In the grey area between espionage and cyberwar

Cybercrime: Malicious hackers develop corporate culture

Nation-state backed hackers continue to probe the defence, government and private sector networks on a daily basis, according to the head of the US military cyber forces, and understanding their intentions is a key challenge.

While espionage is the most likely aim, there is also concern that some of these incidents could be preparation for future attacks, according to Admiral Michael Rogers, head of US Cyber Command in testimony to the US Senate Committee on Armed Forces.

Special feature

Cyberwar and the Future of Cybersecurity

Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.

Read now

Many nations have been quietly probing the networks of other countries for years, looking for weaknesses that could be used in a future conflict, and perhaps even leaving behind code that could be used in the event of hostilities.

"We are particularly concerned as adversaries probe and even exploit systems used by government, law enforcement, military, intelligence, and critical infrastructure in the United States and abroad," said Rogers.

Also: Cybercrime: A spotter's guide to the groups that are out to get you | Understanding the military buildup of offensive cyberweapons | The impending disaster of industrial control systems | Ransomware attack: How a nuisance became a global threat

"We have seen states seeking to shape the policies and attitudes of democratic peoples, and we are convinced such behavior will continue for as long as autocratic regimes believe they have more to gain than to lose by challenging their opponents in cyberspace," he said in written testimony. US intelligence has said that Russia was behind the stealing and publication of emails from the Democratic campaign in the run up to last year's presidential election.

Rogers said that states are incorporating cyber attacks to support their military operations

"We are not yet seeing true, combined- arms operations between cyber units and 'kinetic' missions, although we have spotted hints of this occurring in Syria and Ukraine as the Russians attempt to boost the capabilities and successes of their clients and proxies," he said.

He said Cyber Command has seen indications that several states are investing military resources in "mining the networks" of the US Department of Defense (DoD) and its contractors.

"On a daily basis, state cyber actors coordinate and execute exploits and scans of the DoD Information Networks...as well as related governmental and private systems, he said.

This includes automated attacks and well-crafted spear-phishing attempts he said.

"A still-greater concern is the persistence of adversary attempts to penetrate critical infrastructure and the systems that control these services," he said, noting that countries including Iran, have attempted to penetrate critical infrastructure systems in the US.

"Infiltrations in US critical infrastructure--when viewed in the light of incidents like these--can look like preparations for future attacks that could be intended to harm Americans, or at least to deter the United States and other countries from protecting and defending our vital interests."

It's worth noting that the US likely probes the systems of other nations too, to seek out vulnerabilities, and one of the few recorded cyber attacks that did result in physical damage, Stuxnet, was launched by the US - against Iran.

US Cyber Command is mostly focused on defending US military networks through use of its 'Cyber Protection Teams' but also has the ability to attack through its 'Cyber Combat Mission Force' that support military operations. Cyber Command was created in 2010 and when at full strength -- finally expected by October next year -- it will have 133 teams and roughly 6,200 military and civilian personnel. Other countries including Russia, China and the UK are also believed to have significant military cyber teams but these are extremely hard to document.

Rogers said the cyberwarfare landscape was continuing to evolve.

"The fact that it is not killing people yet, or causing widespread destruction, should be no comfort to us as we survey the threat landscape. Conflict in the cyber domain is not simply a continuation of kinetic operations by digital means, nor is it some science fiction clash of robot armies. It is unfolding according to its own logic, which we are continuing to better understand."

Read more on cyberwarfare

• Governments and nation states are now officially training for cyberwarfare: An inside look
• The new art of war: How trolls, hackers and spies are rewriting the rules of conflict
• Inside the secret digital arms race: Facing the threat of a global cyberwar
• The undercover war on your internet secrets: How online surveillance cracked our trust in the web
• The impossible task of counting up the world's cyber armies