Reticulate CEO Weighs in on the Rise of ’Hacktivism’ and More Sophisticated Cyber Attacks.

Blog

Reticulate CEO Weighs in on the Rise of ’Hacktivism’ – and More Sophisticated Cyber Attacks

By Anne Wainscott-Sargent

https://reticulate.io/wp-content/uploads/2024/02/Reticulate-CEO-Weighs-in-on-the-Rise-of-Hacktivism-1.jpeg

Moderator Carol Ann Dykes Logue with the University of Florida’s innovation Districts & Incubation Program opened Tuesday’s PowerSource Summit nation-state security panel. The panelists included Daniel McGowan of Microsoft, Aida Gourdine of SAIC, Adrian Gardner of The ChainBlock Company and Joshua Cryer of Reticulate Micro. (Photo by Anne Wainscott-Sargent, Reticulate Micro).

ORLANDO – A panel of cybersecurity experts weighed in on nation-state security and the threat of cybercrime on the global stage during day two of the PowerSource Global Summit hosted by NASA.

“You’ve heard about terrorism. Now we’ve got ‘Hacktivisim’ going on,” began the moderator, Carol Ann Dykes Logue, director of Programs and Operations for the University of Central Florida’s innovation Districts & Incubation Program.

“Nation-state actors are getting more sophisticated,” noted Daniel McGowan, Signals engineering manager for Microsoft Security. “They’re starting to be hard to observe and even harder to catch.”

McGowan noted that during the Ukraine – Russia conflict, actors attributed to Russia’s Security Services started to co-opt freelance hackers to amplify their capacity. “We’re also seeing the beginning of private sector mercenaries.”

Josh Cryer, CEO of Reticulate Micro, previously served in the Naval Special Warfare Development Group, where he built systems that countered cyber warfare activities by nation- states.

“Nation-state adversaries play by different rules,” he said, explaining that China is unique to other countries in having a “government-led orchestration ability” when it comes to cyber-attacks. Their structure “gives them a unifying capability.”

“With the advancements in generative AI and new cyber
capabilities, we have an obligation to adopt new methods and new levels of vigilance to counter the new ways that nation-states are attacking us,” Cryer added.

According to data compiled by IBM and Sonatype, cyber-attacks aimed at open-source suppliers have increased 742% year over year and cybercrime overall is the third-largest economy in the world – surpassed only by the US and Chinese economies.

“This is close to a $10T economy – we have to deal with it,” said audience member Ben Amaba, a Fellow with the Institute of Industrial and Systems Engineers.

Targeting Supply Chains

Cyberattacks are increasingly centered on disrupting global supply chains. An added vulnerability is the fact that many of the world’s microelectronics comes from suppliers in China and Southeast Asia. Most devices contain content from a potential foreign adversary.

“It’s going to take new technology to continue to maintain certain levels of resilience to ensure those supply chains are not compromised,” said Cryer.

Adrian Gardner, CEO of The ChainBlock Company, said DoD and other essential departments and agencies are still trying to map their supply chain vulnerabilities – something that isn’t widely understood.

“We’re throwing a lot of paper at this, but we’ve got to be agile like the adversary is because they’re changing rapidly,” he said.

Gardner described the CHIPS (Creating Helpful Incentives to Produce Semiconductors) Act as an intentional step by the US government to bring US chip manufacturing back to the United States, and called for everyone to look at the large players who are part of that CHIPS Act award and see how they are building resiliency into the supply chain.

The White House estimates that the US share of global semiconductor production has fallen from 37% to just 12% in the last three decades, while China’s share of chip manufacturing has grown nearly 50% over the past two years, now accounting for 18% of global supply.

When it comes to supply chains, adversaries will first target the smaller firms with the lowest security protections.

Nation-state actors such as China have much larger populations compared with the US, which underscores the need to invest in AI, machine learning and quantum technology.

Attacks to Intensify as Election Season Approaches

The panelists agreed that the number of nation-state attacks on US voting systems will intensify as the country gears up for November’s presidential election.

Aida Gourdine, senior cyber security manager with SAIC, said she expects the American electorate will see a lot more of AI-generated political videos and images on social media to influence the election, and that people aren’t likely to check on the accuracy of those feeds.

Cryer predicted that the country will see an increase in direct threats on infrastructure, including in locales where there are vulnerable voting machines. He explained that these techniques are classic examples of asymmetric warfare, where the enemy attacks physical infrastructure while spreading disinformation and engaging in social engineering.

Reticulate Micro is working on technology to mitigate deep fakes, which Cryer predicts will be “a pervasive and an ever-increasing problem.”

Enemies also will exploit cultural divides within the US. “We have a TikTok generation that wants to see a 30-second soundbite that…supports their perspective, so these are problems we are going to face.”

The Coming of Quantum

The panel also addressed quantum computing and other emerging technologies that will play a significant role in protecting encrypted data.

The panelists noted that quantum computing will be able to break traditional encryption that the world relies on within three years, and emphasized the importance of looking at companies in the critical infrastructure supply chain to ensure they adopt quantum cryptography, which is theoretically unhackable.

Gourdine isn’t optimistic that companies, particularly smaller firms, will be able to adopt the new quantum standards quickly enough, noting, “A lot of vendors still haven’t moved to FIPS 140-3 (the Federal Information Processing Standard that defines security requirements for cryptographic modules), so moving to quantum cryptography is going to be another challenge. We have smaller players who don’t have the resources – the R&D – to invest in it.”

Cryer added that even defense users of current type one encryption are going to have to change because they’re still using underlying classical mathematics.

“New math is going to be required to achieve extended entropy and extreme randomization of numbers that further help our encryption practice,” Cryer explained, before raising an important question: “How do we take quantum mathematics and apply it to our current technology that may not be designed to support quantum math?”

Reaction to the panel was positive.

“It was really interesting to see how the commercial industry is treating these different nation-state actors and trying to understand how we should approach the problem,” said Jackson Shaw, a member of University of Central Florida’s Collegiate Cyber Defense Club, known as HACK@UCF.

Victor Suarez, VP of the Club, expressed surprise at how quickly quantum computing was going to be an issue to data and critical infrastructure.

“I thought quantum computing would be an issue 10 or 15 years down the road but not now,” he said.

https://reticulate.io/wp-content/uploads/2024/02/HACK@UCF.png

Students from University of Central Florida’s Collegiate Cyber Defense Club were front and center at the PowerSource Summit's two-part cybersecurity breakfast panel held in Orlando on Feb. 27th. (Photo by Anne Wainscott-Sargent, Reticulate Micro).

Copyright © 2024 Reticulate Micro, Inc. | All Rights Reserved.