“The brutal Russian invasion of Ukraine has transformed the context of cybersecurity” worldwide, said British National Cyber Security Center CEO Linda Cameron.
Speaking at the Tel Aviv University Cyber Week on Tuesday, Cameron said that the lives of millions of innocent people are in jeopardy due to cyber threats, just like on the battlefield, but that “Ukrainian cyber defenders repelled the attacks and are real heroes.”
Even as the world is focused on the Russian threat to Ukraine and Eastern Europe, the UK cyber chief said, “We must not lose sight of the longer-term strategic challenges from China as a technological and economic power,” since Beijing is spreading across the globe with “cyber and technology for control.”
When tech is used by the wrong hands
She warned of using technologies developed by authoritarian countries that could be used to passively and quietly influence and limit the choices of people in free countries.
“The democracies of the world have to develop technology and systems that avoid products that are not in line with our values,” said Cameron.
Moreover, she added, “I hope the Start-Up Nation of Israel can play an important role” in providing the free world with such technologies. "Ransomware attacks strike hard and fast, evolve rapidly, and are all-pervasive, lowering the bar for entry into cybercrime.”
When the attacks don't stop
While democracies are starting to better handle mega cyber attacks, she said, they are still behind in fending off hundreds of medium and smaller attacks picking off small and medium businesses that can also impact the country’s stability.
Cameron said the key to combating ransomware was to drive down the profit to make it “an unprofitable and unattractive business” for cyber criminals.
Cameron highlighted her agency’s successful removal of 3.1 million malicious URLs in 2021, handling more than six billion requests for protection from DNS issues, and shutting down 76,000 online scams based on referrals of suspicious emails from the British general public.
Top US official on cybersecurity Anne Neuberger agreed that Russia’s attack on Ukraine profoundly affected the international system, including in cyberspace.
The deputy national security adviser and former top NSA cyber official highlighted various executive orders by the Biden administration that have shifted the burden of responsibility for hacks to corporations that could prevent the hacks, whether they are a direct service provider or a software supplier.
Neuberger listed four key areas to improve in:
- Securing critical infrastructure to protect national decision-making and making software more secure;
- Working with partners to prepare for cyber incidents before they happen, including expanding cyber resources aid to allies as was done in Ukraine;
- Reinforcing norms of enforceable cyber, including at the UN and a 36-nation counter-ransom ware initiative;
- Implementing the Department of Defense’s “defend forward” approach of holding state and non-state actors responsible for attacks, just like in the physical world.
US National Cyber Director Chris Inglis said everyone must realize that the cyber sphere should be subordinate and does not exist for its own sake.
Recalling the Colonial Pipeline mega hack that shook the US petroleum industry, Inglis said what was so disconcerting was that it was caused by “one single individual, whose private network was not properly configured.”
Recalling the Colonial Pipeline mega hack in May 2021 that shook the US petroleum industry, Inglis said what was so disconcerting was that it was caused by “one single individual, whose private network was not properly configured.”
He said the hackers “found if they beat one person, they could beat us all. This is a terrible situation. We need to make it so that to beat any one of us, they need to beat all of us. We need to not just get the technology right, we need to get the doctrine right. We need to get people in the right place and then we can bend technology” to the purposes society designates it for.
Furthermore, Inglis overlapped with Neuberger, calling for enforcing cybersecurity by design on suppliers and manufacturers so that security is not seen as an optional afterthought.