Conflict questions loom large—when will Russia invade Ukraine? How will Europe respond, and how will the US react?
In the anxiety produced by the physical presence of Russian troops surrounding Ukraine, we can overlook the other forms of Russian aggression against Ukraine. A few days ago, Dark Reader contributor Jai Vijayan noted that ‘a Russia-based advanced persistent threat group’ has been ramping up malicious activity against Ukraine. Cisco Talos Intelligence group also noted that some of these types of attacks have had an additional undercurrent: sowing seeds of distrust. By spreading disinformation regarding who lies behind malicious threats to Ukrainian cybersecurity, both Poland and Ukraine have been strategically framed. “The intent is not to actually convince people that someone else was the source, but instead to introduce enough doubt that it is politically useful either now or in future operations” the article from Talos argues.[1]
Cybersecurity is in the middle of a new age of warfare. President Putin has in the past used “’hybrid warfare,’ a witches’ brew of non-uniformed soldiers (the so-called ‘little green men,’), high end special forces, sophisticated offensive cyber against command centers and the electric grid, social media disinformation, and amphibious operations’”[2] and has continued to do so in the current Ukrainian conflict. As with the NotPetya incident in 2017, cyberwarfare often can’t be contained by the physical sovereign state lines. Not only that, but the intentional undermining of trust and disinformation displayed in current attacks on Ukraine shows that purposely sowing discord elsewhere would not be without precedent. As a result of the threats in Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) warned in a statement that “every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.”[3]
What does this mean for US business owners or cybersecurity professionals? Put simply, it means we must remember that we are not alone. Rural areas like much of Western North Carolina, are often unprotected from cyber warfare threats and assume that, since they are ‘small targets,’ large threats won’t find them. But the small targets are also the softest and can lead to a breakdown of security on a larger scale. Just think about the turmoil that would erupt if our water infrastructure were taken down. So, remember that we’re not alone in a negative sense, but also remember it positively. Even while malicious actors work to undermine trust and break down alliances, surround yourself with professionals of character. Be a professional of character, whether as a CEO or a pen tester. Professionals of character are the ones who resist taking shortcuts, who own up to data breaches, and who resist the temptation to misuse privileges and harm others. We’re not alone because we can surround ourselves with a community of professionals that care about our nation, our livelihoods, and in being trustworthy participants of society. Character is the first step in maintaining a secure cyberfuture, and it starts with us.
