BCS expert panel asks: Has Russia underestimated Ukraine’s cyber defences? | #cybersecurity | #cyberattack

Did Russia underestimate Ukraine’s cyber security?

Dr Alexi Drew, a senior defence and security analyst at Rand Europe, said that as far as Ukraine itself is concerned, Russia might have underestimated their cyber defences: “Russia has been surprised by the pushback they’ve faced on the ground in Ukraine, and the same is true, most likely, in cyberspace.”

She added: “We’ve seen a continued escalation and proliferation of actors involved. But cyber doesn’t do what most people think it does, in a military sense. Yes, it could potentially achieve the shock and awe of a physical war. But it’s potentially not the best thing that it can do because it’s not expedient. The potential for further escalation, and the ramifications of that, are too high.”

Lisa Forte of Red Goat Cyber Security said the fear of a cyberattack getting out of control could explain why Russia is holding back: “Cyberattacks are not inherently acts of war. The vast majority are for economic or criminal gain.

“The one big failing of cyber warfare is that it is incredibly difficult to control, and perhaps that’s why Russia hasn’t used it widely. If a cyberattack got out of a Ukrainian network and went into a NATO member state network or a NATO network, that escalates the attack.”

Tipping point

But could there be a point in the war where it makes sense for Russia to use cyberattacks? Jen Ellis, from the security service and solutions company Rapid7, and an adviser to the UK government, said Russia might have learned from the deadly lessons of Mariupol. Its citizens were left without water and electricity following the relentless pounding of their city by Russian tanks and missiles.

Jen said: “There is a chess game being played on a massive scale. There’s a profound impact mentally on people when you roll tanks down their street when compared to remotely hacking into their power grid.

“But when do we get to the tipping point where the tank on the street isn’t as impactful? I think the question is whether Russia decides that leveraging hacking against critical infrastructure inside Ukraine is a more effective way of making life totally unbearable for its citizens.”

Prevention is better than cure

The NCSC has warned against organisations being complacent about cyberattacks because of previous incidents that affected UK interests, such as SolarWinds Orion software. It has reiterated its advice for all companies to follow good practices to protect themselves.

There was a lively debate about whether the advice to ‘patch, patch, patch’ was the best way to protect organisations from cyberattacks. According to Dan Card, a cyber security consultant at PwnDefend, if someone is determined enough, they can get through the layers of protection. Still, he did agree that boosting cyber security was vital: “I think it’s crucial that organisations up their investment, training, and understanding.”

Patrick Burgess, of the BCS Information Security Specialist Group and co-founder of managed IT services provider Nutbourne Ltd, added: “System vulnerabilities were already happening; it’s just that now there are more people involved in the cyber warfare arena.”

He warned: “Because many people are focusing on cyber at the moment, those cyberattack zero-days may be exploited quicker.”

Social media and propaganda

Turning to the role of social media platforms, Alexi said it was essential to understand the difference between disinformation – the deliberate spreading of fake ‘facts’ – and unintentional misinformation.

During conflicts such as Ukraine, Alexi said social media and messaging platforms become a lifeline of communication: “It’s very easy to focus on the harm these platforms potentially cause and say that we need to restrict and moderate.

“But it’s a balance. If we narrow this back to Ukraine, yes, it has been used to spread disinformation and misinformation. But it’s also been a critical means of communicating information from the ground that otherwise we might not have had.”

“When a conflict breaks out, that digital record is vital, allowing these voices to reach the global audience; to organise domestically, and push back against oppression and violence, and find out where it is safe. I think nuance is important when it comes to these platforms, not just to moderate, ban and restrict.”

A recent BCS survey backed this point of view. It found that 78% of industry professionals said they did not believe restricting encrypted messaging would protect users. Furthermore, 66% said that weakening the use of encrypted messages on platforms would negatively impact the protection of society at large.

Original Source link

Leave a Reply

Your email address will not be published.

nine + one =