Evaluating the evolving impact of global tensions and conflicts
Nation states are increasingly engaging in sophisticated cyberattacks amid growing global tensions and armed conflicts. No systems appear to be off limits, including critical infrastructure for energy production and distribution, or information and communication systems. Where will such developments lead, and what is the role of the ongoing pandemic and growing adoption of hybrid work on cybersecurity?
At a Tech Talk session at GovWare 2022, four panelists came together to discuss the increased digital attack surface in the wake of COVID-19, the implications of cyberattacks in warfare, and how countries can get together to shape responsible cyber security behaviours for the future.
A more vulnerable world
Victor Yeo, the Regional Director and General Manager at BAE Systems in Singapore noted that businesses invariably open themselves to bigger risks as they switch to hybrid work. This is evidenced in the higher volume of hacking activities and data leaks reported as businesses struggle to effectively defend themselves, he said.
Andy Thompson, the Global Research Evangelist at CyberArk agreed that the drastically changing landscape of the end-user workforce, while generally welcomed by workers, has introduced a significant amount of risk to businesses. This is due to the poorer security of work-from-home employees, he says.
“The wireless networks used by employees at home are much less secure than in an enterprise environment. We need to understand that remote access is going to be a significant consideration in the future… COVID-19 in my opinion had resulted in an exponential growth in remote access,” said Thompson.
Finally, the pandemic and rising geopolitical tensions have exposed weak points in cybersecurity across various industries, observed Dr Dmitry Mikhaylov, an Associate Professor at the National University of Singapore (NUS). To illustrate his point, the cybersecurity expert pointed to the emerging field of maritime cybersecurity, and how it was exceedingly difficult to update software and hardware systems during the initial phases of the pandemic.
Cyber on the war front
For Yeo, cyberattacks are par for the course in today’s heavily digitalised world. The deliberate disruption of operations and digital communications had never ceased, though he conceded that the constant media spotlight did mean that the ongoing conflict in Ukraine saw a lot more coverage.
Thompson agreed, noting that the incorporation of cyberattacks as part of broader real-world campaigns can be tracked back to Stuxnet and other similar attacks on physical infrastructure. Referring to Russia’s invasion of Ukraine, he noted that the current wave of cyberattacks is unprecedented.
“[This is] the first hybrid kinetic cyber warfare that is waged… Yes, cyberattacks have existed for a considerable amount of time, but not to the extent that we're engaged globally right now. This is a unique situation,” he said.
Thompson who was recently in Poland also shared an anecdote of his interactions with members of the CyberArk team who had worked with the Ukrainians – Poland shares a border with Ukraine. According to him, the war has sparked off a migration of on-premises infrastructure into the cloud: “There is a massive migration from on-premises infrastructure to the cloud. [The cloud is] a lot safer from a disaster recovery perspective; it just makes more sense.”
A new kind of war
Teo Xiang Zheng, Head of Advisory of Consulting at Ensign InfoSecurity, pointed to the growing efficacy of cyberattacks and their destructiveness as being significantly beyond what the world had seen in the past. Moreover, state-sponsored actors are also less concerned about hiding in the shadows this time around, he said.
“What is unique is the evolution of multimodal attacks. In conventional warfare, we talk about land, sea, and air elements coming together. We are now seeing multi-domain warfare with the addition of cyber [warfare] as one of the domains of attack. I think we are going to see more and more of this in the future,” said Teo.
The use of drones on the battlefield is another emerging trend that looks set to stay, according to Dr Mikhaylov. “Missiles are quite expensive and can be replaced with drones that can fly quite far. The infantry is similarly using small drones for intelligence in the field.”
He cautioned that few are currently thinking in terms of how to secure their fleet of drones and other remote-controlled assets. “The number of drones used in Ukraine is increasing; Iran is supplying a massive number of drones. The Ukrainian side is using more drones, too. As the number of drones increases, cybersecurity will play a big important role on the battlefield.”
Responsible cyber behaviour
But surely a no-holds-barred approach to cyberattacks is not desirable, especially as society becomes increasingly digitalised? Teo referred to discussions he was involved in as part of the Geneva Dialogue on Responsible Behaviour in Cyberspace, noting that the way towards responsible cyber behaviour starts with dialogue and the will to band together.
“The ability to put aside our differences and share everyone's viewpoints requires a common space that we can start from. But the COVID-19 pandemic prevented it, while geopolitical tensions exacerbated that problem. I can only say we will continue to encourage this kind of dialogue and [ensure that] everyone is on the same page.”
“Unfortunately, you still have state-sponsored actors who might want to continue with their nefarious activities for their benefit. So, there's always that tension that is required to bring everyone to the table. NATO didn't come about easily; the UN didn't come about easily. They happened in the wake of catastrophic events. Let's hope it doesn't come to that for cyber,” said Teo.
In the meantime, the solution is to keep the conversation going. “I think we have a consensus that standardisation and following the rules, being good team players, and collaborating benefits ourselves and our partners. I feel like events like this where we can discuss and share knowledge with everyone is what's going to save the world. I think collaboration is the key,” summed up Thompson.
Tech Talk returns as an enhanced initiative to give trade-related visitors the opportunity to learn about the latest cyber security issues and developments through curated, free-to-attend sessions held alongside our signature GovWare exhibition.