Recent cyber-gatherings paint grim outlook for global security
Earlier this month, Las Vegas played host to a trio of influential cyber-security gatherings that attracted many of the global leaders for one of the world's more critical industries — information technology.
The events, BSidesLV, Black Hat USA, and DEF CON, are collectively referred to as "Hacker Summer Camp." They welcomed luminaries from the world of information security that included former Cybersecurity and Infrastructure Security Agency (CISA) director Christopher Krebs; national cyber director Chris Inglis; and, on the heels of a recently announced expanded cyber-partnership between the United States and Ukraine, the deputy chairman of Ukraine's State Service of Special Communications and Information Protection, Victor Zhora.
Among the prevalent themes, especially among government-associated individuals, was fear of increasing cyber-attacks originating from Russia and China.
This point was driven home emphatically by Ukraine's Zhora, who has seen his country suffer over 1,600 Russian-based "major cyber-incidents" so far in 2022, including DDoS attacks that took many of Ukraine's government agencies temporarily offline, as well as several new malware strains were discovered in the period leading up to and in the aftermath of the invasion. This proliferation of new malicious code included a large spike in data-wiping malware strains, which have the potential to be particularly damaging to both businesses and governmental organizations.
Zhora told Black Hat USA, "This [Russian Hacking Attacks] is perhaps the biggest challenge since World War Two for the world, and it continues to be completely new in cyber-space."
Ukraine, which has recently entered into a new expanded cyber-cooperation arrangement with the United States, was initially not thought to have the ability to stand much of a chance against Russian cyber-attacks, according to remarks made at DEF CON by national cyber director Chris Inglis. Inglis stated, "We didn't give enough credit to the Ukrainians for being able to defend cyberspace." Inglis continued, "I and a whole bunch of others would have said that the Ukrainians would have a really tough time defending themselves in cyberspace against the Russians, because the Russians have lots of capabilities."
According to the Memorandum of Cooperation between the U.S. and Ukraine, released late last month, the two countries will share information and best practices on cyber-incidents and participate in cyber-security training and joint exercises. "I am incredibly pleased to sign this MOC to deepen our cyber-security collaboration with our Ukrainian partners," said current CISA director Jen Easterly in a press release announcing the expanded partnership. "I applaud Ukraine's heroic efforts to defend its nation against unprecedented Russian cyber-aggression and have been incredibly moved by the resiliency and bravery of the Ukrainian people throughout this unprovoked war. Cyber-threats cross borders and oceans, and so we look forward to building on our existing relationship with the State Service of Special Communications & Information Protection of Ukraine (SSSCIP) to share information and collectively build global resilience against cyber-threats."
The rash of cyber-attacks that have come since the onset of the Russo-Ukraine conflict have also had implications for countries supporting Ukraine in the West, as Russian-based hacktivist organizations have taken to launching attacks against entities operating within countries that have provided material support to the Ukrainian government during the war.
Although much attention was given to the Russian threat, Vladimir Putin's country was not the only nation of interest among the participants at Black Hat. Former CISA director Christopher Krebs told the gathering that U.S. officials had advised him that they were "confident" that the tensions between China and Taiwan are "going to come to a head" at some point. Krebs stated that organizations should "manage risk yesterday" and attempt to figure out how these rising tensions may affect their supply chain and I.T. operations and other interests in Taiwan.
Another dominant cyber-related theme that has been increasingly talked about involves the U.S. midterm elections that are less than three months away. Election security, a subject of contention among conservatives that supported former President Trump and much of the political establishment and Intelligence Community, was also front and center earlier this month, as CISA's Easterly also expressed concerns regarding misinformation, disinformation, and even the possibility of threats to election officials. In advance of cyber-week, Easterly stated that CISA intends to continue using its Rumor Control website, which allows the agency to attempt to counter false election narratives. "I need to make sure that my resources and my focus are where we can make the most difference at the end of the day," Easterly said.
Most of the issues discussed in depth during cyber-week could be easily addressed if there were a marked increase in the global cyber-workforce. The lack of proper staffing has been a recurrent theme in 2022. Krebs mentioned during his Black Hat address that he found it "confounding" that the cyber-workforce continues to face major workforce shortages. After all, in his words, a cyber-security career was "fun, lucrative, durable, fascinating" — and, given that national security is at stake, "meaningful."
The threats facing businesses and the public sector will only multiply in the coming years. With for-profit hacking earning cyber-criminals billions of dollars via crimes involving ransomware and other online schemes, the future seems bright for the next generation of cyber-warriors. The question is, will Generation Z answer the call?
Julio Rivera is a business and political strategist, the editorial director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cyber-security and politics, has been published by numerous websites and he is regularly seen on National and International news programming.
Image via Peakpx.