Undisclosed cyberattack data puts nation at risk

Hostile activities in cyberspace have grown, and by many accounts the growth rate has been dramatic. But few people have a real appreciation of just how big this issue actually is, and for good reason. When we look at the cyberattacks, we break the collective environment into three distinct areas:

  • What happens in the classified environment?
  • What happens and is disclosed in the open environment?
  • What happens and is undisclosed in the open environment?

In the classified environment it is necessary to have controls in place to protect the information about cyberattacks from being disclosed. For these reasons information about cyberattacks in this environment is typically restricted to those with a need to know. The disclosure of this information could hinder ongoing investigations or compromise covert cyber missions. 

Related coverage:

More from the Digital Conflict blog

In the open environment businesses, government entities with nonclassified-but-sensitive data, educational institutions and other organizations can and most of the time do disclose when they fall victim to cyberattacks. In some cases there are regulations that actually require the disclosure of these events. Organizations have learned that proper and timely disclosure of successful cyberattacks can actually help mitigate the total amount of attack damage to the organization.

In the undisclosed environment, government entities with nonclassified or sensitive data, educational institutions and other organizations either do not have or choose to ignore their requirement to disclose successful cyberattacks. When an entity is compromised, it often is concerned about how its organization will be viewed because of the incident. In other incidents management or those who are responsible for securing the systems tend to operate in their own self-interests and do not inform management of the incident.

The largest area is the undisclosed environment. That is why we call the cyberattack economic damage to the undisclosed environment "the big unknown." In one case, a privately held company experienced a cyberattack that was successful by anyone’s standard. The information on more than 200 pieces of intellectual property was copied and exfiltrated from their corporate systems. In a short period of time after the incident, the company noticed that a few patents had been filed in a foreign country. After examination of the foreign patent document, it was determined that they were clearly based on pieces of the intellectual property that had been stolen.

The United States is the most innovative and creative country in the world.The national security implications associated with the theft of classified intellectual property and data are well recognized. However, the theft of our unclassified intellectual property and the economic impact on the company and the U.S. economy are underappreciated.

The economic and national security implications of the recent publicly disclosed “Shady RAT” cyber espionage incident that operated for at least five years are unknown. Researchers into this incident are quick to warn that only one of the multiple control servers was analyzed; therefore, the number of entities compromised is likely to grow, as is the amount of data and intellectual property that were compromised in the attack. 

In a rare public statement, the Government Communications Headquarters, a British intelligence agency (much like the National Security Agency in the United States), expressed its concern and pushed for increased defenses. The United States has significant intelligence collections capabilities. Many claim they are the best in the world. It is important to recognize our intelligence agencies do not work alone. Our allies and their intelligence organization share intelligence they collect with us and we respond in kind. There are those who warn at some point in time, international intelligence providers to the United States might choose to mitigate the risk to their intelligence assets and stop providing the intelligence to the United States about these breaches. In fact, that could be one of the motives behind the constant attacks.

Reader Comments

Mon, Sep 19, 2011 John Heffernan 13601

Any technology on (any) server should be encrypted if not already. Also un-workable technology decoys should be placed on servers to mislead hackers into believing they have captured good imformation. Servers not connected to any outside lines should be encased in lead shields . Also shielded doors to use these servers should be lead lined.


I recently attended the Defense Systems Summit. Several individuals made comments seeming to indicate that cyber security was under control, or the methods of "business as usual" were adequate. Clearly, as indicated in this article, this is not the case. We are at war in this domain, and we are not winning. Nothing will blow up, nothing will be disabled on a national scale, and no kinetic effect is involved nor is any shutdown. None will be needed to defeat us. Our information is being extracted and leveraged, and we have lost jobs, IP, intelligence, means of production, companies, capabilities and more already. Something must change in our national response.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above