Washington continues to be engrossed in the subject of cyber everything, and today’s news developments and events in that arena offer a study in contrasts.
CIMA and the National Endowment for Democracy hosted a discussion about online security in conflict-riven Ukraine in the morning, and the Center for Strategic and International Studies (CSIS) presented a panel discussion entitled “Information Sharing for Cybersecurity” in the afternoon.
The discussion at the NED featured activists and cybersecurity experts from the region who work in Ukraine. They can’t prove it, but their sense is that much of the hacking in Ukraine is coming from Russia. For their safety, the panelists can’t be identified, but collectively they painted a grim picture of the state of online security for news media and civil society organizations in Ukraine:
- Media and civil society organizations don’t do anything about securing their online systems until they’ve suffered “a catastrophe,” two of the panelists said.
- Organizations such as Internews, Reporters Without Borders, and the Institute for War and Peace Reporting are providing training for journalists–but few are implementing what they learn. They either don’t take the threat seriously or can’t make the time to go through the steps they’ve been taught to take for their own protection.
- Intelligence agents seize the laptops of journalists in Crimea, “manipulate” the computers, as one of the speakers put it, and then give them back to the journalists, who have no tech support to fix the laptops but nevertheless continue to use them.
- Local media outlets face denial of service attacks that shut them down before elections, leaving only politically affiliated websites free to publish and silencing independent news coverage of the political process.
- Denial of service attacks and e-mail hacking services are available on the black market for as little $50 or $100, which means foreign intelligence agencies don’t have to do it themselves, and the hacking victim can’t tell who might be behind the attack. “It’s very cheap, and it’s available, which makes the potential list of adversaries very large,” one of the panelists said.
In stark contrast to the situation in Ukraine, the lead speaker at CSIS’s event was considerably more upbeat about the situation facing the United States in this sphere. Michael Daniel, the National Security Council’s special assistant to the president and cybersecurity coordinator, joked, “The good news is that the president is personally interested in cybersecurity. The bad news is that the president is personally interested in cybersecurity.”
Daniel pointed out that just this morning President Obama signed an executive order establishing a program to apply sanctions on individuals overseas who commit cyber espionage or attack critical U.S. infrastructure. He then outlined details about the various programs for sharing information across industries and government agencies aimed at thwarting cyber attacks. No shortage of attention to this problem here.
There was one area, however, where the panelists working in Ukraine and Daniel were on the same page:
“There are no absolutes in cybersecurity,” Daniel said. “There is only trying to do it better.”
Just a couple of hours earlier, one of the panelists talking about Ukraine said, “There is no absolute security,” and those working online “always need to think about adversaries” and “consider the possible impacts of a cyber attack.”
It seems cybersecurity is becoming a universal problem.