Security
Headlines
HeadlinesLatestCVEs

Headline

Black Hat USA: Former CISA director Chris Krebs warns clouds of cyberwar are circling Taiwan

Attack on Taiwan seemingly a case of ‘when’ not ‘if’ Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), is “bearish in the short term, bullish in the l

PortSwigger
#auth

Attack on Taiwan seemingly a case of ‘when’ not ‘if’

Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), is “bearish in the short term, bullish in the long term” on the prospects for US national cybersecurity.

The ex-director, now a founding partner of Krebs Stamos Group, told an audience at Black Hat USA that a likely Chinese attack on Taiwan meant organizations had to act now on securing their supply chain resilience during the opening day of the annual conference, this year held both physically and virtually.

Krebs addressed attendees on the conference’s 25th edition as the opening keynote speaker.

Taiwan in dire straits

Earlier, Black Hat founder Jeff Moss introduced the talk by reflecting on how Russia’s invasion of Ukraine had awakened the infosec community to its power to help the government defend human rights and tackle “mis, dis, and mal information”.

Krebs, who served under President Donald Trump, said organizations, too, had an obligation to have principles and red lines in place before further geopolitical conflagrations – for both ethical and self-interested motives.

Catch up with the latest cyber warfare news

US officials had indeed told him that a Chinese attack on Taiwan was highly likely at some point, as Krebs warned that organizations should “manage risk yesterday” and physically segment their networks in Taiwan starting “now”.

Workforce shortage

Krebs noted that he found it “confounding” that the cybersecurity workforce continues to face workforce shortages. After all, the cybersecurity career was fun, lucrative, durable, fascinating, and, given that national security was at stake, meaningful, he said.

One key to addressing growing cyber-threats is providing more opportunities for young people to experience coding and to instil “critical thinking skills”, he said.

Thankfully, Krebs took hope from an increasingly tech-native workforce.

Another reason for cheer was that though “a CEO that sees cyber risk as business risk is rare, that is changing post Colonial [Pipeline ransomware attack].”

Unthinkable complexity

The workforce gap is fuelled by, as Krebs described it to a US congressional committee, society’s “pathological need to connect everything to the internet”, resulting in a ballooning attack surface.

The targets are increasingly complex too, to the point where even experts struggle to understand what Neuromancer author William Gibson prophetically called “the unthinkable complexity of cyberspace”.

Every country in the world – not just China, Russian, Iran, and North Korea – is seeing the internet as the “fifth domain”.

Meanwhile, ransomware groups are capable of exploits that were sole preserve of nation states only few years ago, and that following NotPetya and SolarWInds more novel, innovative attack techniques were inevitable, he warned.

The government should help the country prepare for the unforeseeable threats of tomorrow in its role as consumer, enforcer, defender, and enabler. As a consumer for instance, he said: “The US Department of Defence the largest customer of big tech firms” with “incredible purchasing power – they have to use it.”

He also said CISA is, and must continue to be, apolitical.

RECOMMENDED The best Black Hat and DEF CON talks of all time

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig