Expert links bread riots and cyberthreats
Bread shortage riots and cyberthreats might seem worlds apart, but they were brought together by a cybersecurity expert at the inaugural NetDiligence Cyber Risk Summit Bermuda.
Laura Galante presented an understanding of how cyberthreats from nation states have evolved, and considered what lessons can be learnt to act as guides during the next 10 years as threats evolve.
From China and Russia, to North Korea and the US, Ms Galante presented insight into how state players have used cyberespionage and breaches to their advantage.
She spoke at the NetDiligence event, which brought together more than 50 speakers and featured sessions on the evolution of cyber reinsurance, cyber catastrophe, silent cyber and ransomware. NetDiligence is a leading provider of cyber-risk readiness and response solutions.
Ms Galante, of Galante Strategies, is a former director of global intelligence at cybersecurity company FireEye, a founding member of Mandiant Intelligence, and a senior fellow at the Atlantic Council.
As a keynote speaker at the summit, she mentioned the food and bread shortages that caused the riots that were an immediate precursor to the Russian Revolution of 1917. She later returned to the subject of bread production and the shadow it cast in Russian minds as recently as the Eighties, when the Soviet Union began to unravel.
Why is bread relevant to a talk on cyberthreats? Because it illustrated two of the three lessons Ms Galanate shared on the potential landscape of future cyberthreats.
The first lesson was the importance of acknowledging what the “cyberthreat domain” is really about. Just as Russia had in the 2000s imagined what the cyberspace was not just about networking, but also about “narrative, data, information and your mind”, Ms Galante said that level of wider contemplation was needed to envision what the next 10 years will hold.
“We are sitting here with the Internet of Things, [and] with a 5G network that will speed up all our processing and connectivity. We are thinking about how technology is underlying every single sector. How do we make sure that we are broad enough in our conception of what is going on?” said Ms Galante.
She said a Ukrainian official had told her “keep in mind 1917,” referencing the date of the Russian Revolution.
Explaining what was inferred, she pointed out that what sparked the revolution wasn’t the military, or an energy crisis — it was bread shortage riots.
“He meant, this place that we are living in, the level of defence we are thinking about, how we mitigate risk in this space is incredibly broad, incredibly psychological, and we have to make sure we are taking that into account as we consider what the next fissures will look like,” she said.
Context had also been given earlier when Ms Galanate described how Estonia, which had formerly been part of the Soviet Union, saw its highly networked infrastructure virtually shutdown overnight in 2007 after it had decided to move a statue of a Russian soldier out of the centre of its capital Tallinn. The country suffered sustained cyberattacks on many of tts organisations.
Russia had “egg on its face”, said Ms Galanate, because given the circumstances Russia was viewed as the most obvious culprit behind the cyberattacks. It learnt that such action could not be done again in such a ham-fisted way.
Ms Galante said Russia also paid attention to what occurred in 2010, during the Arab Spring uprisings in the Middle East, and how social media was used widely to coordinate protests and spread news of the protests to the world.
She said the events of 2007 and 2010 were waymarks in Russia’s understanding of the power of cyberoperations, and an understanding that the best weapon against an open society (the West) — its Achilles’ heel — is its very openness.
Bread was referenced again in Ms Galante’s second lesson. She said: “The second lesson is that this might look like a technical problem, but it is still always about people.”
A few years previous, as the team she was working with at the time collected data on cyberattacks, she said it was not until they understood who was behind the attacks and why, that the team “could start to unravel a problem as thorny as cybersecurity, and start to do something about it”.
She related a piece of lore from the final years of the Soviet Union, when, during the perestroika period of East-West friendship, a top official was taken on a tour of London to see how the West worked. He saw the banks, treasuries and how things worked in the country. Then, on the second day, he said the one person he needed to see was the one who was in charge of the bakeries.
“The Brits are scratching their heads and saying ‘What is he talking about?’ He says ‘Look, we are sitting here in Moscow and we can never understand how many loaves should be baked every day — we have shortages, we have too much, it is constantly this issue. Who is in charge of telling the bakeries how much bread to make?’”
Ms Galante added: “The answer is the bakeries are — there is no one running a central bakery in London.”
She said that was a moment when something went ‘click’,
“It is that story, that is told so often now in the Russian military, that people understood that a top-down model for operations, whether it is baking bread or whether it is cyber operations, would not work.
“It was the ability to use ‘the edge’, in this case the bakers, to understand the actions that needed to be taken that would be the new paradigm of power; of how successful organisations work,” said Ms Galante. She said that applied to hackers or a Silicon Valley company working on the next version of its product.
“So, being able to put power to the edge, and understanding that that is the change that is occurring, both with hackers, but also with how nation states operate, is incredibly important as we think of how that next iteration of this threat will fall.”
Ms Galante said the third lessons was to “not forget what we are insuring, shat we are protecting, and why we are doing it”.
She said: “In 2012 and 2013, when we were in the questionable period about why cyberthreats mattered, when we couldn’t put a face upon this, but we knew it was a problem.
“It would have been easy for the group I worked with to say ‘it’s not our job to go and expose the Chinese military, that’s what governments do — the intelligence community should be writing a report on this, not us’. But we looked at each other and said, ‘look we are sitting here with data that shows us exactly how this is working. We are at a vantage point where we are seeing multiple companies breached’. No single company is going to come out and say ‘look, I think the Chinese military is hacking my airplane’.”
Ms Galante said the team realised they had the ability to do something about the problem, to change how — in the case she spoke about — economic property was being seen, and how the threat was understood.
“It was our job to do something about it, and we did, we exposed this report.
“I give you that background because all of us are sitting in a chair similar to that at different times. We have to be able to explain, broadly, not just to the world, but to our clients, to the types of customers that we are seeing, that this is a threat that can be managed. But it is key to understanding how your business model goes forward.”
She asked the audience: “Do you have a fair way to explain what the threats are that might be hitting your business? Are you insuring around that? Do you have an understanding of what sorts of nation states might be trying to go after your type of operations, and why?
“We have to think about this as broadly as our adversaries do, this is an attack and a question about how open societies can work, and how economies and companies that are built on fairness and rule of law, operate. And that is what we are after here.”
She added: “So when it gets a little dark, let’s keep in mind how big the problem is, and how key our own rules are. It is our power in this space, our place in security and risk management, that is key to taking on this threat and critical as we look to the next 10 years of analysing cyberthreats.”