Tensions are high over the recent nerve agent attack on UK soil on a former Russian spy for which Britain says Russia is responsible. Although not directly a cyber attack, there are concerns about the wider implications for cyber warfare.
As part of our cyber warfare focus at TEISS, I met with Chris Pogue, Head of Services, Security, and Customer Integration at Nuix, when he was in London the week after the attack amidst the swirling rumours of Theresa May's plans to reciprocate with a cyber-attack, according to Whitehall sources.
Chris discussed what this would mean for the future of UK national security efforts and what would the consequences of retaliating a physical attack with a cyber-attack be. I was curious to know Chris' thoughts on what such an attack would look like and whether we are in the midst of another Cold War.
It depends how you define "Cold War" he says. "I think the line between "cold war" and "actual warfare" is being blurred," he says.
"The nerve agent attack is obviously very real – which is cloak and dagger cold war-esque activities. However, rumours of retaliation in cyber space is still an act of war, any way you shape it," he adds.
"I have no doubt that Putin would call it an act of war if a Five Eyes country launched a cyber attack on them," he says.
Chris credits former KGB head Putin as smart, adding, "Whether we like him or not, he is knowledgeable about how to conduct this type of clandestine warfare and he's got a whole country full of people which are probably very good at doing this sort of stuff." The combination of free education and massive unemployment generate a lot of organised crime syndicates and activity within cyber space. He describes the complexity of the massive networks of interconnected syndicates - exchanging hundreds of millions dollars - which makes attribution for darknet activities very difficult.
Also of interest: Breaking into the mind of a hacker
East vs West
Chris advises against retaliation against Russia. "They’ve got a proven track record of eating our lunch in ways that far outweigh the US and the UK," he adds. Not only are the Russians very good at what they do, the attacks are difficult to attribute and hard to defend.
Chris states: "There’s a very 'us versus them' adversarial mentality between the East and West, so you have a lot of kids that spring up and think they can make millions of dollars as a young hacker – it's almost a rockstar culture to them." A subculture we don't have on the same scale in the West.
Their ability to attack far outweighs our ability to attack back; it’s not a fair fight and they’re just better than we are. By the nature of security, Chris explains, from a defence point of view, you have to get it right every time – every vulnerability, every point of entry, every possible attack vector has to be accounted for and defended on an ongoing basis. "There's a never-ending process of determining what your security posture looks like and the hackers only have to get it right once," he adds.
"Most organisations were averse to spending money on security until recently with the advent of GDPR, with most people being on the 'wait and see' on the fence stance. From a business perspective saying you have to spend money on something that may or may not have happened did not prove popular," he says. GDPR should compel businesses to do the right thing.
Also of interest: Petya, NotPetya, Good Rabbit, Bad Rabbit...the rise of ransomware
On a cyber knife's edge
The difficulty is that if Putin could attribute a cyber attack to the UK, he would see it as an act of war and retaliate in kind. As so much of what we do is controlled by computer systems – transport, energy, emergency services, banking, communications – they've the power to completely disrupt society and hold all these services to hostage.
By holding services hostage, Putin will be sending a warning to Theresa May, "if you keep annoying me then I’ll shut them down and leave you to deal with it." That’s the whole premise of ransomware and why it’s such a successful form of attack. Thinking of warfare on that scale is a good decision for the Five Eyes countries to make, Chris advises.
Looking to the future, Chris predicts these hostilities will continue and cyber space is a tool that is going to continue to evolve and be an increasing part of that. "The world is on a knife's edge of a cyber attack with a wide spread kinetic impact; I think it’s coming and it’s only a matter of time," he says.
Chris Pogue is a former US Army officer with over 2,000 breach investigations under his belt, his extensive experience is drawn from careers as a cybercrimes investigator, ethical hacker, military officer, and law enforcement and military instructor. He is also author of the Nuix Black Report.
Also of interest: Getting buy-in from the board - advice for CIOs