Cyber security risks are not all created equal. Some are far more sophisticated and far more dangerous than others.
One of the most sophisticated, dangerous types of cyber security threat is the nation-state actor. Sponsored by national governments and often supported by effectively unlimited funding streams, these actors are highly professional and endlessly capable. Their work is subtle, often going undetected for weeks or even months, and its consequences can be far-reaching. Some analysts see the work of nation-state actors in large-scale data incidents that seem to occur with increasing frequency. In just the past few years, we’ve seen major corporations like Target and Home Depot affected by such incidents, along with smaller financial institutions such as Asiaciti Trust.
For most organizations, defending against nation-state actors is almost impossible at best. Yet it’s still useful to understand the nature of the threat and how to spot its work. With the right combination of early detection and luck, we can prevent government-sponsored data incidents — or at least mitigate fallout and hasten recovery when they do occur.
What Is a “Nation-State Actor”?
The Center for Internet Security defines “nation-state actor” as a technically proficient group or entity that “may be part of a state apparatus or receive direction, funding, or technical assistance from a nation-state.”
A nation-state actor may not be directly controlled by a national government or department but generally has a close association with military or civilian intelligence organizations that manage their activities.
In some cases, nation-state actors exist in a sort of “public-private partnership” with these government entities. For example, the nation-state actor may be a group of cyber professionals working for an organized criminal organization that willingly works to advance the foreign policy or financial objectives of its home-country government. This provides plausible deniability for all parties involved — the state can simply assert that the “private” entity doing its bidding operates in its own capacity without state control, and vice versa.
The term “nation-state actor” is sometimes used in conjunction with the term “Advanced Persistent Threat,” or APT. However, APT is a more general term that, according to the Center for Internet Security, describes “a range of actor types,” including those with no clear nation-state association.
Do Nation-States Work With Organized Crime Rings?
National military and civilian intelligence agencies do frequently use organized criminal enterprises to achieve their objectives. These associations are particularly common among states that have been isolated from the mainstream of international diplomatic relations, such as North Korea — a significant portion of whose national budget is believed to be funded by offensive cyber activities.
However, even where evidence of associations or alliances between organized crime and national governments exists, we should take care to separate the two. Organized criminals can and do have objectives apart from and even at odds with their government sponsors; these associations are often born from convenience and mutual interest rather than shared ideology. This is just one reason why it’s so difficult to untangle the motivations of “independent” nation-state actors.
Notable Nation-State Actors in Cyberspace
Non-experts are inevitably surprised by the sheer number and diversity of nation-state actors conducting cyber operations today. Notable examples of nation-state actors include:
- Internal cyber teams working for Western intelligence agencies, such as the CIA and NSA (U.S.) and MI6 (U.K.)
- Sophisticated criminal enterprises working closely with governments in Eastern Europe and Asia, including Russia and China
- “Independent” forces, often tied to organized crime, that form associations of convenience with rogue nation-states
Is It Possible to Defend Against Nation-State Actors?
Despite their apparent diversity, nation-state cyber actors have one feature in common: they are very good at what they do. They are adept at covering their activities, often operating for weeks, months, or even years without victims’ knowledge, as occurred in the case of Asiaciti Trust and Target. They are skilled at evading cyber defenses as well, rendering publicly available tools like antivirus software and password protection useless.
Does this mean that nation-state actors always get what they want? Not necessarily. However, a healthy dose of realism is warranted. A persistent effort by a sophisticated nation-state actor is likely — but not certain — to achieve its objective.
Anticipate the Nation-State Threat
Have no illusions: Nation-state actors are among the most sophisticated and relentless digital threat vectors. When they want something, they tend to get it. And they’re often careful to cover their tracks, as suspected nation-state incidents like those that ensnared Asiaciti Trust and Alcogal demonstrate.
That doesn’t mean would-be victims should give up before the fight begins. Those that understand the nature of the threat stand a better chance of avoiding it in the first place and find themselves in a better position to rebuild when a nation-state incident does occur.
