Russia invaded Ukraine just over a year ago, on February 24, 2022. But by some accounts, the conflict began earlier, with both media and government reports of Russian cyberattacks on Ukrainian infrastructure prior to the invasion. Since the invasion began, cyberattacks have continued, including physical strikes coupled in some cases with disinformation operations.
The Russian cyberattacks and Ukrainian responses have major implications for this war and for wars to come. But they also provide guidance for global cybersecurity beyond warfare. RSA experts on our Federal and Security teams have identified several trends resulting from the conflict that have broader implications for organizations across government and the private sector. These trends include the criticality of secure communications, the spread of disinformation, the elevation of cyber hygiene, and the high costs of technical debt.
Secure communications: the foundation of all cybersecurity—in war and peace
Protecting communications infrastructure has always been the central challenge in a traditional ground war. In World War II, for example, breaking the Enigma code was a critical turning point for the Allied forces.
Today, the security and resilience of communications remain critical factors in who wins and who loses, whether in a shooting war between adversaries on the ground or one between CISOs and threat actors on the digital front.
“The fundamental question is how do you protect the communications infrastructure so that information can be exchanged reliably and securely?” says Steve Schmalz, RSA Federal Field CTO. “Because without that, nothing else matters.”
One of the basic building blocks for a secure communications infrastructure is identity, specifically authentication and access control. These capabilities can provide assurance that someone seeking access is who they claim to be, as well as confirm that they have the right to access certain resources.
Every organization needs authentication and access control to secure their communications, resources, and users. They’re just as essential in preventing an enemy or other threat actor from intercepting or interfering with secure communication as they are in enabling the right people to get access to what they need.
Disinformation: why trusted identities are more critical than ever
Secure communication is one thing; trusted communication is another. And getting to trust is becoming especially important given the rise of disinformation around the world in recent years.
A case in point is the aforementioned recent disinformation operation supporting Russian cyberattacks on critical infrastructure in Ukraine. The purpose of the disinformation campaign was to make it appear that Ukrainian authorities and businesses were responsible for power outages that in reality resulted from Russian attacks.
But it’s not just in global conflicts that disinformation can be used to mislead: earlier this fall, we saw a rash of MFA fatigue and prompt bombing attacks that all tried to disguise their actual purpose with communications that looked like legitimate requests.
“There is so much disinformation out there today, trusted identities and trusted access are essential,” says Kevin Orr, president of RSA Federal. “Only if you can be confident in the identity of someone sharing information can you even hope to separate truth from fiction. This makes identity a huge piece of battling disinformation.”
Orr’s colleague Schmalz notes that the spread of disinformation often involves using AI to take over identities. But he also points out that AI can cut both ways: organizations should be using it to improve their cybersecurity postures.
“One thing we’re seeing today is the adoption of AI technologies to combat AI-assisted identity takeovers,” Schmalz explains. “I think we’re going to see AI become far more prevalent in both the attack and the defense.”
Cyber hygiene: elevating threat prevention in government and beyond
The rise of natural language algorithms like ChatGPT—which might lead to more effective and targeted phishing lures—has underscored the need to respond to AI threats in kind.
In fact, just like requiring multi-factor authentication (MFA) and mandating cybersecurity awareness training, having AI as part of an organization’s cybersecurity stance may become a central plank of basic cyber hygiene for private businesses and government agencies.
The emergence of AI as a tool for cybersecurity comes at a time when attention is more sharply focused than ever on cyber hygiene. Since the war in Ukraine began, “we’re seeing more emphasis on preparedness, including a whole new set of US federal mandates,” says Orr. “Personal and corporate cyber hygiene is on the rise, and that’s good news.”
The high costs of technical debt
John Messinger, RSA principal security architect, observes that while the new focus on cyber hygiene is important, leaders must do more and invest more:
“Agreeing on a ‘baseline’ for cybersecurity is a good step, but it’s not the last one,” says Messinger. “Insecure technical debt in critical infrastructure and other systemically important industries needs to be addressed. There must be some accountability for organizations that aren’t investing in modern technology and security.”
“During the pandemic, we learned that technology is a function of every company, no matter what they do or make,” says Messinger. “If technology is endemic to your business, if your people need technology to do their job and drive revenue, then the business has a responsibility to secure that technology.”
“I would urge leaders to invest in the security capabilities that give them the biggest return: moving to a modern and zero-trust architecture, requiring multi-factor authentication, and having the identity intelligence needed to secure every user across their technology estates.”