Examples of Cyber Warfare #TrendTalksBizSec

Jon Clay, VP of Threat Intelligence: [00:00:00] Hey welcome everybody. Jon Clay, VP of Threat Intelligence here at Trend Micro and welcome to another episode of #TrendTalksBizSec. Joining me again is my cohort in crime.

Ed Cabrera, Chief Cybersecurity Officer: My name’s Ed Cabrera. I’m the Chief Cybersecurity Officer at Trend Micro. It’s great to be here.

Jon: You know, interesting Ed, I recently was able to travel to Switzerland, to Davos for the World Economic Forum, as part of our Cybersecurity Tech Accord Allegiance. They got me to speak at a panel there and the topic was quite interesting. It was about hybrid warfare and cyber warfare. And while there was a really good discussion during it, and you can actually find it online – it’s on YouTube – if you want to take a look at it. But we didn’t cover a number of areas that I thought we were going to cover, but we didn’t.

So I thought you and I [00:01:00] could take time today and talk a little bit about cyber warfare, hybrid warfare. Obviously, with the issues going on with Russia and Ukraine, we’re starting to see this. Any initial thoughts around this? Maybe explain to the audience what hybrid warfare or cyber warfare is.

Ed: Well, yeah, absolutely. There’s been this thought process and planning for many, many years as cyber has become that fifth domain from a Department of Defense perspective. The Department of Defense has always wanted to, and their goal is to, maintain dominance across all domains.

Cyberspace now is critical and one of the key domains out there. And so, when we talk about in terms of cyber conflict, cyber war, it has usually been in the context of just [00:02:00] another element within that 360-degree dominance that they hope to achieve in any conflict of war. Cyber is that one space such as air dominance, for example, right?

Whatever conflict you go into, a war be it, you want to maintain air dominance. And cyberspace is just one of them now, but we’re getting into this unique area which we anticipated…could cyber conflict be the main domain that is being acted upon? So instead of doing the kinetic or traditional, physical aspects of it, could you have cyber war be the only element that is happening?

I think the Russian invasion of Ukraine has really brought that up to a different level in that discussion and what we’re actually seeing. We’ll talk about it [00:03:00] here now, but I think when we talk in terms for, especially for here is like cyber conflict, cyber war, or hybrid, and the hybrid piece is just a definition of kinetic and cyber.

Jon: Right. One thing we obviously are seeing is that cyber is going to have a part to play in any upcoming conflict, but it may not be as big as what people thought. You know, we were thinking, we could do away with the tanks and the air force and all that. And you just have computers fighting it out. But obviously that’s not the case as we’re seeing with Ukraine and Russia, right?

Ed: No, absolutely. We’ve thought of cyberwar as being this dominant part of any conflict, but there’s still so many physical, critical infrastructure types of kinetic [00:04:00] targets and goals or objectives that you need to achieve in any conflict.

So cyber is still critical as we become more hyper-connected. As we approach ubiquitous computing, ubiquitous connectivity, cyber then becomes very relevant. But as we’ve seen, it’s an interesting concept because traditionally cyber has just been more of an information gathering or cyber espionage tool to aid any type of conflict. But now with critical infrastructure across the globe being much more hyper-connected and being a richer target from a cyberspace perspective, now we do see that now cyber becomes a more dominant role in this.

Jon: Yeah, and what’s interesting is years ago we saw where Russia [00:05:00] took down the energy plant in Ukraine, but in a real warfare, maybe bombing that plant would be a much more effective thing than trying to take it offline.

Ed: Well, I mean, it still serves a purpose if you’re able to knock down the power or communication, the real two top tier critical infrastructure. If you’re able to eliminate communication and power, you have disrupted and/or created enough opportunity on the kinetic side or the physical side to be able to come and do more damage.

Like any conflict, we’re all kids of understanding war and conflict, unfortunately, but command and control is necessary for any conflict. That’s one of the first areas on either side they’re looking to obtain dominance, is to knock out the command and control. And what is that? Power and communications.

Jon: I think the [00:06:00] other aspect that we’re seeing is the misinformation and disinformation campaigns that can be done via cyber to make the citizens of the country that’s being attacked unaware, or they don’t know what to do, where to go, because we’re so connected now to the internet for information.

If you can do a misinformation campaign to disrupt that, I think that’s one of the areas we’ll see a big time with future conflicts, especially in the initial stage. When you’re first going in, you start that initial disinformation misinformation campaign, and then you continue it throughout the campaign.

Ed: Oh, absolutely. It’s nothing new. Information warfare, PSYOPs, psychology operations – you name it. It’s already been in existence, but social media, 24/7 news cycles have made it even more important to where it’s an integral part.

Jon: We don’t need to [00:07:00] drop the pamphlets out of the plane anymore.

Ed: Exactly. You don’t need to – everybody’s got a phone, right? So, you’re able to instantaneously provide some type of propaganda or misinformation around the globe. That is more important now more than ever, is that ability to do that. And then, we’ve talked about this, right, it’s the deep fakes of audio, video, and everything else.

Jon: They could have done a deep fake of Zelensky talking about something that could have caused panic inside the country. Think about something like that happening. That’s what you’re probably going to see in the future as well.

One other area that we didn’t talk about that I thought was pretty interesting was around cyber mercenaries. In the past, you had the soldiers fighting the war between it, right? But now with cyber, you have these cyber mercenaries that aren’t [00:08:00] necessarily in the military complex. They’re regular citizens. We’ve got Russian cyber mercenaries targeting people outside and targeting Ukraine, but we also have Anonymous from the outside targeting Russia.

How do we deal with cyber mercenaries? Are they combatants? Are they non-combatants? What are your thoughts on that?

Ed: Yeah, well, again, everything that we see in cyberspace is a direct analogy on the physical side. So, war by proxy has been around forever. Such as the term mercenary, right?
This just makes it unique. Let’s look at logistics and how to utilize mercenary forces on the physical side in any conflict. You still need to identify them. You need to pay them. You need to get them to the battlefield. You need to equip them.

There was a lot of [00:09:00] logistics associated with it. Now you take cyber, and you take cyber mercenaries, regardless of their affiliation. They could be patriotic hackers, they could just be guns for hire or cyber guns for hire, so to speak. So they can come from different flavors. But the one thing that is unique across the board is that you could stand them up very quickly.

There is also the ability to create false flag operations. You can have countries create cyber operations against any adversary and then make it look like it’s coming from another group. There is not only the actual mercenaries, who they are, where they are, and how do you combat or defend against them.

But now it’s like, are they really mercenaries? Are they really just uniform soldiers behind keyboards? So [00:10:00] it’s an interesting thing that nobody really likes to talk about it. I suspect really the reason why it wasn’t brought up in Davos is that it is a very gray area that both sides utilize and take advantage of.

Jon: I think nation states are going to have to deal with that and maybe come up with some thoughts and policies around this. One thing, Ed – obviously, cyber war, hybrid warfare is probably here to stay. When you think as nation state, what should a nation state be looking at for the future? Are there certain industries, or certain areas that they should focus a lot of their efforts on ensuring that they’re protecting those areas of their country?

Ed: Yeah, sure, absolutely. Just like on the physical or kinetic side, we need to be very cognizant of our critical infrastructure. The Department of Homeland Security (DHS), [00:11:00] they’ve created 16 critical infrastructure sectors and there’s been talk about bringing those down. But we really need to understand what is critical. I mean, we saw that with the pipeline attacks, we saw that, like you said, from the Ukraine and power attacks, we saw that in the advisories from DHS and FBI of Russian actors probing our energy sector.

Obviously, this is where our focus needs to be, hands down. So, it’s anything that disrupts our critical infrastructure, our own supply chains and, yes, from a military perspective for obvious reasons, but it’s also for us on a day-to-day operational perspective. Our financial sector is much stronger and more mature, I would say, comparatively to other sectors.

But the one thing is that if you do maintain or are able to have an impact, [00:12:00] you look at the economy now and you look at the market the way it is now, everything that we’re going through, from inflation to supply chain issues, it doesn’t take much to have an additional impact.

These are the things that I think countries across the globe need to understand, especially here in Western countries, and especially NATO countries, understanding that they need to be shoring up, and almost like DHS says in their program, Shields Up, is really focused on being proactive and protecting those critical sectors.

Jon: I think one sector that we talked about earlier, but we really need to think about is the news industry. Because again, that’s where we’re going to get our information if a conflict does come up. And so we’ve got to make sure and maintain the news capability, we’ve got to maintain that they are delivering what they say they’re delivering; what’s truth, what isn’t truth, and flagging that kind of [00:13:00] information.

Ed, this has been a great discussion. I really appreciate that we were able to tackle this one. It’s something we can probably continue to tackle as we continue to see this evolve with the Russia-Ukraine conflict that’s going on and seeing how that shapes up.

Ed: This is one of my favorite topics, obviously.

Jon: Well, everybody, thanks for joining us again. On episode four of #TrendTalksBizSec. We’ll be back in two weeks to talk about another topic and Ed and I are enjoying these. You can certainly follow us on Twitter, on Facebook, on LinkedIn, as well as on YouTube with these. So, take care, have a great day. Thanks Ed. Have a good day. [00:14:00]

Additional Resources:

Link to #TrendTalks YouTube playlist where the rest of Jon and Ed’s videos live: https://www.youtube.com/playlist?list=PLZm70v-MT4Jobcu4xqIx4_aSkzL_kPX_M

Link to Jon’s panel discussion in Davos: https://www.youtube.com/watch?v=GAZng8u9FXk

Jon’s social media: @jonlclay (Twitter), https://www.linkedin.com/in/jon-clay-0880512/ (LinkedIn)

Ed’s social media: @Ed_E_Cabrera (Twitter), https://www.linkedin.com/in/ed-e-cabrera/ (LinkedIn)



Source link