The United States may have left classified or sensitive intelligence behind as US forces withdrew and evacuated from Afghanistan. That information might now be in the hands of the Taliban. There was also a report this week about an alleged cyber breach at the US State Department. These are both concerns with potential implications for national security, but there is no need to panic.
Terrorist organizations use cyber capabilities for overseeing command and control of physical operations, and fundraising. The internet is also a powerful tool for radicalizing and recruiting and spreading propaganda.
I do not believe the Taliban has the cyber capabilities necessary for offensive cyber operations or cyber espionage. I also don’t think it’s a priority for them at this point. Now that they have control of the wealth and resources of an entire country, that could eventually change. For now, the cyber risk posed by any intelligence the Taliban may have would only be a concern if they shared it with or sold it to a more capable adversary—like Russia or China.
What about the alleged breach at the US State Department? When we are talking about a US government agency like the State Department, it is easy to jump to the conclusion that it was a nation-state attack—but that is not necessarily a good assumption.
The US State Department networks and data are most likely under constant siege. They have to deal with all of the standard threats circulating on the internet, and they also have a larger bullseye on their back that attracts hacktivists, nation-states, terrorists, and other groups. There has been no official confirmation of the attack and no details have been shared, so it is hard to say.
The Taliban and the State Department data breach both have potential national security implications, but neither event seems to pose a significant risk based on what we know. The bottom line, though, is that we have to be prepared to defend regardless.
I have been on both sides of nation-state cyber engagements. Defenders have to protect against all attacks. Every time. Some nation-state adversaries have more advanced or sophisticated cyber capabilities, but that is not an excuse. An attack is an attack. Government agencies and private organizations cannot just shrug their shoulders and accept an attack because it came from a nation-state.
That is still true even if the Taliban has classified intelligence, or attackers have data from a State Department breach. It is true whether an attack has national security implications or not.
Where the attack originated or how the attacker got into your network isn’t important. If you have the right tools in place to identify suspicious or malicious behavior early in the attack sequence, you can take action before damage is done and stop the attack.
About the Author
Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.