On the 2nd day of CYBERSEC Global 2020, the conversation focus has been put on business and defence matters.
Looking at companies with the biggest valuations, it’s clear that technology companies have outgrown old businesses such as the oil and gas industries. This exposes what is the most valuable today–it’s data. We would be naive to believe it wouldn’t go unnoticed by adversarial actors and the news we keep hearing every day is the most visible proof.
This makes the data a strategic resource that is so valuable that hackers want to steal it or encrypt it and get ransom, but also that data is the basis for intelligence and an important reason over which cyberwarfare can be and will be led. In these settings, the strategic targets have shifted from oil resources to digital assets that can be attacked from remote locations.
The single point of failure–as Andrzej Dopierała, President of Asseco Data Systems Management Board pointed out–is humans. It’s much easier to use psychological tricks to make a person click a link to gain access than to break through firewalls and other security measures.
The criminals and adversaries can adapt rapidly to the new circumstances as the COVID-19 pandemics showcased–the amount of pandemic-themed cyber attacks have risen exponentially. This is what all involved in cybersecurity need to stay ahead of–not only to avoid attacks, but also to provide business continuity.
How? Flavio Aggio, CISO at WHO, states clearly–zero-trust policies and cloud migration. As he observes, organizations such as WHO, which migrated to cloud ahead of pandemics, had a smooth transition to remote work. Zero-trust policies ensure that the security won’t be breached or at least it won’t be breached easily even with most employees working from outside of the secured office environment. Michael Bem–Executive Director and CISO at UBS–adds that there is a requirement for businesses pushing to have secure solutions, especially now, during the pandemics with all its implications.
Tom Burt, Corporate VP of Customer Security & Trust at Microsoft, thinks that over 90% of cyber attacks can be avoided with Multi-Factor Authentication built into systems. This thought is backed by the fact that hackers don’t pick a target and look for vulnerabilities, rather than engage in sophisticated surveillance waiting for an occasion to pursue attacks against entry points.
According to Microsoft’s observations, the origin of as much as 52% of cyber attacks are from Russia. Other states involved in this activity are Iran (25%), China (12%), North Korea, and others (11%). What’s more, over 52% of the targets are NGOs, government organizations, and higher education institutions.
Although businesses need to think of their defence similarly to states, it seems that the cyber risk is even higher on the state-level.
The European Union already acknowledges the plans to maintain digital sovereignty. As Annagret Kramp-Karrenbauer–Federal Minister of Defence of Germany–summarized, five plans of action have been identified: use trustworthy technology from various manufacturers, building up key technologies, maintaining core command and control capabilities, increasing innovation capabilities, and promoting digital consequences.
5G is an exceptional technology for business and also for modern battlegrounds. Following Riho Terras–a European Parliament member and former Commander of the Estonian Defence Forces–although previously new technologies originated in the military and were populated to general users, the technology developed after the Internet invention worked the other way around.
This creates a challenge for 5G that enables technologies such as Artificial Intelligence, Virtual and Augmented Realities and Autonomous Weapons on battlegrounds, but on the other hand–have a lot of holes and backdoors since they weren’t designed with military standards.
The benefits the defence forces could gain outgrow the challenges of using 5G, however the technology needs to become secured as it will also become a part of strategic infrastructure. The 5G end-users can benefit from these circumstances with higher levels of privacy and security, building trust in using it. The trust in technology security has been also identified by Daniel Ahn, Senior VP of R&D Software Security at Samsung as one of the key security practises for the connected users.
Some ways to lead modern conflicts are as old as information warfare–whoever knows more on the battlefield, gains advantage. This old idea is exploited in a new manner today, using the open character of social media to spread misinformation and effectively create circumstances to suit one’s agenda. We are witnessing it even now, in the re-ignited conflict between Azerbaijan and Armenia over Nagorno-Karabakh where social media is used to spread different narrations.
Fake news has been identified as an important challenge since the 2016 US presidential election and many actions have been undertaken to prevent them from spreading by bringing together stakeholders from governments, tech giants, and other parties involved. Effective rapid identification and blocking of fake news will allow us to contain information warfare from causing state-wide effects, and preventing adversaries from manipulating social moods.
What’s ahead? We may already be looking at the technology that will become the future military game changers. Bob Wells, Chief Scientist at NATO, thinks machine learning, big data, automation, and robotics will shape future arms, however correct combinations need to be discovered to unleash their maximum potential. The key to discovering this will be NATO’s research team gathering over 500 of the world’s best scientists coming from 18 out of 20 top universities.
NATO has already recognized cyber space as an operational domain in 2016, and in 2019 they also identified the outer space for it. This is a rather vivid example of the pace at which modern warfare is evolving and what it will reach.
There may be similar patterns around handling cyberspace and outer space. Just as we needed to find a way for international cooperation on exploring the unknown, the outer space, we need to find a set of rules for cyberspace. As Ambassador Sorin Ducaru–Director of EU SatCen–identifies that two spaces are bound together as assets in outer space rely on computers processing high volumes of data as well. This is why we need to make cybersecurity a global effort to not only secure our states and businesses, but also secure the outer space and whatever might be ahead of us.
The fruitful discussions of the second day have come to an end. On 30th September, the last day of CYBERSEC Global 2020 will take us through special formats with invitation-only sessions and the discussion on geopolitics of emerging technologies.