Cyber Attack Warning
with Jonathan Reiber, Vice President for Cybersecurity Strategy and Policy
BBC World | May 6, 2022
In this segment of BBC World News, Jonathan Reiber, Vice President for Cybersecurity Policy and Strategy at AttackIQ, speaks with BBC news broadcaster Victoria Fritz about the cybersecurity risks facing Ukraine and how the United States, NATO, and European Union have helped Ukraine improve its cyberdefense posture. Victoria also reveals to BBC viewers Reiber’s secret code name from his time in the Pentagon.
Victoria Fritz: Now cybersecurity experts have been warning of a growing threat from Russian hackers targeting critical infrastructure. Last month, the Ukrainian government revealed it narrowly averted a serious attack on the power grid of the country and it’s not just Ukraine that could be the target. Exactly a year ago the biggest fuel pipeline operator in the United States, you might remember we were covering it here on this program. Colonial Pipeline was hit by a ransomware attack that forced a major shutdown of part of its network, causing a squeeze on fuel supplies and prompting a number of states to declare a state of emergency.
Let’s bring in Jonathan Reiber, used to be known as “Cyber Reiber” at the Pentagon, former chief strategy officer for cyber policy at the Pentagon, and now joins us from Oakland, California. Thank you very much for joining us. Just how much of a threat do Russian cyber criminals pose Ukraine right now?
Jonathon Reiber: I mean, we know that Russia’s conducted attacks against Ukraine. It’s a question of how bad they’ve been and I think some of that will only be revealed over time. Microsoft released a report, I believe it was just a couple of weeks ago, and they said that there’s at least six separate Russia aligned groups in the country or Russia aligned groups that have conducted over 237 operations against Ukraine. This is Microsoft who then said that they believe that some of those operations would target civilian infrastructure.
So certainly there are attacks that are ongoing and I think it’d be wrong to say that Ukraine is not facing a significant cyber threat. General Nakasone, the general in charge of US cyber command and the director of the National Security Agency recently said, look, we need to see how it’s going to unfold over time. The one thing I will say is the United States and our European allies in NATO have spent a significant amount of time since Russia invaded Crimea in 2014, building up the defensive partnership, including cyber defense partnerships to help the Ukrainian government and the Ukrainian people harden their defenses, which could be helping quite a bit.
Victoria Fritz: So in your view, how well protected and prepared are the people running the critical infrastructure of Ukraine for these kind of attacks?
Jonathon Reiber: I think certainly, I wouldn’t speculate exactly how well prepared they are myself, but I think certainly they’ve been preparing for a Russian invasion for quite some time. They’ve been preparing for a Russian invasion, at least since the forces aligned on the border, but they’ve been preparing for cyber attacks for quite some time. Russia used this tactics in Georgia, in Estonia, across Eastern Europe. States have been wary about Russia what might do so. The level of investment is probably fairly significant.
Victoria Fritz: Okay. We are going to leave it there for the moment. Really interesting. We could be talking about this for a very long time and I’m sure it will be something we will revisit. Jonathan, thank you very much for your time.
You might also enjoy these additional resources:
Using MITRE ATT&CK and AttackIQ to Prepare for Known Russia-based Cyberthreats
This blog walks you through key known tactics and techniques, and highlights scenarios in the AttackIQ Security Optimization Platform that you can use today to test your defenses and improve your cybersecurity readiness.