OPINION:
A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
One of the more ominous consequences of Russian leader Vladimir Putin’s invasion of Ukraine, the most destructive land war in Europe since World War II, has been the tectonic shift in the geopolitical landscape it has caused.
Increasingly dependent economically and militarily on Iran, North Korea and China, the Kremlin has become the centerpiece of this century’s new axis of tyranny.
In last week’s Intelligence threat briefing on Capitol Hill, Director of National Intelligence Avril Haines emphasized that, because of its needs in the war, Russia has been “forced … to grant long-term concessions to China, North Korea and Iran, with the potential to undermine, among other things, long-held nonproliferation norms.”
Ms. Haines added that the four dictatorships’ “growing cooperation and willingness to exchange aid in military, economic, political, and intelligence matters enhances their individual capabilities.”
The emerging axis of tyranny only complicates the already complex threats to U.S. security, including China’s militarization of the South China Sea, North Korea’s nuclear saber rattling, Hamas’ attack on our ally Israel, and Iran’s growing nuclear capability, ballistic missile programs and support of proxy terror groups.
But the threats are even more multifarious, especially in the unregulated fifth domain of cyberspace, which operates as a force multiplier for freedom of expression and commerce. The U.S. private sector is squarely in the crosshairs of not only cyber criminals but also cyber spies recruited by the North Korean, Chinese, Russian and Iranian regimes.
Consider Russia’s SolarWinds attack on Orion software and the 2021 DarkSide attack against Colonial Pipeline. China has targeted Microsoft and operates its infamous Volt Typhoon hacking group, and North Korea launched a damaging cyberattack on Sony. CIA Director William Burns has repeatedly sounded the alarm about Iran’s cyber targeting of U.S. critical infrastructure.
The intelligence community and the U.S. Cyber Command are exceptionally effective at detecting and preempting cyberattacks. But private businesses must still be prepared for when a cyber hacker successfully evades our full-court press. As a first step, that means hardening corporate defenses with secure routers and servers, establishing firewalls with antivirus technology, continually updating security patches, and employing encryption measures for sensitive files.
When I served at the CIA, we used to say there were two kinds of governments: the ones that had been infiltrated by spies and the ones who did not know it yet.
Similarly, companies should assume they have already been hacked. That’s why installing the most sophisticated incident response platform is critical to detecting cyber intrusions and reducing response time to seconds. Cyberattacks are not like fine wine; they do not get better with age.
Businesses should also have a comprehensive insider threat program. The overwhelming majority of cyber intrusions result from unwitting human error, which can be addressed with a rigorous program of training and awareness. Case studies, which teach cybersecurity best practices, enable employees to be warned about the risks of opening malicious attachments, the dangers of social engineering, and the importance of reporting any concerns to their security officer.
Training, in short, has to be so routine that it becomes part of every employee’s intellectual muscle memory, because all it takes is a lapse in one employee’s judgment to cause massive harm to the entire company.
None of the axis of tyranny dictatorships distinguishes between lawful military targets and civilians. Having formed a “without limits” strategic partnership, Russia and China enjoy a robust exchange of intelligence on U.S. cyber vulnerabilities. Dependent on North Korea and Iran for the artillery and drones for its Ukraine war, the Kremlin would not hesitate to share cyber hacks with Kim Jong Un and the Iranian mullahs.
Our adversaries will always seek to enable cyber operations with human sources, also known as malicious insiders. That’s why an effective insider threat program includes onboard vetting, life-cycle management for all employees, and careful attention to red flags, all to create a powerful ethos of security.
The axis of tyranny, bound together by a fear of democracy, is constantly trying to vacuum up our personal information and steal our intellectual property, which they lack the know-how to produce themselves. The U.S. public and private sectors can reduce their targets of attack by hardening defenses with technology and an effective insider threat program.
Even the most sophisticated cyber hackers conduct reconnaissance of their targets before they strike, which gives us a fleeting window of opportunity to protect ourselves in the increasingly perilous landscape of cyberspace.
• Daniel Hoffman is a retired clandestine services officer and former chief of station with the Central Intelligence Agency.
Please read our comment policy before commenting.