Predicting where cyberattacks will take place

The importance of robust cybersecurity on a national level has seldom been more underlined than it has in 2020. 

In the past year, COVID responses have been hampered by cyberattacks while presidential elections have been riddled with concern about foreign interference and voter fraud. It's perhaps no surprise, therefore, that Harvard has begun publishing a league table according to a country's digital capabilities.

The National Cyber Power Index aims to compare the ability of each country to successfully defend itself from cyberattacks. It’s a tool that is obviously interesting in an academic sense, but its static nature doesn’t necessarily help cybersecurity teams in the here and now. This is where a new database that has been developed by researchers at Johns Hopkins University aims to step in.

The Cyber Attack Predictive Index (CAPI) provides a degree of foresight into where cyberattacks might happen on a national level. The initial scan suggests, for instance, that there is a strong likelihood of a cyberattack by Russia on Ukraine, with the second most likely being an attack by the United States against Iran.

"The use of cyber operations to degrade and disrupt critical infrastructure, to send a political message, to disrupt economic activities, or to shape adversarial national security objectives has led to a new type of conflict among nation-states," the team explains. "As more countries develop cyber capabilities, cyber-attacks are likely to become more common in international relations."

Predicting threats

The tool provides predictive analysis of the nations that are most likely to be engaging in cyber-warfare. The tool was developed after analyzing a number of major attacks undertaken since 2008 to try and determine whether any particular characteristics stood out that would allow future attacks to be predicted.

“These attacks set a precedent or stood out as unique in their intended effects,” the team explains. “Attribution of the attacks in our case studies was corroborated through public acknowledgment by the U.S. Government, persuasive arguments by researchers, or, in some cases, through self-identification by the attackers themselves.”

After assessing the details of each attack, a number of common factors stood out:

• Knowledgeable and organized cyber force - As the Harvard index highlighted earlier identified, a key component of the cyberattack capabilities of any nation is the skills available to them. The Johns Hopkins team goes further, however, and highlights the importance not only of a strong talent base but also the ability to deploy advanced technology against an enemy.
• Grievances that exist on a national level - Cyber attacks are an increasingly common international response when more traditional diplomatic measures are considered too mild, yet a military response too severe.
• Lack of fear of repercussions - Obviously few nations want open warfare, so the sense that they can conduct their attack without reprisals, whether these are economic, legal, military, or cyber-based, is a clear motivating factor. Nations will weigh up the potential risks and consequences of their actions before proceeding.
• The consistency of the attack with national security policy - A somewhat more complicated factor to consider is the overall alignment with the national security strategy of the country. These are often not things that are in the public domain so the researchers accept that a degree of guesswork is required to combine what is in the public domain with that which is not.
• Technological vulnerabilities identified in the attacked country - Last, but not least, are the vulnerabilities in the target country's infrastructure. Obviously, every networked architecture has vulnerabilities, but some will be more so than others. The researchers cite countries like Russia and China as difficult targets precisely because of the restrictive policies surrounding internet access and their relatively advanced technology.

Each of these factors is scored on a 1 to 5 scale, with higher scores signifying a higher likelihood of an attack occurring. The website provides 12 scenarios to illustrate the tool in action, with low-probability events, such as India attacking China, at one end, and high probability events, such as Israel attacking Iran, at the other.

The tool was developed in 2019 as the threat posed by things such as malware grew. The researchers, who have several decades worth of experience at the likes of the National Security Agency behind them aim to help policymakers and other officials understand where the risks are highest.

They have pulled together a CAPI Advisory Board, which consists of various project stakeholders. The group meets on a regular basis to discuss some of the hot-spots identified by the project and explore some of the implications of any cyber attacks that may unfold.

With cyber warfare an increasingly common occurrence, tools like this are likely to be part of a growing arsenal used to understand, predict, and subsequently defend against possible attacks.