Cybersecurity Pros Warn of Danger Ahead With Russia, China, and Beyond

A cybersecurity talkfest Thursday evening in Washington, D.C., may have left attendees needing the drinks served at the reception afterwards.

“We're actually entering perhaps one of the most dangerous times that we've had in the cyber domain,” said Dmitri Alperovitch, co-founder and chairman of the Silverado Policy Accelerator(Opens in a new window) think tank.

Speaking at an event hosted by Axios(Opens in a new window) and sponsored by Silverado and Google, Alperovitch cited two causes for cybersecurity concern.

One is Russian President Vladimir Putin escalating his country’s unprovoked invasion of Ukraine by annexing parts of that country—including areas in which Russian troops have been surrendering to advancing Ukrainian soldiers. 

“In some ways, Putin is metaphorically burning the boats,” Alperovitch said, suggesting this increases the chances of Putin reacting to continued Western help for Ukraine with retaliatory cyberattacks.

The other happened in D.C. on Friday, when President Biden announced sweeping restrictions on the sale of advanced semiconductor hardware to Chinese firms. 

“We are effectively introducing massive export controls against China,” Alperovitch said. But while he supports isolating China’s technology sector, he warned the move could also incite digital retaliation by China.

His fellow panelist Heather Adkins, Google’s vice president of security engineering, countered with cautious optimism. 

“I think a lot of companies are much better informed,” she said, citing hard lessons learned about ransomware attacks and cryptocurrency heists. “It's much more real for them.”

Adkins emphasized such advances in resilience as cloud services that allow faster restoration of apps and data. “The ability to recover from attacks is just as important as the ability to prevent them,” she said. “Because no matter what, we're all going to get hacked.” 

A documentary series screened before moderator Chris Frates(Opens in a new window) interviewed Adkins and Alperovitch made that point for her. The first episode of the Google-produced series Hacking Google(Opens in a new window) covers how the tech giant scrambled to respond to a Chinese hack of its systems(Opens in a new window) in 2009, with prominent appearances by Adkins and Alperovitch.

At the end of the panel, Adkins voiced confidence that we can “get out of this problem where you get malware on your machine and suddenly it hijacks your whole life."

Alperovitch stayed pessimistic. “We're facing a sentient opponent,” he said. “Just like we will never solve crime, we will never solve cyber.”

Identifying What's Most at Risk

So how can Washington reduce these risks? The Axios event began with cybersecurity reporter Sam Sabin quizzing National Security Council tech-security advisor Anne Neuberger about the Biden administration’s agenda. 

Neuberger said that since last spring’s ransomware attack against Colonial Pipeline, the administration has taken a sector-by-sector approach to identify infrastructure most at risk and raise minimum standards of defense.

“The goal is looking across all of critical infrastructure and ensuring that it cannot be disrupted, whether by a nation-state or by criminals,” she said.

But even after such public debacles as the Colonial hack taking some 5,500 miles of pipeline offline, Neuberger said some industry executives needed convincing, which the White House offered in classified briefings sharing context they couldn’t see in their offices. 

The administration’s next move will focus on customers: As the White House announced Tuesday(Opens in a new window), it will develop an Energy Star(Opens in a new window)-style cybersecurity label so that shoppers can know to look for that certification. 

Another security shift is drawing near at the Federal Communications Commission, which is drafting an order to ban US purchases of hardware from the Chinese firms Huawei and ZTE.

Neuberger said Chinese laws required the US to take that step to protect the privacy of American citizens: “We know the regulations in China, which require the companies to provide data on demand.” (No, TikTok did not come up in this discussion.) 

One of her predecessors in previous Republican administrations gave these efforts a cautious thumbs-up in the evening’s final talk. Trinity Cyber(Opens in a new window) President Tom Bossert, a homeland-security advisor under Presidents George W. Bush and Donald Trump, told Sabin that the current White House speaking publicly about these risks represents a welcome change.

But, he added, the administration should prioritize adapting to lessons learned over sticking to an announced plan: “I want them to be willing to give up on failed attempts quickly.” 

(Disclosure(Opens in a new window): Google licensed a photo I took at a security conference for inclusion in the Hacking Google documentary.)

Comments are closed.