Las Vegas was the backdrop this month for a trio of major cybersecurity conferences that brought together many global leaders in one of the world’s most critical industries—information security.
Black Hat USA, DEF CON, and BSidesLV, which are collectively referred to as “Hacker Summer Camp,” hosted luminaries that included former Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs, National Cyber Director Chris Inglis, and the deputy chairman of Ukraine’s State Service of Special Communications and Information Protection, Victor Zhora.
Among the major topics discussed this year was the growing concern about increasing cyber-attacks originating from China and Russia.
Ukraine’s Zhora, who has seen his country victimized by over 1,600 Russia-based “major cyber incidents” so far this year, told the Black Hat USA conference Russian cyber attacks are “perhaps the biggest challenge since World War II for the world, and it continues to be completely new in cyberspace.”
The Russian attacks that Zhora is referring to include DDoS attacks that targeted many of Ukraine’s government agencies, as well as a number of new malware strains that were discovered leading up to, and in the immediate aftermath of Russia’s invasion of Ukraine. This includes a spike in data-wiping malware strains, which have the potential to be devastating to both governmental organizations and private businesses.
Ukraine has recently entered into a new expanded cyber cooperation with the United States in July. The country was not initially thought to have the ability to stand much of a chance against Russian cyberattacks, according to statements made at DEF CON 2022 by current National Cyber Director Chris Inglis. Inglis told attendees that, “We didn’t give enough credit to the Ukrainians for being able to defend cyberspace.” Inglis also stated, “I and a whole bunch of others would have said that the Ukrainians would have a really tough time defending themselves in cyberspace against the Russians, because the Russians have lots of capabilities.”
According to the July 27 memorandum of cooperation (MOC) between the United States and Ukraine, the two countries agree to share intelligence and best practices on cyber events and further participate in cyber training and joint exercises. “I am incredibly pleased to sign this MOC to deepen our cybersecurity collaboration with our Ukrainian partners,” said CISA Director Jen Easterly in the press release that announced the partnership:
I applaud Ukraine’s heroic efforts to defend its nation against unprecedented Russian cyber aggression and have been incredibly moved by the resiliency and bravery of the Ukrainian people throughout this unprovoked war. Cyber threats cross borders and oceans, and so we look forward to building on our existing relationship with the State Service of Special Communications & Information Protection of Ukraine (SSSCIP) to share information and collectively build global resilience against cyber threats.
Spiking cyberattacks in the aftermath of the Russian-Ukraine conflict have also created implications for nations that support Ukraine, as Russian-based hacktivist organizations have started to target entities operating within nations that have provided material support to the Ukrainian government during the conflict.
Although much attention was given to the Russian cyber threat, former CISA Director Christopher Krebs told Black Hat 2022 that U.S. government officials have advised him that they are “confident” that the rise in tensions between China and Taiwan is “going to come to a head” and organizations should “manage risk yesterday.”
The coming U.S. midterm elections were also discussed in depth in the lead-up to cyber week in Vegas. Election security, which has been a controversial subject among Trump supporters and most of the political establishment and intelligence community, was also talked up earlier in August by CISA’s Easterly, as she expressed her concerns about disinformation, misinformation and even the possibility of threats to election officials.
Just prior to the commencement of cyber week, Easterly said CISA intends to continue to use its Rumor Control website, which allows the agency to attempt to counter false election narratives. “I need to make sure that my resources and my focus are where we can make the most difference at the end of the day,” Easterly said.
Most of the critical issues facing the world that were discussed at “Hacker Summer Camp” could be more easily addressed with an increase in the global cyber workforce. The severe lack of staffing globally has been a dominant theme this year. Krebs mentioned at Black Hat that he finds it “confounding” that the cyber workforce continues to face major workforce shortages. According to him, a cyber career was “fun, lucrative, durable, fascinating,” and with global security at stake, “meaningful.”
The threats facing the public sector and private businesses will only multiply the next few years. With profitable cybercrime operations earning hackers billions of dollars via scams involving ransomware and other schemes, the future would seem bright for the next generation of cyber-warriors. But with severe cyber workforce shortages the status quo, the question remains, can Generation Z answer the call?