Klon Kitchen, American Enterprise Institute Senior Fellow, meets with Yahoo Finance Live in order to discuss cybersecurity threats that hacker groups or Russian state actors might pose to American businesses and infrastructure.
Video Transcript
BRIAN CHEUNGNow, let’s turn our attention to the other side of this conflict, which is, of course the cyber aspect of everything. Cyberattacks come to the forefront as groups such as Anonymous commit to, quote “a cyberwar” against Russia. Let’s call Klon Kitchen (American Enterprise Institute Senior Fellow) who is also an expert in national security.
Klon, it was great to have your presence on the program today. Things are changing every day, you know. This isn’t a war that will be fought on the ground. It will be fought online.
KLON KITTCHEN:Yes, absolutely. Brian, it’s interesting to note that we expected more activity online than what we have seen so far. We are all trying to figure why. We don’t know if the Russians overestimated their cyber capabilities and chose not to take cyber action, or if some of these efforts were unsuccessful and then reversed.
However, one thing you mentioned about the Anonymous hacker collective is that the current environment is very crowded. There are state actors in Russia, Ukraine, and the United States, as well as its allies. There are private companies like Microsoft, Facebook that monitor active threats and take mitigating measures. You also have hacking groups such as Anonymous. It’s a very dynamic and crowded place right now.
BRIAN CHEUNGAgain, it’s not clear that the Russia-Ukraine invasion has actually been the beginning of cyber war between Russia, the rest of the globe, and Russia. We have seen attacks before this. Based on what we have seen from Russian hackers so far, where is the greatest risk? Are these large multinational corporations that Russia might be interested in destroying? Or are it individuals, with people’s credit cards accounts and ransomware that they accidentally opened through an email?
KLON KITTCHEN:They can do it all. They can do most of it simultaneously. This is one of the problems with cyber. What I see right now, I’ll probably divide it into two categories. One, in Ukraine, I think there’s a possibility of what we call tactical cybersecurity operations, which aims at suppressing Ukraine’s ability to use the internet or other digital capabilities. I think that’s going up and will be really significant going forward.
Russia also has a tendency use non-state hacking groups such as the REvil or DarkSide ransomware group to cause general havoc. These groups appear to be on a bit of a leash right now. Putin seems to be trying his best to manage the situation. He doesn’t wish to inadvertently escalate the situation outside of Ukraine. He can decide to reintroduce the friction in the system at any time he chooses. This can cause significant damage to both corporate targets and individual users.
BRIAN CHEUNGCan you elaborate a little more on how certain groups are sanctioned and controlled by the state? You know, it’s the form of an agency that is actually government-run with a bunch people and hackers who are doing this. Or are these informal relationships between the Russian government, some of these independent hackers that allow them to do this work?
KLON KITTCHEN:It’s all of these things. Many hackers, as well as the groups themselves, operate in collaboration with the government. These ransomware syndicates are worth your consideration.
They will operate independently of the government but with an unstated allowance. Moscow views their activities as a way to introduce friction into the system they find politically beneficial, and two, as a cost of having those capabilities available if the government ever requires them.
They do sometimes call them. They call them. When the government wants to maintain a veneer of denial, they will employ such groups and have them go after particular targets. Sometimes, like in the case of the invasion of Ukraine, ransomware hackers are arrested and then used by government services to further their skill sets. Russia enjoys the greatest freedom of movement when it comes to how it leverages these capabilities, and has proven itself to be highly capable of doing so.
BRIAN CHEUNGAlthough the main focus is still on Ukraine now, let’s not forget that the Russians could also target large websites belonging to the US government. What capabilities does the United States have to counter that?
KLON KITTCHEN:In terms of countering, cybersecurity is an offensive game. It’s impossible for anyone to protect against all the risks. You also know that the attacker has the advantage of speed and scale. Active threat mitigation and active defense are what we can do.
We do this by infiltrating the networks of our enemies to be able to see them coming before they launch an attack. These types of efforts are usually focused on the more sensitive systems. If we are referring to government websites and public-facing websites, these aren’t as important. We have the ability to interrupt or shut down the technical infrastructure used by many of these organizations to attack us.
This is a bit of a cat-and-mouse game because they can usually set it up again as soon as you knock it down. You don’t want to limit yourself to a defensive position. If the need arises, the United States, its allies, and other nations, will go on the offensive. This will be a more aggressive, expansive posture than simply trying to protect certain websites.
BRIAN CHEUNGAll right, Klon, American Enterprise Institute Senior Fellow. Thanks for stopping by Yahoo Finance today.