The progression of cyber warfare has swiftly advanced in the past decade, compelling governments and industries across the globe to rethink their cybersecurity strategies. While deterrence and reactive defenses previously took center stage, the advent of cyber persistence – actively pursuing threats before they manifest – now stands as the new frontier. This transition, led by the United States and promptly embraced by its allies, underscores the realization that defense alone is insufficient to safeguard cyberspace.
The drive behind this proactive cyber strategy is evident in initiatives like America’s Defend Forward, the surge of cyber persistence among U.S. partners, and the successful dismantling of notorious factions such as LockBit ransomware. Concurrently, the broader implications of this shift are disclosed in the U.S. Department of State’s emphasis on digital unity versus digital dominion.
Cyber persistence: An intentional pivot
The concept of cyber persistence, as opposed to cyber deterrence, is remodeling global cybersecurity endeavors. Conventional deterrence theories, which aim to dissuade adversaries through retaliation prospects, have failed to tackle the intricacies of cyber criminal conduct. Malicious cyber elements, including state-supported bodies and organized crime syndicates, persist in exploiting vulnerabilities, resulting in compromises of critical infrastructure, theft of sensitive data, and disruptions to government or corporate networks.
In response, the U.S. Department of Defense 2023 Cyber Strategy reinforced the nation’s commitment to “Defend Forward”, a proactive methodology crafted to directly impede adversaries’ operations. This approach enables cybersecurity units to detect nefarious activities before they escalate, monitor adversaries, and take measures to prevent or mitigate attacks. Allies of the U.S. like the United Kingdom, Japan, Canada, and the Netherlands have subsequently embraced analogous strategies, recognizing the imperativeness of perpetual vigilance and operational persistence to outpace evolving threats.
As delineated by the U.S. DoD, engaging adversaries during the planning stages is pivotal in fortifying a more secure cyberspace. This necessitates monitoring the capabilities and intentions of malicious elements and diminishing their capacity to act. Such a proactive stance mandates collaboration, synchronization, and trust among allies, particularly since cyber operations often entail collective endeavors where one nation invites another into its networks for defensive collaboration.
The transition from deterrence to persistent involvement
Increasingly, nations like the UK and the Netherlands are initiating proactive measures to combat cyber threats by operationalizing cyber persistence. For instance, the UK’s National Cyber Strategy underscores the significance of actively addressing adversaries’ cyber dependencies and underscoring the necessity for persistent involvement in cyberspace. Other instances of this shift encompass Japan’s endeavors to introduce active cyber defense and Canada’s participation in “Hunt Forward” operations, which both focus on actively locating and disarming malicious perpetrators.
NATO has also acknowledged the urgency of adopting a more proactive cyber stance. The 2022 NATO Strategic Concept recognizes the perpetual contention in cyberspace. The document explicitly asserts that the cumulative impact of cyber activities could escalate to the level of an armed assault, potentially invoking NATO’s collective defense commitments under Article 5. This affirms the recognition of cyber persistence as an indispensable component of national and collective security.
While deterrence remains a foundational strategy for nuclear and conventional warfare, the realization is growing that in cyberspace, persistence – continuously identifying, mitigating, and neutralizing threats – is pivotal to preventing major cyber incidents.
Explore IBM X-Force Red offensive security services
The LockBit ransomware takedown: An instance of persistence
The takedown of the LockBit ransomware group under Operation Cronos in February 2024 serves as a prime illustration of how persistent cyber strategies can effectively neutralize substantial threats. LockBit, one of the most prolific Ransomware-as-a-Service (RaaS) entities, was culpable for roughly a quarter of all ransomware attacks in 2023, inclusive of assaults on hospitals and other critical services during the COVID-19 outbreak.
Operation Cronos, a coordinated global endeavor, yielded notable arrests, sanctions, and the confiscation of LockBit’s operational framework. This wasn’t solely a technical takedown; it was a comprehensive effort to undermine the group’s viability. Law enforcement agencies managed to breach LockBit’s internal communications, expose its affiliates, and disrupt its financial networks. This collective disruption markedly tarnished the group’s reputation, impeding its capacity to regain traction within the cyber criminal community.
Despite attempts by LockBit’s leader, known as “LockBitSupp,” to assert the group’s resurgence, analyses reveal that the law enforcement operation has enduring impacts. The exposure of the group’s internal workings instigated wariness among affiliates, with many severing ties with the group. The success of the takedown exemplifies the strength of cyber persistence as it entailed not solely technical measures but also strategic psychological operations aimed at eroding the group’s support base.
Digital solidarity versus digital sovereignty
At the crux of the United States’ international cyber strategy lies the principle of digital solidarity, diverging from the protectionist tenets of digital sovereignty. Digital solidarity advocates for collaboration and mutual reinforcement among nations, accentuating the necessity for a secure, inclusive, and robust digital network. Unveiled in the U.S. Department of State’s 2024 International Cyberspace and Digital Policy Strategy, this strategy calls for fostering international coalitions, aligning regulatory frameworks, and promoting the unimpeded flow of data across borders.
The fundamental tenets of digital solidarity involve advancing an inclusive digital milieu, aligning governance methodologies concerning data, and promoting responsible state conduct in cyberspace. These endeavors strive to ensure that all nations, particularly emerging economies, have access to secure digital infrastructure and that global cooperation can thwart cyber threats through shared intelligence and coordinated defense actions.
In juxtaposition, digital sovereignty emphasizes national authority over digital infrastructure and data. Nations embracing this stance seek to shield their digital assets by restricting foreign entry into their markets and mandating data containment within national boundaries. Despite proponents’ arguments that this approach could reduce reliance on foreign technologies and bolster security, critics caution that it fragments the global digital network and complicates collective responses to cyber threats.
The tension between digital solidarity and digital sovereignty carries substantial implications for global cybersecurity. As the world’s digital structure grows more interconnected, the U.S. and its peers advocate that collaboration, not seclusion, is pivotal in addressing the intricate cyber challenges of the future.
The future of proactive cyber defense
The shift from deterrence to persistence in cyberspace ushers in a new era of proactive cyber defense. By identifying vulnerabilities, disrupting adversaries’ operations, and engaging in ongoing cyber operations, the U.S. and its allies are reshaping nations’ approaches to cybersecurity.
Cases like the LockBit takedown underscore the efficacy of this strategy. Moreover, the accentuation on digital solidarity highlights the significance of international cooperation in fostering a safer and more robust digital environment. As cyber threats continue evolving, the persistence approach is likely to emerge as a cornerstone of contemporary cybersecurity, striving to empower nations to outmaneuver adversaries and fortify the future of cyberspace.