Earlier this month, Las Vegas hosted the trio of major cybersecurity gatherings referred to as “Hacker Summer Camp.”
The events, Black Hat USA, DEF CON, and BSidesLV, welcomed some of the more important figures in the cybersecurity world, including former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs, current National Cyber Director Chris Inglis, and deputy chairman of Ukraine’s State Service of Special Communications and Information Protection, Victor Zhora.
Among the main issues discussed this year were the growing concerns regarding increasing cyber-attacks from China and Russia.
Ukraine’s Zhora has witnessed his country face over 1,600 Russian-based “major cyber incidents” so far this year. He told Black Hat USA that “This [Russian Hacking Attacks] is perhaps the biggest challenge since World War Two for the world, and it continues to be completely new in cyberspace.”
These attacks to which Zhora refers include Russian-based DDoS attacks targeting many of Ukraine’s government agencies, as well as malware that targets the Industrial Control Systems (ICS) that are critical to energy providers.
As a result of this increase in Russian-based attacks, Ukraine has recently entered into a new expanded cyber cooperation with the United States. At DEF CON 2022, Inglis told attendees, “We didn’t give enough credit to the Ukrainians for being able to defend cyberspace.” Inglis also stated, “I and a whole bunch of others would have said that the Ukrainians would have a really tough time defending themselves in cyberspace against the Russians because the Russians have lots of capabilities.”
According to the late July Memorandum of Cooperation (MOC) between the US and Ukraine that established the new cyber alliance, the countries agreed to share intel and best practices on cyber events and participate in joint cyber training and exercises.
“I am incredibly pleased to sign this MOC to deepen our cybersecurity collaboration with our Ukrainian partners,” said CISA Director Jen Easterly in a press release announcing the partnership. “I applaud Ukraine’s heroic efforts to defend its nation against unprecedented Russian cyber aggression and have been incredibly moved by the resiliency and bravery of the Ukrainian people throughout this unprovoked war. Cyber threats cross borders and oceans, and so we look forward to building on our existing relationship with the State Service of Special Communications & Information Protection of Ukraine (SSSCIP) to share information and collectively build global resilience against cyber threats.”
Cyberattacks in the aftermath of the Russian-Ukraine conflict have also affected countries that have supported Ukraine, as Russian-based hacktivist organizations are now targeting organizations operating within the nations that have provided material support to Ukraine during the conflict.
In addition to the Russian cyber threat being discussed during this month’s events, Krebs told Black Hat 2022 that government employees have expressed “confidence” that the rise in tensions between China and Taiwan is “going to come to a head” and organizations should “manage risk yesterday.”
The upcoming midterm elections were also a hot topic in the immediate lead-up to cyber week in Vegas. Easterly discussed election security, and she had previously voiced her concerns regarding the effects of misinformation and disinformation, as well as the possibility of threats to election officials.
Prior to “Hacker Summer Camp,” Easterly said that CISA intends to continue to use its Rumor Control website. The site allows the agency to attempt to counter fake election narratives. “I need to make sure that my resources and my focus are where we can make the most difference at the end of the day,” Easterly said.
Most of the critical cyber issues discussed at this month’s events could be more easily addressed with a pronounced increase in the global cyber workforce. This global shortage in staffing has been a dominant theme most of this year.
Krebs also mentioned at Black Hat that he finds it “confounding” that the global workforce continues to face these major shortages. According to Krebs, a career in cybersecurity is “fun, lucrative, durable, fascinating,” and, with critical national security at stake, “meaningful.”
The abundance of threats facing the public and private sectors will only continue to multiply over the next several years. With increasingly profitable cybercrime syndicates earning billions of dollars via scams that involve ransomware and other schemes, the future looks bright for the next generation of security professionals that should find opportunities for work plentiful. But with our current severe workforce shortages and no real way to forecast the future, the question is, will Generation Z be able to answer the call?