#BHEU: Attribution & Offensive Capabilities Changed Cybersecurity in 2018

Written by

Delivering the opening keynote at the Black Hat Europe conference in London, Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, spoke of the 2007 attacks by Russia on her home nation of Estonia, and how it was “primitive by today’s standards” but enabled the country to build better defenses and its e-government services.

Kaljurand said that Estonia was one of the first countries to introduce e-government, e-police and e-taxation among thousands of services, and while the attacks were “humiliating and disturbing” it enabled its resilience to be “proof tested.”

She added: “More than 10 years have passed and many things have changed and improved, but some things are as important today as in 2007. What did we learn? The importance of decision making, and having cybersecurity high on the political agenda.”

She also discussed the need for an “all nation approach” with all stakeholders involved, including civil society, industry, academia and international cooperation. “Cyber doesn’t have borders, if we want to be efficient we need to operate with others,” she argued.

Echoing comments made in the conference opening by Black Hat founder Jeff Moss, Kaljurand said that in 2004, when Estonia joined NATO, no-one was talking about cybersecurity, but in 2018, everyone is.

She went on to say that for the first time in history, a single state working alone cannot be efficiently dealing with attacks “and in a sphere where civil society is the watchdog, our responsibility is to keep exchanges secure.” The state has a role to play in preserving trust, she said.

Looking back at 2018, Kaljurand said that two things changed: the evolving state practice of attribution and increased offensive capabilities.

For attribution, she said that “too little and too late had been done by nation states,” and she called the attribution of the NotPetya to Russia by the UK a “breakthrough” as it was backed by other nations, but not by western Europe.

In terms of offensive capabilities, she said that for years it was “not OK” to talk about them, and Australia was the first to confirm it had an offensive capability in 2016, while NATO embraced the use of cyber-weaponry in the same way as land, air and sea in November 2017.

“It is a good thing that conversations take place, as whatever countermeasures taken, they have to be in correspondence with international law,” she said. “It raises many questions including private hack backs, but better to have it than have it behind closed doors.”

Kaljurand concluded by saying that it is time for nation states to form real, working partnerships, and for “cyber-giants to take responsibility and operate.”

She said: “We have the ability to contribute to the discussion more than ever before, so the initiative starts at the bottom. Take it seriously and support each other and governments will listen to us more.”

What’s hot on Infosecurity Magazine?