How Western states shield themselves against large-scale cyberattacks

“Raise the shields! This repeated slogan of the American authorities calling for strengthening the computer security of the United States was not enough to stop the hackers from Volt Typhoon. On Wednesday, Washington accused this group of cyber attackers of having prepared the sabotage and espionage of critical infrastructures in unprecedented proportions .

Based in China and probably financed by Beijing according to Microsoft experts who have analyzed their campaign, these aces of data exfiltration should however have an increasingly difficult task in the coming years. Because, through regulations and injunctions to the private sector, Western states are shielding their lines of defense in cyber space.

Oblige critical companies to protect themselves

The first to be threatened, the private operators who manage or own critical infrastructures are called upon to take the danger seriously. The computer paralysis of a pipeline in 2021 in Florida had, for example, generated monster queues for several days at gas stations throughout the eastern United States. Thus, the new US cybersecurity strategy, updated last March, imposes certain protective measures in key sectors such as oil pipelines, rail, aviation and water networks.

“The federal state cannot do it alone and therefore tells private companies that they will have to get started too”, observes François Deruty, head of cyber research for the specialized French start-up Sekoia. In Europe, the same type of requirements will apply from next year following the revision of a directive on network security, but for more sectors than in the United States. Banking, health and digital services will be affected.

Empower tech groups

On both sides of the Atlantic, the authorities also want to increase the pressure on technology companies, sometimes at the origin of gaping security flaws through negligence – without being held responsible for it so far. Thus, Volt Typhoon first succeeded in thwarting the security of Fortinet software in an unprecedented way before abusing non-secure default routers from Asus, Cisco, D-Link, Netgear or even Zyxel. In the future, failure to apply a security patch could cost them dearly.

Faced with an ever-evolving threat, many cyber defenders also want better information sharing. The European Commission even goes so far as to imagine a network of cybersecurity centers ready to give the alert to all of its Member States. “But in practice, the declification of the most useful information is very complex”, underlines Rayna Stamboliyska, specialist in geopolitics of cybersecurity.

Share information

In France, an Intercert network already exists to coordinate all the incident response centers implemented by this community of companies and administrations. “It is essential for the identification of attacks”, judges Olivier Pantaléo, the boss of Almond, a French cybersecurity company.

Few information sharing, except with their closest Anglo-Saxon allies, the United States relies on its side on the vast cyber research teams of Microsoft and Google Mandiant. The federal services preferring to concentrate on the elimination of the threat, that is to say the destruction of the adversary’s networks and computer probes.