Cybersecurity and IT Experts Discuss The Cybersecurity Aspects of President Biden's Speech
Cybersecurity and IT experts have been reflecting on Biden's recent news conference and addressing concerns about whether real progress will be made after a rising increase in high-profile ransomware attacks. For the majority, the conclusion is: It is too early to tell. Before the meeting between Biden and Putin, cyberattacks for ransom emerging from Russia have created a high level of concern over the United States' national security challenges.
Concern over Russia's connection to the attacks increased after a Russian criminal group was suspected to be behind the Colonial Pipeline ransomware attack and the JBS USA Holdings Inc attack. Biden confronted Putin on a variety of aspects, particularly ransomware and other cybersecurity concerns. While there was no tremendous resolution or breakthrough after the summit, both sides agreed to have further talks about cybersecurity concerns.
What message does Biden's speech, which says 16 critical infrastructures are off-limits for Russia, send? Does it imply that the other sectors are up for grabs?
Experts in the security and IT industries have taken on the task of informing inquiring minds about speech and what lies ahead. Biden gave Putin a list of 16 critical infrastructures that were off-limits to attacks.
''I talked about the proposition that certain critical infrastructure should be off-limits to attack period - by cyber or by any other means", said Biden. We asked a few experts what type of message they believe this statement will send Russia and if this implies that other sectors are up for grabs, and this is what they had to say:
''This is a pure a political message to appease the American people. As a public figure, Biden needs to 'send a clear message' to bring a sense of security to the people. There is no impetus for Russia or another group to stop hacking activities. One of the main goals for a hack is not to cause havoc to a system, but to control it and gain valuable information as quietly and unobtrusively as possible. Destroying a system would simply alert the security staff to your presence'', said Carl Fransen, CEO and Founder of CTECH Consulting Group.
Ashu Singhal of Orion Networks believes that there could be an uptick in attacks in other sectors after President Biden listed 16 ''exemptions'':
''It depends. We may actually see an overspill of increased attacks in other sectors. If Russia does try to curtail any activity originating from Russia on these sectors, we might see an increased focus on other sectors. Or worse now folks who didn't know it was a good business are more aware and try harder to get into Ransomware as a service business. In general, if you are in sectors other than the original 16, I would advise you to be cautious and ramp up on your efforts to protect your infrastructure'', said Singhal.
Matt Bullock, of Accelera IT Solutions, believes that the group behind the Colonial Pipeline ransomware attack went too far with their actions. Bullock stated:
"Russian-based hacker groups went a little too far with the Colonial Oil Pipeline ransomware attack. President Biden's speech is really telling Russia that the US can do the same back to them. Up to this point, US-sponsored computer hacking has been for commercial and defense data gathering. Although President Biden took a structured and diplomatic approach, the message is that if you want us to leave those 16 critical sectors alone on Russian soil, stay away from our critical infrastructure.''
What message does it send to other countries, when he says, "avoid US critical infrastructure"?
With Biden declaring to other countries that they should avoid US critical infrastructure, will this make a difference? Will it lead to fewer attacks on US infrastructure? Fransen is not certain that this particular message will be heard loud and clear because this is the same type of message that has been delivered in the past, he said:
''Telling countries to avoid attacking US critical infrastructure has little effect since this is the old way of fighting a war. The combatants are no longer other countries with vast militaries. They are single individuals or a small group of technical experts who want to make money. They would scan after vast areas of the Internet, regardless of the geographic location to see if they can break-in. An American company can have services activity and legally hosted in Russia, China, Iran, etc. just to do their daily business.''
Bullock believes this statement will send a message to other countries that the US can retaliate against them if they attempt to perform any attacks to any critical US infrastructure. Bullock said, ''President Biden, in a blanket statement, put the rest of the world on notice that we can take out their critical infrastructure quite easily if they want to try and cause problems with our infrastructure.''
Would the NATO agreement that cyber is covered (attack on one is an attack on all) mean NATO countries are covered?
Cyberwarfare has become such a major issue that NATO's Article 5 covers it. Under the NATO agreement that cyber is covered, will this mean that all NATO countries will be covered? We gathered some insight from the experts, and they shared their thoughts:
Fransen said, ''NATO is a traditional military with soldiers, tanks, planes, and ships to prevent Russian military aggression. They are not designed or have the proper infrastructure to defend against or wage a full cyberwarfare campaign. Also, it is very difficult to conclusively prove that an attack was government-sponsored. It could be a teenager on their parents desktop attacking a government facility. And if one member of NATO accuses another country, what can they really do? Are they going to launch a full-out traditional invasion?''
Bullock shared similar insight as Fransen regarding proving the origin of an attack. Bullock said the following, ''Since the origin of a hacker attack is often hard to identify (was it state-sponsored or a group sympathetic to the government, etc.), the NATO policy doesn't have much "teeth" to do anything against a nation-state if the attack was shown to come from that country. Each country needs to let other countered know that they are willing to counter-attack if necessary. Cyberwarfare puts all countries on an equal footing. It no longer depends on how many missiles and armies you can afford to build - you just need really good computers and smart computer engineers. Everyone has those assets these days.''
What about non-NATO countries -- is it open season on those not covered?
Biden voiced his concern about Russian pressure on Ukraine, a non-NATO country, but did not raise concern regarding other non-NATO countries. Does this mean those non-NATO countries will not be covered? Fransen noted, ''NATO is not a deterrent against cyberwarfare. And every country, regardless of the strength of their military, is being continuously attacked by random individuals and state-sponsored hacking."
Bullock said, ''Computer hacking is 90% for commercial espionage and to determine military capabilities (projects in development, etc.). Most countries aren't high-value targets and the information gained from those countries doesn't have nearly the financial and military impact as getting information from the USA, Russia, China, etc.''
Where does this leave critical infrastructure in those other countries, and do they define it the same way the US does or differently? What could this mean for their own security?
When asked for his opinions on the critical infrastructures in other countries and if they view their infrastructures in the same manner as the US, Fransen stated, ''Both public and private businesses are required to have adequate security to protect them against an attack. Most government departments around the world have their own individual security. There is no set standard that is followed in the United States or any other country.''
Bullock each county needs to perform an individual assessment of their value. He said, ''Every country needs to correctly assess their "value" to a nation-state hacker group. If shutting down critical infrastructure benefits the hacking country, then yes, even a smaller country needs to build out their cyber-defense program. Every citizen of every country needs what critical infrastructure provides (food, water, electricity, etc.). A small country's infrastructure is just as important to them as our large infrastructure in the US is to us.''
Do you think Russia will heed the US warning to avoid its critical infrastructure, a) by state actors b) by cybercriminals - would it take action, in what form, how would it enforce, would criminals circumvent or abide by gov restrictions?
"As always on the public side it is important to keep up appearances of being the white knight and prosecuting the evil cyber criminals of the world. Behind the scenes there will always be a clandestine battle that is very hard to be traced to a particular individual or country", said Fransen.
Fransen also pointed out that many international laws are outdated and should be updated to reflect the latest threats in cybersecurity. Fransen pointed out, ''International laws need to be updated to reflect the new cybersecurity threat posed by individuals and countries around the world. Currently, Microsoft uses a Chattel law drafted in the 1800s that allows them to says that their operating system is considered their property. And if their software is used for criminal purposes, they are allowed to take it back. It takes teams of lawyers and lots of money to work with other countries legal systems to stop the cybercriminals.''
Bullock thinks Russia will abide by the rules for now but feels things can change quickly if Russia starts to feel that the US is gaining too much power.
Bullock said, ''Russia, the government will "play by the rules" for now until they feel the US is getting too powerful. Any rouge hacker group or state-actor group will attack the US if they feel their government is "going soft" on the US and the US needs to be taught a lesson that Russia can still be dominant. There are many alliances between hackers groups and various levels of government. It is quite easy for Russia, China, or any other larger country to "make a call" and have a private hacker group cause problems for the US infrastructure. China will receive less pressure than Russia due to China's economic and financial hold on the US.''
Will the pressure be on China be next? Maybe not state intelligence, nor criminals, but state spying for commercial gain?
''On the political side, of course, there will be. However, it will not act as any deterrent or result in any changes to China's policy'', said Fransen.
Where Do We Go From Here?
After Biden addressed Putin, experts continue to warn that we may not have seen the worst yet, as cyber threats and cybercrime become even more dangerous. Nick Allo of Semtech IT Solutions believes that there needs to be a more united front on the attacks. Allo shared the following:
''I think we need to stand united on these attacks. They are no longer just attacking businesses and consumers but attacking our country. Even if it is not other countries. This again is just a wake-up call that we need to tighten up security risks and security on infrastructure that has been exposed for far too long. I think why now when they are spending so much money for all these programs like tuition assistance and stimulus checks, but they have neglected the crown jewels of the countries' infrastructure. This should have been locked down years ago but like anything else, until there is enough loss change will not happen.''
Ulistic LP provides a comprehensive overview and a full analysis of your MSP's current marketing strategies, offering digital marketing, traditional marketing, and sales enablement for your IT organization. For more information, visit https://www.ulistic.com/.