Preparing for a Cyber Conflict / Hybrid War

Will the war in Ukraine escalate into a hybrid war / cyber conflict?

Western intelligence on Putin’s plans has been on point so far.

So Monday’s White House briefing and the statement by President Biden on cybersecurity is a serious wake-up call (insofar needed) for us all.

These White House briefings are based on what they call “evolving intelligence” that the Russian Government is exploring options for cyberattacks.

The UK National Cyber Security Centre published a warning on 18th March, including advice on actions to be undertaken.

Other Five Eyes countries are also warning of the threat. Australia has advice here. New Zealand here. Canada here.

The European Union Agency for Cybersecurity nor the Dutch Government have concrete advice as yet on the possible Russian attack scenarios.

The Microsoft Threat Intelligence Center detected an attack on Ukraine’s digital infrastructure in January and again hours before the actual invasion started. These attacks include “Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises.” Microsoft raises concerns about possible contravention of the Geneva Convention.

It’s widely reported that Putin has his back to the wall, and the US and others are predicting he will deploy biological and/or chemical weapons. Against the backdrop of Putin’s increasing outrageous barbarity, a cyberattack is not unthinkable.

How to prepare for hybrid warfare or a state-backed cyber-attack?

For companies with any kind of relationship with people in or from Russia, Ukraine or Belarus, this is a minefield of complexity. Especially perhaps in Europe where millions of Russians and Ukrainians have made their home outside their native countries. This aspect is too much for this post — other than to put it at the top in the list — but Gartner has a good piece here on where to start.

Many companies sharpened their defences at the start of the Covid19 pandemic: Improved end-point security, vulnerability management and multi-factor authentication were triggered by the wave of people working-from-home and increased phishing attacks.

Notwithstanding the increased focus, worldwide government ransomware attacks rose by 1885% last year, and healthcare attacks by 775%.

The current threat goes a lot further than the security aspects of the pandemic — and will have long-lasting consequences. The security suggestions below are intended as input to the conversation and are, obviously, not exhaustive.

To do Now

1. Draw up a plan for the next 5/10/20 days.

2. People-first & Safety first: Physical and mental well-being. Stress levels were raised from the pandemic and many (security) teams are suffering from chronic high workloads and crisis-management. As with covid19, promote a sense of psychological safety and avoid burnout.

3. Stay calm and confident.

4. Communicate with all staff to ensure awareness and ability to execute as needed. Communicate regularly.

5. This is not going to be for free. Ensure sufficient funding is switched into security. Not for the next budget-cycle, but immediately.

6. Ratchet-up all your existing security activities. Revisit and refresh the points you put in place for the pandemic on end-point security, vulnerability management and monitoring.

7. Track government advice and follow-up as needed.

8. Check recommendations from suppliers — solicit where needed.

9. Offer advice to clients.

To do Next

1. Stay calm and confident.

2. Practice your Business Continuity Plan. Improve it and repeat. Focus on what you can control.

3. Prepare for communications when internet and/or email and/or social media no longer work. Provide hard copies of key documents.

4. Choose and check your information sources before acting. There is a lot of bad information out there.

5. Be prepared for a ransomware attack.

6. Ensure all data is held in secure (geographic) locations.

7. Check your insurance. Does it cover an act of war?

8. Draw up a plan for the next 100 days.

And Later

1. Cybersecurity budgeting will probably need to be increased. Fear, uncertainty and doubt (FUD) are poor strategic counsellors and do not sell well in board rooms. So a balance needs to be struck with the new realities of the world, without relying on the bottomless pit of FUD.

2. Review your geo-political strategic positioning. Review (global) supply-chain sourcing and out-sourcing. Review your customer base against a global security threat landscape. Review data storage locations and back-up strategies.

3. Align with industry suppliers, peers and customers.

4. Review Business Continuity Planning to include your full eco-system.

5. Support the government and industry agencies in adopting a global cybersecurity leadership role.

Also at: Website | amazon.co.uk | bol.com | blog