In-brief: In this Security Ledger Podcast, Editor in Chief Paul Roberts speaks with Dmitri Alperovitch about the latest trends in sophisticated cyber attacks, and how Russia’s hacking of the U.S. election and weaponization of stolen information is likely to influence the U.S. government’s response to future hacks – responses that might not take place in cyber space.
It was another exciting week on Capitol Hill last week, as the rocking and rolling first 100 days of the Donald Trump Administration approached its midpoint. These days, there are plenty of question marks hanging over the United States 45th president: from his unsubstantiated allegation that President Barack Obama wire tapped his office in Trump Tower during the campaign to contradictory comments he and his staff have made about their contact with the Russian government and intelligence services. And that’s not even considering the Administration’s stated plan to dismantle the Environmental Protection Agency or bar immigration from some majority Muslim countries.
Amid all that policy tumult, however, cyber security presents one of the few areas where the Trump Administration and its vision have been greeted with cautious optimism within Washington D.C.. But is that optimism warranted? And what does the Trump Administration’s stated preference for more cyber offense mean for the balance of power in the information realm?
I sat down last week to talk about these issues and others with someone who should know: Dmitri Alperovitch, the co-founder and Chief Technology Officer of the firm CrowdStrike. Dmitri is one of the most respected authorities on nation-based hacking and other so-called “advanced persistent threats,” or APTs. His firm was deeply involved in sorting out the attacks on the presidential campaign of Hillary Clinton and the Democratic National Committee.
Despite the brash pronouncements of the Trump Administration about the need for more offensive hacking, Alperovitch said that most policy makers he speaks to in Washington D.C. look at cyber activities through the much more sober prism of U.S. power at home and abroad. Information warfare, he notes, is just another theater of warfare and the U.S. is fast learning to treat it as such: bringing the full arsenal of kinetic weapons, sanctions and other tools to bear on countries caught hacking.
The important thing about the role of Russian hackers in the 2016 election was not that the hacks occurred, he said, but the impact of those hacks on the race itself and the way information that was stolen from political campaigns and parties was “weaponized” and used to undermine trust in one candidate and party, and in the broader democratic process.
Alperovitch said that the response to those acts may span both the physical domain and the cyber domain. “They’re starting to treat cyber as another problem out there. They’re asking ‘who are the actors and how can we deter them in various ways.”
Listen to the rest of our conversation by clicking the podcast link below, or visiting The Security Ledger Podcast on iTunes.