12-8-18
Dear Partners in thought,
I wanted to tell you about something I will work on when and if in Strasbourg (the European Parliament).
Cyber warfare and cyberthreats are omnipresent in our lives and a key issue for government, military and business communities not to say society today. These asymmetrical warfare and threats allow for “enemies,” whoever they may be, to inflict losses and disrupt far larger organisations than they are and for a very cheap cost. Cybersecurity is now an essential component of protection of not only our financial and strategic assets but also of our very Western liberal way of life like in the context of our democratic electoral process.
As you know, I have been a founding investor in the UK’s Cyber Essential Direct (CEDL), a start up, chaired by Lord Blunkett, formerly Home Secretary to Tony Blair and set up to assist the SME sector in the UK, but also internationally to cope preemptively with cyber risk. As such and while I can barely turn on my laptop as the 19th century man I always will be, I have become quite enthralled by cybersecurity tales over the last two years, helping me understand the geopolitics of the field and feeling a bit more part of my era (on this latter point, one does not need to be a tech expert, to study the dynamics of cybersecurity very much like those liking the matter of submarine warfare do not need to know how to pilot a sub).
With this in mind, I would like to recommend a short book “Cyber Wars” by Charles Arthur, a freelance journalist and former Tech Editor at The Guardian, the UK newspaper where he covered related topics such as Wikileaks and Anonymous amongst others. His book does not require any tech knowledge or cybersecurity expertise and is a great introduction to the field focusing on the major cyberattacks and the hacks we all have heard of over the last few years. This well-crafted book is mostly focused on the business targets of cyber attacks though these may emanate from governments or directed or abated by them. There is also a useful summary page after each case study, also comprising helpful tips for the reader’s own usage in case she may find herself dealing with similar situations in her daily life.
The main cyberattacks covered are as follows:
- Sony Pictures
How North Korea exerted punishment on Sony Pictures in 2014 for a satiric movie, “The Interview” involving Kim Jong-un
- Anonymous attacks/HB Gary
How Anonymous, the activist network, hacked into HBGary, and destroyed a leading cybersecurity company for revenge
- John Podesta and the 2016 Democratic presidential campaign
How a presidential campaign was derailed by Russian “patriotic” agents (for some) and likely “led” by Russia (for others)
- TJX
How adopting new technologies, a natural development, led to serious customer problems for TJ Maxx, a major retailer
- Ransomware
How malware can take over computers and threaten harm unless a ransom is paid
- TalkTalk
How teenagers infiltrated the systems of a major internet provider to then call its clients to fix problems from its supposed call centres
- Mirai
How the “Internet of Things” is not really safe, making our daily lives at risk
CA goes into the future of cyberwar offering very interesting viewpoints on a matter which is in constant evolution.
I would like to make a few comments, seemingly pell-mell, aimed at touching upon some key features of cyber threats and cybersecurity. It is fair to say that while we often hear about the attacks against Western institutions, be they public or private, the West also can be found on the offense and taking preemptive strikes against governments and entities, particularly in relation to China, North Korea, Russia and Iran to name a few. China was definitely the main culprit of cyber attacks in the past and this before all the publicity given to non-governmental “Russian patriots” being involved in interfering in elections in the West as often claimed and always publicly disavowed in the cases of the U.S. and French presidential elections of 2016 and 2017. Cybersecurity is now a major segment of offense and defence for governments, big and small, given the dynamics of the matter. Large corporations have taken the threat very seriously (notably banks whose payment integrity is essential but also energy companies and those involved in running the power grids that is one of the weakest link of our vital infrastructure) and are now ensuring that their supply chains, involving many thousands of SMEs, are appropriately protected, diminishing the risks of “own goals” by following the likes of Cyber Essentials guidelines promoted by HM Government in the UK and, increasingly, Commonwealth. One interesting feature of cyber warfare is that when the enemy has been penetrated, that victory is often not heralded as one waits and takes advantage of that enemy not knowing it has been compromised, an approach often taken by the West while parties attacking the West are more focused on disruption, ransom or theft and dont’t care whether they are caught as long as they reach their primary objective (some that can be hard to pin down precisely in terms of impact, like with elections, as opposed to when banking account or credit card numbers are accessed and stolen for profit). Cybersecurity is a complex area which requires attentive analysis, which the book, while; giving an easy-to-read tutorial, helps achieving.
We can’t be safe and the only way to be would be not to use email and unhook our computers, which is the conundrum of our times. Cybersecurity can help readiness, reduce losses whatever their nature, but is a constant fight where the defence struggles catching up with the offense, the latter which benefits from cheap asymmetry.
If any of you or the companies you work for or with wanted to know more, I would be happy to put it touch with John Lyons, the founder of CEDL, who would expertly and efficiently guide you on matters cybersecurity (without going into heavy marketing, I would recommend for example to all my PE friends that they should make sure their investee companies are preemptive about cyber attacks as they could end up feeling the pinch).
I actually dedicate this book note to John and Steve, partners not only in thought but also in the active defence of our values.
Warmest regards,
Serge
Serge Desprat- 12th August, 2018 (Prague)
Desperate Measures 