Governments and businesses globally need to rethink the ways they deal with cyberattacks because what they are doing today is “manifestly not working,” Michael Daniel, a former cybersecurity adviser to US President Barak Obama told The Times of Israel on the sidelines of a cyber conference in Tel Aviv this week.
“We need to realign how we think about defense,” he said. “What we have been doing isn’t working and so we have got to come up with some different approaches to doing our network defense.”
Part of the reason for this failure is that “we keep trying to act like cybersecurity is a purely technical problem, and it is not,” he said. “It is also a political problem, it is an economic problem, it is a human psychology problem, and as long as we try to treat it like it is a purely technical problem we are not going to succeed.“
Daniel who was also a Cybersecurity Coordinator at the White House — leading the development of national and international cybersecurity strategy and policy for the United States — spoke about the trends that are driving the worsening of the cyberthreat today.
“We are making cyberspace bigger,” he said. “Every day we are hooking between 5 and 10 million devices a day, depending on who you believe.”
This space has been made “more complicated” because more and more devices are hooking up to the internet, dependence on these devices is greater, and more actors are getting access to cybertools that were once the domain of just a few high-end criminal groups and nation states.
Today “you have got a lot of different actors that are getting into the game. Both nations and criminal organizations,” he said. “You are also seeing a willingness to cross lines — being destructive in a way that you never saw previously.”
If once the aims were defacing websites, today the attacks are targeting power grids and running election interference.
For example, a global wave of cyberattacks that began in Russia and Ukraine on Tuesday wreaked havoc on government and corporate computer systems as it spread around the world. Britain’s parliament shut down external access to email accounts on Saturday following a cyberattack. Malicious software dubbed Crash Override or Industroyer was reportedly responsible for a 2016 power outage in Ukraine, while in May a worldwide extortionate ransomware attack, WannaCry, affected 10,000 organizations and 200,000 computers in over 150 countries, highlighting how vulnerable companies and nations are to the growing number of cyberthreats globally.
Telling people not to click on links and to continuously change passwords and patch up security gaps in software are instructions that are doomed to fail, Daniel said. Maintaining high security standards today is not simple, and people will prefer to go down the “easy path” even if that keeps them unprotected, he said.
What is needed, he said, is a concerted effort of collaboration by governments and industries, and also a deep understanding of the motivations behind the actions of hackers. These motivations need to be mapped out, a pathway to attaining these goals should be outlined and then methods to foil these plans need to be put in place, he said.
“We are reaching a strategic inflection point,” he warned. Countries like Israel, the US and Europe with their developed technologies have “leveraged cyberspace as the strategic asset for 40 years and we are reaching a point where if we don’t begin to address some of the cybersecurity problems we are facing, we risk the cyberspace becoming a strategic liability.”
Commenting on the US probe into the Russian involvement and hacking into the 2016 US elections, Daniel said Russia’s modus operandi of trying to intervene into the affairs of foreign nations is not new. Hacking and using the cybersphere is just a “new tool” they can use, he said.
“The Russians have had a long history of using information operations to try to achieve their national security goals,” he said.
Both the House and Senate Intelligence committees are probing the extent of Russian involvement and hacking prior to the election. The FBI is also investigating ties between President Donald Trump’s staff and Moscow figures. US security agencies have said they discovered widespread attempts by Russian hackers to access voter details and have pointed the finger at Moscow as being behind the hack and subsequent leak of Democratic National Committee emails.
On Wednesday, Daniel said in an interview with Israel’s Army Radio that he was confident that Russian hackers were not able to alter voting records during last year’s election, and that the outcome was a true reflection of how the American people voted.
What the US and the world should be thinking about is how to better secure electoral infrastructures, he said, and train the younger generation to become more discerning about the huge amount of the news and information they are fed in light of the growing trend of fake news.
National security vs. user protection
Dealing with a nation’s security needs and still protect the rights of citizens is a fine balance, Daniel said, and countries should take steps to ensure the right protections are in place.
“We want our intelligence agencies to do their job, to collect intelligence about adversaries who are potentially going to harm us,” he said. But to think this can be done without accessing the cyberspace “is unfortunately just naïve.”
“What you want is the right set of legal structures in place to ensure that what they are doing is legal and proper and proportionate,” he said. “What Western democracies should strive for is having the right structures and policies in place.”
“I certainly wouldn’t want to be the one to draw the line between what is acceptable content and what’s not,” he added. “But I do think it is something we have to continue discussing.”
Today Daniel heads a non-profit organization, the Cyber Threat Alliance (CTA), that includes 12 private sector cyber security vendors. The aim is to quickly allow the sharing of threat intelligence to better protect their customers against cyberattacks and to make the defense ecosystem more effective, Daniel said.
Israel’s Check Point Software Technologies Ltd. is one of the founding members of CTA whereas Israel’s IntSights, a Herzliya-based cybersecurity firm, is an affiliate member of the consortium which includes among others Palo Alto Networks, Intel Security, Cisco and Symantec.