Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

The Rise of the Outside Insider Threat

Former partners and suppliers are storming Ukrainian networks, leaving lessons for the world.
By Diego Laje
The NATO CCDCOE moved to a new building in a former military base to accommodate specialists from a growing number of member nations. Photo credit: Diego Laje, SIGNAL Media.
The NATO Cooperative Cyber Defence Center of Excellence has moved to a new building in a former military base to accommodate specialists from a growing number of member nations. Photo credit: Diego Laje

They were trusted partners or supplied a reasonable technology alternative. But that was before.

Now, those individuals are a weapon of war. A capability that Russia leverages through voluntary or coercive means.

For example, a company that was operating in both Russia and Ukraine, supplying software to control critical infrastructure to both countries, chose to abandon its business with the invaders, but a gap was left unplugged: Russia-based employees.

“These people are now a weapon in the hands of Russian aggression against Ukraine. That knowledge about these solutions is used to attack Ukraine,” said Mart Noorma, director of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).

The CCDCOE is a NATO-affiliated organization that fosters cooperation of like-minded nations with training and exercises in four core areas: technology, strategy, operations and law. Korea, Japan and Ukraine, while not NATO members, also participate, along with other extra-NATO countries.

 

 

 

 

 

 

 

 

 

 

 

Once a company leaves Russia, its former employees have no protection against its authoritarian government or its security apparatus: Russia’s Federal Security Service (FSB), or the Main Intelligence Directorate, or GRU by its English acronym.

“We thought that we have NDAs (non-disclosure agreements); we have contracts that protect us now. If the FSB or GRU, say, forces people, or by political agency do it themselves, they are all forced or willing to attack Ukraine regardless of their NDAs or contracts they might have had,” Noorma told SIGNAL Media in an exclusive interview in Tallinn, Estonia, where the CCDCOE is based.

These threats can be classified into different types.

When software was developed by a third country, and all employees had the same access to it, the wrestling happened on a somewhat level arena.

“Both parties pretty much have the same knowledge about the system, so a party can attack the other party, only if a party makes a mistake, a misconfiguration, or leaves a backdoor,” Noorma said.

 

 

 

 

 

Mart Noorma, NATO CCDCOE's director.
These people are now a weapon in the hands of Russian aggression against Ukraine.
Mart Noorma
Director, NATO CCDCOE

 

Nevertheless, another scenario complicates the situation for defenders: when a system is developed in Russia and the government gains access to its creators.

“A threat gets kind of an order of magnitude more significant because they might have some kind of inside knowledge that nobody else has,” Noorma explained.

This risk plagues critical infrastructure from Soviet times and is a vulnerability that any adversarial country could leverage against democracies. Noorma called it a global threat, and clarified it was not only limited to the Russo-Ukrainian conflict.

Noorma also stressed that cyber warfare has placed citizens as the first line of defense against malicious attacks and that savvy users are the best protection against most aggressions, sparing experienced defenders for a minority of refined actions.

 

Enjoying SIGNAL?
SIGNAL Magazine is available through subscription or as part of your membership in AFCEA.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA