Hybrid warfare is a global reality. The global supply chain means that any war will have cyber-attacks happening everywhere along the supply chain. In this holiday “Security Catchup,” list John Deni facilitates, Vishwa Padigepati, Dr. Sarah J. Lohmann, & Vytautas Butrimas in their report – What Ukraine Taught NATO about Hybrid Warfare.
Get a cup of tea, coffee, or your preferred drink, and take an hour to listen to the podcast here:
What Ukraine Taught NATO about Hybrid Warfare webinar (w/transcript)
Some of the points that resonated with me:
- Vishwa Padigepati explores unexpected risks. Critical infrastructure requires a capital investment that is spread out to a wide range of organizations. All the vendors, foreign investment, and “contractors” that are part of critical infrastructure build-outs are ignored risks. Her observations evoke interesting ways to penetrate that a State Level threat actor is bound to think about.
- Dr. Sarah J. Lohmann builds on Vytautas Butrimas’s opening “what happened” to point out how much we’re missing in deployed resiliency. Military operations have dependencies on the community’s utilities. If you deploy “micro-grid” systems to unplug, you find that most of these deploy “micro-grids” never consider the cybersecurity risk.
- Vytautas Butrimas started the session by walking through what we know thus far about the effectiveness of Russian cyber-operations. But listen to the Q&A session. Vytautas make critical points on how we – the world – are not ready for attacks against critical infrastructure. Our CSIRT/CERT community is heavily www.first.org oriented – which is more “computer data centers” and Internet-focused – not water-plant, gas pipeline, factories, shipping, transportation, etc.
2023 is not going to be the end of this war. It will continue with an expansion to impact the supply lines. Many of these supply lines do not realize they are a target of the Russian war efforts. Widely published work like this is helpful to everyone preparing their security resiliency capabilities.
Are you looking for more practical, public-service Security Advice?
- You can sign up for the mailing list for updates here: Stay Connected with Senki’s Updates.
- Subscribe to Senki’s YOUTUBE Channel for videos on this and other security topics.
- Ask questions to Barry Greene – bgreene@senki.org
The materials and guides posted on www.senki.org here are designed to help organizations leverage the talent around them to get started with their security activities. Start with the Operator’s Security Toolkit and Meaningful Security Conversations with your Vendors. Each is no-nonsense security for all Operators. It provides details to help them build more security-resilient networks. In the meantime, stay connected to the Senki Community to get updates on new empowerment and security insights.