
CCI Infra - Nuclear Landscape | NCAM 2022
Role of Dynamic Multidimensional Security Approach Zero Trust Network Access on Critical Infrastructure.
Cyber Attacks on Critical Infrastructure | NATO
https://easytech4all.net/2021/10/01/cyberattacks-critical-infrastructure-nato/
Zero Trust Architectured Networks - US Cybersecurity and Infrastructure Security Agency . Department of Homeland Security
https://easytech4all.net/2021/10/10/zero-trust-architectured-networks-advanced-cyber-threat-intelligence/
US Intelligence and National Security Alliance
Protecting Critical Infrastructure: Key Elements of the New National Cybersecurity Strategy
Tuesday, May 2 | 1:00 - 2:30 PM ET | Virtual - two-part program!
Panelists:
Brian Scott, Deputy Assistant National Cyber Director for Cyber Policy and Programs, Office of the National Cyber Director, Executive Office of the President
Speaker from CISA (Invited)
Chris Boyer, Executive Committee Member, Communications Sector Coordinating Council, and VP, Global Security and Technology Policy, AT&T
Amanda Craig, Executive Committee Member, IT Sector Coordinating Council and Senior Director, Global Cybersecurity Policy, Microsoft
Matthew Eggers, VP for Cybersecurity Policy, U.S. Chamber of Commerce
https://insaonline.us8.list-manage.com/track/click?u=2bbe7114be6cc1ae543a8f374&id=4f659e75a0&e=d386303ff8
Cyber Council - New White Paper
Industry Contributions to Offensive Cyber Operations, outlines the importance of public/private collaboration in cybersecurity and provides five key recommendations that can help strengthen U.S. critical infrastructure.
https://insaonline.us8.list-manage.com/track/click?u=2bbe7114be6cc1ae543a8f374&id=aa1dc2fed6&e=d386303ff8
Key Highlights of
Google Cloud Security - 2023 Outlook
https://cloudonair.withgoogle.com/events/2023-emea-security-talks?talk=na-talk-1
Frontline Threat Intel Panel
https://cloudonair.withgoogle.com/events/2023-emea-security-talks?talk=na-talk-2
Cyber Crime Metamorphosis: A Case Study Examining How Criminals Adapt to Chaos
https://cloudonair.withgoogle.com/events/2023-emea-security-talks?talk=na-talk-3
Managing Open Source Software Security
https://cloudonair.withgoogle.com/events/2023-emea-security-talks?talk=na-talk-4
DDoS Trends at US Elections and What’s New with Cloud Armor
https://cloudonair.withgoogle.com/events/2023-emea-security-talks?talk=na-talk-5
Defeating Cryptomining Attacks with Native Security Controls
https://cloudonair.withgoogle.com/events/2023-emea-security-talks?talk=na-talk-6
Cloud Detection & Response Survey: Challenges and Insights
https://cloudonair.withgoogle.com/events/2023-emea-security-talks?talk=na-talk-7
Office of the CISO
RESOURCES
Improve Decision Making with Automated Contextual Awareness
https://cloudonair.withgoogle.com/events/2023-emea-security-talks?talk=na-talk-8
Quick recap of Global Cyber Threat Intelligence brainstorms (2019-2022) by https://1Power.substack.com and https://easytech4all.net
US Federal Agencies. Security Organisations
US Cyber Command.NSA.US Dept of Homeland Security.Department of Defense . Secret Service CID. CISA.FBI
https://easytech4all.net/cyber-conference/
https://1powercyber.blogspot.com/2022/05/us-cybersecurity-global-conference.html?utm_source=pocket_mylist
UN Security Council Cyber Threats Debate -
https://easytech4all.net/2022/03/06/un-security-council-cyberthreats-debate/
UNIDIR Cyber Stability Conference 2021 & AI Disruption Peace Security (innovations dialogue) 2022
https://easytech4all.net/2022/07/05/unidir-cyber-stability-conference-3rd-december-friday-2021/
https://1powercyber.substack.com/p/unidir-cyber-stability-conference
Importance of Information and Communication technologies .
https://easytech4all.net/2022/02/05/unidir-ict-information-communication-technologies/
NATO Locked Shields 2022
https://1powercyber.substack.com/p/nato-locked-shields-2022?utm_source=pocket_mylist
Cyber Polygon with World Economic Forum and INTERPOL
https://easytech4all.net/2022/01/16/cyber-polygon-2020-2021-and-2022/
https://1powercyber.substack.com/p/wef-and-interpol-cybersecurity-mega?utm_source=pocket_mylist
White House National Cybersecurity Strategy
https://www.csoonline.com/article/3689911/white-house-releases-an-ambitious-national-cybersecurity-strategy.html
Countering Ransomware with Department of Homeland Security , Cybersecurity and infrastructure Security Agency , Federal Bureau of Investigation , SecretService Criminal Investigation Department
https://easytech4all.net/2021/05/09/nownext-countering-ransomware-attacks/
Cyber Essentials by Cybersecurity and Infrastructure Security Agency and Department of Homeland Security.
https://easytech4all.net/cyber-essentials-us-dhs/
Ransomware Attackers Defenders - FBI's perspective
https://easytech4all.net/ransomware-attackers-defenders-fbis-perspective/
US Cyberspace Solarium Commission
https://easytech4all.net/2022/04/10/us-cyberspace-solarium-commission/
UK Cybersecurity Association with Digital Police Center.
https://easytech4all.net/uk-cybersecurity-association-1-day-summit/
Fourth Annual Cybersecurity Summit by Cybersecurity and Infrastructure Security Agency .
https://easytech4all.net/2022/02/07/4th-annual-national-cybersecurity-summit-by-cisa/
Fourth CEO Summit - USA
https://easytech4all.net/2022/06/27/iv-ceo-summit-of-the-americas/
State of American Business 2023
https://easytech4all.net/state-of-american-business-2023/?utm_source=pocket_mylist
Challenges faced by Government and international LAW Enforcement
https://easytech4all.net/2021/10/06/watch-challenges-faced-by-govt-and-int-law-enforcement-cybersec-on-youtube/
Intelligence and National Security Alliance (INSA) 2022 UPDATE
https://easytech4all.net/future-of-intelligence-community-workforce/
What is Advanced Cyber Threat Intelligence ?
https://easytech4all.net/2020/09/20/what-is-advanced-cyber-threat-intelligence/
Accreditations Webinars LMS - Cybersec CTI
https://easytech4all.net/2020/12/29/cybersec-accreditation-nanocertifications/
Google Cloud Security Summit with Chris Inglis (National Cyber Director , Executive office of the US President)
https://1powercyber.substack.com/p/google-cloud-security-summit-with
Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes. The term and the initialism SIEM was coined by Mark Nicolett and Amrit Williams of Gartner in 2005.
https://1powercyber.substack.com/p/security-information-and-event-management?utm_source=pocket_mylist
Zero Trust Architectured Networks by Cybersecurity and Infrastructure Security Agency
https://easytech4all.net/2021/10/10/zero-trust-architectured-networks-advanced-cyber-threat-intelligence/
1PowerCyber and Easytech4all Global CTI Research & Analysis.
https://easytech4all.net/internet-ranking-advanced-cyber-threat-intelligence/
https://easytech4all.net/2021/02/21/easytech4all-ranking-for-advanced-cyber-threat-intelligence/
https://easytech4all.net/2020/12/30/3452-best-cybersecurity-stories-by-easytech4all-on-flipboard-quick-updates/
Mapping Global CTI Landscape and Visual Trends
https://easytech4all.net/2021/02/14/mapping-global-ranking-for-advanced-cyber-threat-intelligence/
International Cyber Threat Intelligence Brainstorms
https://easytech4all.net/1-power-cybersec-cti-brainstorms/
Safe and Secure Digital Ecosystem for Schools by US Department of Homeland Security and Department of Justice
https://easytech4all.net/2022/04/10/safe-and-secure-digital-ecosystems-for-students/
Global Cyber Threat Landscape
https://easytech4all.net/cyber-threat-intelligence-landscape/
https://easytech4all.net/cyberwar-ww3-flashpoint/
CyberKinetic and 5G
https://1powercyber.blogspot.com/2022/05/cyber-kinetic-world-war-3-and-5g-in.html?utm_source=pocket_mylist
https://1powercyber.substack.com/p/cyber-kinetic-warfare?utm_source=pocket_mylist
Cyber Independence and Freedom
https://easytech4all.net/2021/08/14/cyber-independence-freedom/
Cyberattacks and Critical Infrastructure (Reading & Resources)
https://easytech4all.net/2021/10/01/cyberattacks-critical-infrastructure-nato/
Space Threats and Satellite Navigation Systems
https://easytech4all.net/2022/03/06/threats-to-satellite-navigation-system-conflict-in-space/
https://1powercyber.substack.com/p/space-threats-satellite-navigation?utm_source=pocket_mylist
Comsec Protocols and Paradigms
https://1powercyber.substack.com/p/comsec-protocols-and-paradigms?utm_source=pocket_mylist
Advanced Cyber Threat Intelligence Landscape and Updates via Digital Magazine by 1PowerCyber for Easytech4all.net
https://bit.ly/3P8gCTT
Advanced Cyber Threat Intelligence Research Analysis Assessment and Projections . Video Playlist .
https://bit.ly/3yqDEje
Advanced Cyber Defense Threat Intelligence Blog in Progress
https://easytech4all.net/author/easytechonline/
https://1powercyber.blogspot.com
https://easytech4all.tumblr.com/
https://medium.com/@1PowerCyber
References
Clarke R.A, K. R. (2010). Cyber war: the next threat to national. eCCO.
Clarke, R. (2011). Cyber War: The Next Threat to National Security and What to Do About It. Harper Collins.
Cybersecurity and Infrastructure Agency. (2021, October 15). CISA HOME. Retrieved October 14, 2021, from https://www.cisa.gov/about-cisa
Gazula, M. B. (2017). Cyber Warfare Conflict Analysis and Case Studies. Massachusetts Institute of Technology .
Jeremy Rabkin, A. R. (2016). Hacking Back Without Cracking Up. Aegis Paper Series No. 1606.
Kukuh Ugie Sembodho, A. T. (2021). The Limitation of United States Deterrence Strategy Towards North Korean Cyber . Global Strategis, p. 150.
Libicki, M. (2009). Cyberdeterrence and cyberwar. Santa Monica: The Rand Corporation.
M, T. (2012). An analysis for a just cyber warfare in Cyber Conflict (CY-CON). , 2012 4th International Conference on,, (pp. 1-10).
National Security Agency. (2021, October
14). NSA Home.
Parks R, D. D. (2011). Principles of cyberwarfare, security privacy. IEEE, 30-35.
Rid, T. (2012, March). Think Again: Cyberwar. Foreign Policy , pp. 80-84.
Sanger, D. (n.d.). The Perfect Weapon: War, Sabatoge, and Fear in the Cyber Age. New York: Crown Publishers.
Schmitt, M. (2014). The Law of Cyber Warfare: Quo Vadis? Stanford Law & Policy Review, 269-270.
Tallin Mannual. (2017). Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.
The White House. (2011, April). National Strategy for Trusted Identities in
Cyberspace.
The White House. (2021). Improving the Nation’s Cybersecurity. Federal Register Vol. 86.
Trautman, L. J. (2016, April). Cybersecurity: What About US Policy? Journal of Law, Technology & Policy, p. 344.
US Cyber Command. (2021). US Cyber Command Mission. Retrieved from https://www.cybercom.mil/About/Mission-and-Vision/