APT: A Geopolitical Problem

Via A Fistful of Dongles (AFoD) Blog -

An important thing to understand when thinking about advanced persistent threat (APT) is that it’s a much bigger problem than any one of us individually as organizations can handle because it's ultimately a geopolitical issue. We're talking about nation-states who are engaging in attacks against the confidentiality of sensitive data that belongs to other nation-states, their industrial base, academic institutions, and non-profit organizations. In other words, China isn't going to stop using cyber attacks as an active tool for its national security and economic development efforts until someone forces them to do so or their government changes radically.

Being targeted by a nation-state actor is a daunting thing to consider. Matt Olney, who is still the reigning champion of the pithy APT definition, wrote, "APT: There are people smarter than you, they have more resources than you, and they are coming for you. Good luck with that." Matt wasn't kidding when he said they have more resources that you. A nation-state has the ability to levee taxes and print money. I don't care what your organization’s profit margins and revenues were last year, they can't compete when it comes to outspending these people. Nation-states can have tremendous resources when it comes to personnel, intelligence gathering, education, and research and development capabilities. Jonathan Abolins made a fine point in response to my last blog post when he stated that if your organization is targeted by a nation-state for cyber attacks, it's almost certainly being targeted by more traditional physical data collection methods. Nation-states have comprehensive intelligence collection strategies where information warfare is just one piece of their strategy.

[...]

So what can you do? The first thing you should do is to educate yourself about the nature of the threat so that you can cut through the noise and properly educate your organizational leadership.

[...]

You should also maintain at least a working knowledge of the business and geopolitical world around you. Since advanced persistent threat is a nation-state issue, it's important to understand what is happening in the world and how it connects to your daily life as an information security professional. There are resources such as The Wall Street Journal, The Economist, Brookings, Council on Foreign Relations, and Foreign Policy that all have robust and convenient online presences complete with mobile applications.

-----------------------------------------------------------

Eric makes a very serious point, one that is often overlooked in APT discussions. These nation-states are conducting espionage operations (both cyber and physical) for a purpose.

Looking at the world through a geopolitical lens can often lead to insight and deeper understanding of that purpose - this understanding is key to defending against it.

The convergence of global geopolitical and local political realities with cyber-attacks will only increase. Those information security professionals not willing to embrace (or at the very least accept) that truth are desired to fall behind in the fight.