April's Cybersecurity & Geopolitical podcast is up!

April 15, 2021

Security has partnered with Cyjax to bring you an entertaining and insightful monthly Cybersecurity and Geopolitical vodcast on the enmeshing of cybersecurity and geopolitics and the new challenges and intriguing flashpoints these bring to enterprise security and risk professionals. Don’t miss this informative, insightful and entertaining monthly video podcast and find out the latest talking points affecting your industry, your career and the future of security. Watch Episode Three now!

NEW THIS MONTH: an audio-only version that you can listen to directly from our website or anytime you need. You can also listen to the audio version on Apple Podcasts, at The Security Magazine Podcasts!

(Listen to episode 3 right here!)

This month, Cyjax CISO, Ian Thornton-Trump, and Tristan de Souza (Editor and Head of Communications), discuss the Suez Canal and the issues of global supply chain management; continued SolarWinds debacle; nation-state attacks against cyber infrastructure; and international threat groups.

Issues in the Suez

As with most people around the world, the stranding of the Ever Given in the Suez Canal caught Ian and Tristan’s interest. The blocking of one of the world’s busiest shipping routes for almost an entire week hammered home the vulnerability of the global supply chain and the ease with which it can be disrupted. The cybersecurity parallels were apparent, too, with Ian pointing out that it illustrated how important it is to have a plan. The Ever Given was hundreds of miles from the nearest solution, leading to an extended wait for assistance, and hundreds of ships backing up in both directions. Was that the plan? It is hard to imagine it was.

SolarWinds blow and blow

This month saw yet another revelation in the continuing fallout from the SolarWinds hack. It now appears that the email account belonging to the former head of the US Department of Homeland Security’s was compromised. Other members of the department – which is responsible for safeguarding the US’s cybersecurity, among other things – were also accessed. This is espionage at another level: it may have set back intelligence operations by many months, or even years. Crucially, it appears the options for retaliation available to the US are few and far between. Jake Sullivan, President Biden’s National Security Advisor, has stated that the US plans to hit Russia in a way that will be apparent to the Putin administration, but not to the general public. Ian states we are at a “critical juncture” in cyber-diplomacy, and that we may well be in need of regulation of big firms.

America’s cyber conundrum

Talking of regulation, next on the agenda is the use of American infrastructure by foreign adversaries to perpetrate attacks against US targets. Cybercrime, now, according to Ian, is simply too damaging to business to be ignored. ISPs and other providers must give greater visibility and more scrutiny of who subscribes to and uses their services. The gathering of personal information is one way to do this, says Ian, but really it needs global cooperation. Even if the US were to enforce greater transparency, there is a possibility that ‘cyber tax havens’ will pop up that allow threat actors to operate as if they were in the US – or any other target country – whilst evading the scrutiny that comes from having infrastructure actually on the ground. While this is a risk, it would nonetheless be a step in the right direction.

How to rein in China?

Lastly, Ian and Tristan attempt to tackle the apparently intractable problem of China. The rules-based international business order is being undermined by a country that is clearly happy to cater to despots the world over (though this charge could equally be levelled at the UK in some areas of the economy). Retaliation from a cyber perspective is almost out of the question. Following the Microsoft Exchange Server debacle earlier this year, it is widely acknowledged that the Chinese threat groups involved left backdoors in every compromised server. Attacking Beijing in this way might result in swift reprisals. However, Tristan suggests we may be living in an era of Mutually Assured Cyber Destruction, whereby each side is so aware of the capabilities of the other, that both remain in an uneasy peace. As such, how can China be reined in? It seems this is too intractable a question for one podcast, with Ian acknowledging it may also be too big for today’s politicians.

If you enjoyed this month’s video podcast, give the others a watch here. The podcast (audio-only) versions can be found here or on Apple Podcasts under The Security Magazine Podcasts!

How can you advance your career in the security industry with the skills and competencies necessary to benefit your organization? What will the security executive and the security function of the future look like? Join us as we hear from veterans in the security industry about their experiences, their lessons learned, and best practices for advancing their careers.

Security measures today tend to focus on controlling access, albeit with limitations. Many organizations, for example, know how many people have entered a secure location, but not how many have left.