How do you hunt cybersecurity threats in a war zone? Like this
The Reg speaks to a founder of Cisco Talos Ukraine task force
Interview Leading up to Russia's invasion of its neighboring country, Cisco's Talos Intelligence Group established a dedicated cybersecurity-threat-hunting unit on the ground in Ukraine to protect people and critical infrastructure in the war zone.
"The goal was to be able to get very aggressive, and to be able to help supplement a nation that's been invaded," JJ Cummings, Cisco Talos national intelligence principal, told The Register.
This involves sifting through massive amounts of data to determine whether abnormal network activity is just IT gremlins or serious threats, or someone playing video games as a temporary distraction from an increasingly brutal reality.
In a conversation with The Register, which you can watch below, Cummings discussed threat hunting in a war zone: how it works and the technology his team uses — including an automated early-warning indicator system Talos built specifically for Ukraine.
"We're certainly used to dealing with vast amounts of telemetry inside of Talos, but we're not necessarily used to going into each event in a very detailed level," Cummings said.
He also talked about the emotional toll that the past year has taken on the whole team, both those on the ground and the rest of the Talos staff off-site. It's very worrying for the US team, too, who may lose contact with their counterparts in Ukraine and have no idea what has happened to them, he said.
"I've got a number of personnel that work directly for me who are on site in the war zone," Cummings said. "And on any given day their availability may not exist for any variety of reasons — could be due to kinetic warfare that is directly impacting their region, whether it's a power outage because the substation was bombed, or there's a bombing that's occurring and they have to take shelter."
Cummings said he'd be lying if he said it didn't make him misty eyed. Frankly, just listening to him made us misty eyed, too. ®