Cyber attackers hold key advantage, needing success only once every 100 times

A heavyweight panel at the CYBERSEC conference surveyed the current state of cyber defense amid looming threats from adversaries and highly complex relations between cyber-capable nation-states 

Photo: CYBERSEC

Cyber attackers have a huge advantage over defenders because they have few rules to live by and only need to be successful one time out of 100, whereas defenders must be successful every time, according to a panel held Tuesday at a major cybersecurity conference. The panel was hosted by Amir Rapaport, Founder and Editor-in-Chief of Israel Defense.   

The panel, titled "Forward Defense Postures in Developing Cybersecurity Capabilities", took place as part of CYBERSEC Global 2020 that was held digitally September 28-30 from a main stage in Poland. 

CYBERSEC, which was launched in 2015, is an annual public policy conference dedicated to strategic security aspects of the global technology revolution. It is also one of the biggest cybersecurity events in Europe. The event is attended by politicians, distinguished academics, representatives of the private sector and important international institutions. Like many other large-scale events in recent months, CYBERSEC Global 2020 was held digitally due to the impact of the COVID-19 pandemic, with speakers participating via videoconferencing. CYBERSEC's central theme this year was "Together Against Adversarial Internet". 

Tuesday's panel brought together host Amir Rapaport, Founder and Editor-in-Chief of Cybertech and Israel Defense; Anna Fotyga, European Parliament Member, NATO Reflection Group; Brigadier General Karol Molenda, Director of the National Cyber Security Center of Poland; Rob Joyce, Special US Liaison Officer, London; and Major General (Ret.) Brett Williams, former Director of Operations of the US Cyber Command, who is Co-Founder and COO of IronNet Cybersecurity.  

The panelists exchanged views on a range of issues including offensive and defensive cyber operations, including those of NATO, as well as the integration of the cyber efforts of sovereign states. The continuously expanding landscape of threats, such as malware attacks on national infrastructure and meddling in domestic affairs, is seen as obligating European and transatlantic allies to find new means of defending themselves.

The need for innovative and outside-the-box cyber solutions is as crucial as ever under the current circumstances with the COVID-19 pandemic rapidly accelerating digital transformation, affecting all aspects of our lives. Cybersecurity has become a major component of the political and strategic agendas of many countries and organizations.    

During the panel discussion, European Parliament Member Anna Fotyga, former Minister of Foreign Affairs of Poland, emphasized the importance of NATO's role in dealing with cyber warfare. "We face cyberattacks in many areas, both civilian and military, and actually it is extremely important for us to understand the necessity for maintaining the transatlantic alliance." She noted that "It was and still is the problem of EU member states and NATO alliance to precisely and quickly attribute attacks. I think keeping the tech edge intact is extremely important." 

Cooperation with the EU is a key part of this effort, Fotyga said. "We see the necessity to come closer, to harmonize legal systems enabling us to act collectively in many areas, yet I think that differences and traditions of various EU member states makes it quite difficult." Regarding defense issues, the former minister said NATO has to predominantly rely on collective knowledge but this collaboration is full of challenges, and more discussion is needed about the division of work and the tools that are at the EU's disposal.

Major General (Ret.) Brett Williams, COO of IronNet Cybersecurity who served as Director of Operations for the U.S. Cyber Command from 2012 to 2014, said there is a misunderstanding of the dynamics of cyberspace, even among some military leaders who "haven't completely grasped the difference between cyberspace operations and some of the operations in physical space." However, he said there is now much more precision in cyberspace operations so it is possible, for example, for the cyber command to tell a decisionmaker exactly which target will be hit and what will be impacted. Still, "we can't afford to sit back and wait for the attack. Our adversaries are all the time probing, they're trying to get position, they're trying to understand how they generate those effects against us, and that becomes a tactical difference, if you will, in cyberspace. We have to do the same thing." 

According to Williams, attackers have a huge advantage because unlike defenders they have few rules to live by, and "if they're successful one time out of 100, then they're probably very successful, whereas the defender has to be successful 100 times out of 100."  He noted defenders must constantly look for intelligence on capabilities and intent so that they can focus their efforts on the attackers who are most likely to do them damage.

As for other threats, Williams said cyber has made influence operations more effective because a lot of people get their news on social media and they tend to believe what they see. "It's disturbing to me that we're so vulnerable. I think that some of the countries of the former Eastern Bloc learned how to deal with this a long time ago. And we need to figure out as a democracy how to be stronger against this kind of threat. So I don't look at it as a unique cyber problem but there are certainly things that we can do in the cyber domain to reduce this influence." 

Also on the panel was Brigadier General Karol Molenda, Director of the National Cyber Security Center of Poland, who gave his perspective as his country's cyber czar. Regarding offensive cyber operations, he said there is concern among some countries that a cyber weapon could be stolen, copied, changed or even be used even against them, and as a result they are unwilling to disclose the specifics of offensive operations in an international environment. "NATO as an organization does not intend to develop any offensive capabilities of its own in cyberspace," he said. The general emphasized that "From a Polish perspective, we invest in cyberspace defense forces and we strongly believe that ensuring freedom of action of friendly forces in and through cyberspace while denying the same to adversaries should be the mission of such cyber defense forces."

Countries must pay attention to the threats and monitor what's going on, how cyberspace is changing and which new threats have emerged, Brig. Gen. Molenda said. "In most cases, we are a military unit, we pay attention to military networks as critical infrastructure," he pointed out, but emphasized that there are developments in cyberspace such as 5G, internet of things and lots of connected devices that pose a security challenge not only for Poland, but all countries. It is also crucial to monitor the security of infrastructure and how the infrastructure could influence the security of the country, the general added. 

Another panelist who provided insight into forward defense postures was Rob Joyce, the senior National Security Agency cryptologic representative in the United Kingdom. He said it is very important not to allow the adversary to run information operations, cyberattacks, and penetrate networks. Despite such rising threats, he said the world is better prepared because it has experienced cyberattacks. "We understand ransomware, things like WannaCry, that information ops are actually able to affect us economically or as a nation, the fabric of democracy, the way that we are being put at odds with each other at times. So I think that recognition and understanding is the first step along a journey that takes investment, collaboration, new policies and new innovations." He said authorities have to watch the role of artificial intelligence, predicting that it will be weaponized for influence campaigns.  

In addition, Joyce, a former Special Assistant to the President and Cybersecurity Coordinator at the White House, addressed the topic of NATO's cyber posture. "When you think about NATO, we can't assess the readiness of our forces without accounting for the security of those networks. And so if we're going to rely on them in a time of war, we've got to be preparing now in times when we're not at war, and when the enemy is actively going in and probing and doing reconnaissance against those networks. So NATO has fought alongside each other in the physical world, now's the time to train and operate together so we can defend both in times of crisis and times of urgent need."