How to Start a Cyber War: Lessons from Brussels-EU Cyber Warfare Exercises

Christina Kubecka, CEO, HypaSec twitter, linkedin
abstract slides video

This talk was a fascinating discussion of the interactions between technology, computer security, economics, and geopolitics.

Cyber War Scenarios

Scenarios discussed included:

• A leak from an embassy staff family member

• A breach from an intelligence agency mixed with a splash of extortion & tool leakage

• Attacks against critical infrastructure across the EU and NATO members causing mass casualties

Elements of these scenarios are based on a combination of events that have actually happened as well as incidents that could feasibly occur.

For each scenario, attendees had to make tough decisions on how to respond. Should what occurred be considered “cyber warfare”? Should their country respond by doing nothing, rebuking the events, recalling or dismissing their diplomats from the responsible country, declare solidarity with the victims, hack back, declare war, deploy nukes, some combination of these, something else?

How It Worked

Teams were switched between each scenario and given a different team advisor.

One thing that scared Chris was that there was no scenario in which everyone was able to come to a unanimous consensus. When attendees were broken up into smaller teams, though, they generally could come to a consensus.

The key takeaway was the importance of preparation. Many of the attending member states hadn’t done much preparation for these types of scenarios and hadn’t thought through what domino effect could occur.

For example, attacks on gas infrastructure could cause gas shortages, which if severe enough, could lead to police or ambulances not being able to respond to emergencies when needed.

AI in Warfare

Many countries are investing heavily in machine learning and AI, which will likely have huge impacts on warfare in the future.

Image/facial recognition, natural language processing, sentiment analysis, and other areas all have military applications.

We may see a future in which algorithms created by algorithms are deciding between life and death.

Conclusions

These types of scenarios are already occurring. They have happened, and will happen again in the future.

Many times dealing with these types of events takes friends. Do you know who your friends are? One of the problmes in the EU right now is they’re unsure.

Making assumptions that other people will take care of security doesn’t work.

Questions

The Q&A section was really interesting. Here are a few of the parts that stuck out to me.

Yes, in the way it would be executed, among other things.

About 6 months before any Russian boots were seen in the Crimean region, a researcher out of Ukraine found that a bunch of smart TV systems were being controlled by someone else, and channels were being switched to pro-Russian propaganda stations. They were trying to build support of Russia and specifically targeted the Crimean population.

One challenge is that many EU nations disagree about jurisdiction during investigations or events that cross borders. Sometimes when you want to go after someone you can’t, which is a huge problem.

The EU actually leans heavily on the FBI to come out for major events.

The FBI assists with evidence collection, sorting out jurisdiction issues, helps with attorneys, puts pressure to try to extradite people, and is effective at getting proof/evidence from various countries. The FBI has significant valuable expertise.

The U.S. government shutdown has caused a problem for other countries, in that U.S. government agencies haven’t been able to help as they otherwise would.

A huge problem. Brexit is taking away the biggest military from the EU. If they also leave the Five Eyes, this will cause other member nations to lose valuable intelligence info.

We’re already seeing these effects now - they couldn’t come to an agreement on a border in Ireland so last week there was a car bomb.