Cyber ​​security professionals warn of danger ahead with Russia, China and beyond

A cybersecurity talkfest Thursday night in Washington, DC, may have left attendees needing the drinks served at the reception afterward.

“We’re actually entering perhaps one of the most dangerous times we’ve had in the cyber domain,” said Dmitri Alperovitch, co-founder and chairman of the Silverado Policy Accelerator(Opens in a new window) think tank.

Speaking at an event hosted by Axios(Opens in a new window) and sponsored by Silverado and Google, Alperovitch cited two reasons for concern about cybersecurity.

One is Russian President Vladimir Putin escalating his country’s unprovoked invasion of Ukraine by annexing parts of the country – including areas where Russian troops have surrendered to advancing Ukrainian soldiers.

“In some ways, Putin is metaphorically burning the boats,” Alperovitch said, suggesting that this increases the chances that Putin will respond to continued Western aid to Ukraine with retaliatory cyberattacks.

The second occurred in DC on Friday, when President Biden announced sweeping restrictions on the sale of advanced semiconductor hardware to Chinese firms.

“We are effectively imposing massive export controls on China,” Alperovitch said. But while he supports the isolation of China’s technology sector, he warned that the move could also invite digital retaliation from China.

His fellow panelist Heather Adkins, Google’s vice president of security engineering, responded with cautious optimism.

“I think a lot of companies are much better informed,” she said, citing hard experiences of ransomware attacks and cryptocurrency heists. “It’s much more real to them.”

Adkins emphasized such advances in resiliency as cloud services that allow faster recovery of apps and data. “The ability to recover from attacks is as important as the ability to prevent them,” she said. “Because no matter what, we’re all going to get hacked.”

A documentary series shown in front of moderator Chris Frates(Opens in a new window) interviewed Adkins and Alperovitch made that point for her. The first episode of the Google-produced series Hack Google(Opens in a new window) covers how the tech giant attempted to respond to a Chinese hack of its systems(Opens in a new window) in 2009, with prominent appearances by Adkins and Alperovitch.

At the end of the panel, Adkins expressed confidence that we can “get out of this problem where you get malware on your machine and suddenly your whole life is hijacked.”

Alperovitch remained pessimistic. “We face a sensitive opponent,” he said. “Just as we will never solve crime, we will never solve cyber.”

Identify what is most at risk

So how can Washington mitigate these risks? The Axios event began with cybersecurity reporter Sam Sabin questioning National Security Council technical security adviser Anne Neuberger about the Biden administration’s agenda.

Neuberger said that since this spring’s ransomware attack on the Colonial Pipeline, the administration has taken a sector-by-sector approach to identifying infrastructure most at risk and raising minimum standards for defense.

“The goal is to look across all critical infrastructure and ensure that it cannot be disrupted, either by a nation state or by criminals,” she said.

But even after such public debacles as the Colonial hack that took about 5,500 miles of pipeline offline, Neuberger said some industry leaders needed convincing, which the White House offered in classified briefings that shared context they couldn’t see in their offices.

The administration’s next move will focus on customers: As the White House announced Tuesday(Opens in a new window)will it develop an Energy Star(Opens in a new window)-style cybersecurity label so shoppers can look for that certification.

Another security shift is looming at the Federal Communications Commission, which is drafting an order to ban US purchases of hardware from Chinese firms Huawei and ZTE.

Neuberger said Chinese laws required the United States to take that step to protect the privacy of American citizens: “We know the regulations in China, which require the companies to provide data upon request.” (No, TikTok did not come up in this discussion.)

One of her predecessors in previous Republican administrations gave the effort a cautious thumbs up in the evening’s final speech. Trinity Cyber(Opens in a new window) President Tom Bossert, a homeland security adviser under Presidents George W. Bush and Donald Trump, told Sabin that the current White House speaking publicly about these risks represents a welcome change.

But, he added, the administration should prioritize adapting to experience rather than sticking to an announced plan: “I want them to be willing to give up on failed attempts quickly.”

(Mediation(Opens in a new window): Google licensed a photo I took at a security conference for inclusion in the Hacking Google documentary.)