Internet and digital technologies that create cyberspace are transforming society, business, and politics. People respond to new opportunities online, react to cyber threats and change their behaviour accordingly. States compete and are increasingly weaponizing information to gain advantage, breaking into other countries’ networks to steal data, seed misinformation or disrupt critical infrastructure.
Merle Maigre, Senior Cyber Security Expert at the e-Governance Academy of Estonia and Ciaran Martin, Professor of Practice at the Blavatnik School of Government, University of Oxford, formerly the founding Chief Executive of the UK National Cyber Security Centre, discuss:
- motives and impact of cyber-attacks;
- aspirations and capabilities of China and Russia;
- how to deter and build resilience;
- how to prepare for attacks and exercise;
- attribution and transparency.
- Data can be monetized, and the more data sets the better it is to do that. But there is a difference – whether stealing the last four digits of a bank account of 100 million users or to steal the security clearance forms of one million officials.
- The rhetoric about cyber retaliation is escalating, heightening the pressure for tough action.
- There is a technical aspect in hardening defences and building redundancy in data and services, but the core of resilience is leadership that does not ignore the problem.
- We need to make sure that our services, our society and especially the critical infrastructure keeps on going also when under attack.
- There’s also the aspect of whether and how transparent the management is, be it the management of a private company or the leadership of a country, how transparent the decision-makers are about the situation at hand, whether they decide to classify the information or whether they decide to share it with the press and public.
- You don’t have to have a political motive to cause real harm in cyberspace.
- [Cyberspace] has become a theatre for great power conflict but well below the threshold of war, and well below the threshold of things that would trigger interventions.
- We don’t want to undermine confidence in our own democratic systems by overstating the impact of these Russian operations.
- Who owns cyberspace, and who runs it and who designs it? It’s going to be as important as keeping ourselves safe.
- I think about [cyberspace] as an environment of peaceful human activity and cyber campaigns and intrusions are pollutants in that environment.
- We spent fortunes on building up against non-existent catastrophic threats and we don’t then look at the supply chain compromises; we don’t look at resilience measures which are crucially important.
- In cyberspace the best form of defence is defence.
- We need to start thinking about cyber security not just as something we need to do for ourselves, but as a national and international public good for our own countries and our allies.
- There is something about reassuring the public that you know what’s happening. So even that can be an argument for attribution in and of itself.
Sit back, relax and enjoy the food for thought. Share your thoughts on the talks on Twitter using #LMC_Talks and/or on Facebook. You can find us on Twitter @ICDS_Tallinn and on Facebook @ICDS.Tallinn.