Earlier this month, Las Vegas played host to a trio of influential cybersecurity gatherings that attracted many of the global leaders for one of the world’s more critical industries – information technology.
The events, BSidesLV, Black Hat USA and DEF CON, are collectively referred to as “Hacker Summer Camp,” and welcomed luminaries from the world of information security that included former Cybersecurity and Infrastructure Security Agency (CISA) Director, Christopher Krebs, National Cyber Director Chris Inglis, and on the heels of a recently announced expanded cyber partnership between the United States and Ukraine, the deputy chairman of Ukraine’s State Service of Special Communications and Information Protection, Victor Zhora.
Among the themes that were prevalent, especially among government associated individuals, was concern regarding fear of increasing cyber-attacks originating from Russia and China.
This point was driven home emphatically by Ukraine’s Zhora, who has seen his country suffer over 1,600 Russian-based “major cyber incidents” so far in 2022, that include DDoS attacks that took many of Ukraine’s government agencies temporarily offline, as well as several new malware strains were discovered in the period leading up to, and in the aftermath of the invasion. This proliferation of new malicious code included a large spike in data-wiping malware strains, that have the potential to be particularly damaging to both businesses and governmental organizations.
Zhora told Black Hat USA that, “This (Russian Hacking Attacks) is perhaps the biggest challenge since World War Two for the world, and it continues to be completely new in cyberspace.”
Ukraine, which has recently entered into a new expanded cyber cooperation with the United States, was initially not thought to have the ability to stand much of a chance against Russian cyberattacks, according to remarks made at DEF CON by National Cyber Director Chris Inglis. Inglis stated, “We didn’t give enough credit to the Ukrainians for being able to defend cyberspace.” Inglis continued, “I and a whole bunch of others would have said that the Ukrainians would have a really tough time defending themselves in cyberspace against the Russians, because the Russians have lots of capabilities.”
According to the Memorandum of Cooperation between the US and Ukraine that was released late last month, the two countries will share information and best practices on cyber incidents and participate in cybersecurity training and joint exercises. “I am incredibly pleased to sign this MOC to deepen our cybersecurity collaboration with our Ukrainian partners,” said current CISA Director Jen Easterly in a press release announcing the expanded partnership. “I applaud Ukraine’s heroic efforts to defend its nation against unprecedented Russian cyber aggression and have been incredibly moved by the resiliency and bravery of the Ukrainian people throughout this unprovoked war. Cyber threats cross borders and oceans, and so we look forward to building on our existing relationship with the State Service of Special Communications & Information Protection of Ukraine (SSSCIP) to share information and collectively build global resilience against cyber threats.”
The rash of cyberattacks that have come since the onset of the Russo-Ukraine conflict have also had implications for countries supporting the Ukraine in the west, as Russian-based hacktivist organizations have taken to launching attacks against entities operating within countries that have provided material support to the Ukrainian government during the war.
Although much attention was given to the Russian threat, Vladimir Putin’s country was not the only nation of interest among the participants at Black Hat, as former CISA Director Christopher Krebs told the gathering that US officials had advised him that they were “confident” that the rise in tensions between China and Taiwan are “going to come to a head” at some point. Krebs stated that organizations should “manage risk yesterday,” and attempt to figure out how these rising tensions may affect their supply chain and IT operations and other interests in Taiwan.
Another dominant cyber related theme that has been increasingly talked about involves the US midterm elections that are less than 3 months away. Election security, that was a subject of contention among conservatives that supported former President Trump and much of the political establishment and intelligence community, was also front and center earlier this month, as CISA’s Easterly also expressed concerns regarding misinformation, disinformation and even the possibility of threats to election officials. In advance of cyber week, Easterly stated that CISA intends to continue using its Rumor Control website, which allows the agency to attempt to counter false election narratives. “I need to make sure that my resources and my focus are where we can make the most difference at the end of the day,” Easterly said.
Most of the issues discussed in depth during cyber week could be easily addressed if there was a marked increase in the global cyber workforce. The lack of proper staffing has been a recurrent theme in 2022. Krebs also mentioned during his Black Hat address that he found it “confounding” that the cyber workforce continues to face major workforce shortages. After all, in his words, a cybersecurity career was “fun, lucrative, durable, fascinating,” and given that national security was at stake, “meaningful.”
The threats facing businesses and the public sector will only continue to multiply in the coming years. With for-profit hacking earning cybercriminals billions of dollars via crimes involving ransomware and other online schemes, the future would seem bright for the next generation of cyber-warriors. The question is, will Generation Z answer the call?
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by numerous websites and he is regularly seen on National and International news programming.