Cybersecurity, Geopolitics, and Information Warfare in the Modern Age
May 9, 2023 | AUVSI News
On Tuesday, May 9, XPONENTIAL 2023 featured keynote speaker Alex Stamos, a cybersecurity expert, business leader, and entrepreneur whose career has focused on improving the security and safety of the Internet. The former Chief Security Officer of Facebook and the former Chief Information Security Officer at Yahoo, he is currently an Adjunct Professor at Stanford University, where his teaching and research focuses on international security and cooperation.
Stamos discussed how as uncrewed technologies become increasingly prevalent, it is crucial to establish a framework for cybersecurity to mitigate the risks of cyber-attacks and geopolitical drivers.
From consumer-level hardware to coordination systems to cloud technology developers, all segments of the uncrewed industry can be considered a risk target to revolutionized warfare and must act as defense contractors, with all necessary protections. Stamos warned of the nature of foreign threats, and the persistence with which adversaries like Russia and China will work to hack into American companies, no matter the time or resources it may take.
Defending against threats
While you can’t predict when a cyber threat may hit, Stamos discussed that organizations should be prepared for all potential scenarios, and that continuing to thrive will require being able to quickly and securely implement pre-made decisions across distributed enterprises at a global scale. He emphasized the following levels of defense:
Technical Controls: Create transparent controls allowing for open, low friction productivity. These include:
-
Low-impact, high-resolution endpoint monitoring.
-
Zero-trust controls that eliminate the use of non-secured devices.
-
Proactive, trustworthy development environments.
-
Adaptive authentication with MFA.
-
Adaptive authorization with low-friction escalation paths.
Cultural Shifts: Insider trust is more than technical controls on IP- it is about protecting and retaining critical staff. This can be accomplished with clear policies on data access backed by employee education, as well as a mindset of treating staff as potential victims, not suspects, with empathetic reporting mechanisms for employees under pressure.
Verification and continuous improvement: Static defenses do not work in dynamic companies with professional adversaries. Regular cybersecurity team exercises can validate controls, discover new risks, and sharpen response ability. Santos also suggested implementing a thread intel function to actively monitor groups interested in the space, collaboration with appropriate US Government groups, and coordination across the industry to build collective defense networks.
