RSA Conference or Black Mirror? Either way, we're doomed ... probably

RSA Conference The RSA Conference this year had a decidedly Black-Mirror-meets-modern-warfare feel to it, with AI permeating almost every session, and conversations about geopolitical threats happening as frequently as plans to meet for cocktails.

Cisco's former CEO John Chambers predicted that AI will be bigger than the internet and cloud combined "in every aspect of defense," while retired US Army general Richard Clarke forecast a future where warfighters battle swarms of autonomous ships and planes.

Acting US National Cyber director Kemba Walden reminded attendees that the "first 'shot' in the current Ukraine conflict was a cyber attack against a US space company." Meanwhile, Kevin Mandia, CEO of Mandiant at Google Cloud, said his firm tracked 55 zero-day exploits in 2022, with China leading the pack.

"Folks, we are in a whole 'nother planet when it comes to zero-day exploitation since 2019," Mandia said.

While this macro-level security talk may seem a bit heavy-handed for a largely enterprise-security focused event, it shouldn't, according to CrowdStrike chief security officer Shawn Henry.

"The alignment of Russia and China, and China and North Korea, and Iran and Russia: It's disconcerting," he told The Register, during an interview at the show. "When I'm thinking about military alliances or intelligence alliances between certain countries, cyber [is] one of the issues they're aligned on and discussing and sharing."

Western governments have been warning about the cyber threats aimed at critical infrastructure coming from these Big Four nation-state actors for years and, more recently, lofty claims of AI-related threats from China and others. 

Additionally, Russia entered the AI race this week, with its own version of ChatGPT, he noted.

C-suite execs should be paying attention to these developments, Henry said, adding that these geopolitical threats are just as important as, say, protecting your perimeter.

"When I talk to CISOs, and when I talk to executives, and I talk to boards, I talk about cyber being a tool in the arsenal of every single nation state," Henry said.

"There's not a first world government that's not developing these capabilities, if for no other reason than to better inform themselves as they defend their own infrastructure. So this problem only gets bigger."

• Future of warfare is AI, retired US Army general warns
• US National Cyber Director: Fending off cyber threats in space is 'urgent,' needs 'high level attention'
• US alleges China created troll army that tried to have dissidents booted from Zoom
• Let's play a game: Deepfake news anchor or a real person?

From a commercial perspective, this puts a target on the back of businesses operating overseas – whether that involves building manufacturing plants or opening retail shops, he added.

"If your responsibility is to protect the assets of your company, you need to be thinking broadly about what's happening in the world, and not just about the ones and zeros," Henry said. "The second most powerful weapon in [a nation's] arsenal after nuclear weapons is cyber capability."

Henry cited Russia's destructive cyberattacks against Ukraine, which began before the current invasion and include the NotPetya intrusion in 2017. 

"Three nations have launched destructive attacks against the commercial sector, inside the United States of America," he said, noting the Department of Homeland Security and FBI's warning about Russian hackers breaking into energy-sector networks and distributing malware that would effectively allow the Kremlin to shut off the power supply if it wanted to. This, of course, could have catastrophic results.

"If you turn off the power in any major city for more than a few days, people will start to die. Do it in the middle of the summer, or the height of the winter, in the North or in the South, and it will happen expeditiously," Henry said.

"You can't pump gasoline, you can't move water. It all relies on electric energy, and that all relies on TCP/IP – it's all internet connected. We have built a society that relies on the internet for us to survive."

Fake news works, too

However, beyond disrupting critical infrastructure, nations can deal cyber blows to their adversaries via misinformation campaigns. The US has seen this with Russian election trolls since 2016, as well as the Chinese YouTube and social media campaigns that aim to deepen political, social and racial divides. These campaigns allow other countries to influence the way Americans think, Henry opined.

"Yet another reason adversaries are developing these capabilities is because when you change the way people think, you're able to inject misinformation into the conversation and cause people who are allies to distrust each other," he explained. "You're weakening your adversary, and you are in a better position to have a negative impact."

Plus, the barrier of entry to misinformation operations is "pretty low," Henry added. "I can make something up and tweet it out."

When miscreants start using AI and developing better deepfake technology, however, the misinformation becomes more believable and the campaigns increase their reach.

"The more sophisticated you can get, the more likely it's going to spread," Henry said. "And the more likely it's going to be believed." ®