Headline
Black Hat USA: Former CISA director Chris Krebs warns clouds of cyberwar are circling Taiwan
Attack on Taiwan seemingly a case of ‘when’ not ‘if’ Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), is “bearish in the short term, bullish in the l
Attack on Taiwan seemingly a case of ‘when’ not ‘if’
Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), is “bearish in the short term, bullish in the long term” on the prospects for US national cybersecurity.
The ex-director, now a founding partner of Krebs Stamos Group, told an audience at Black Hat USA that a likely Chinese attack on Taiwan meant organizations had to act now on securing their supply chain resilience during the opening day of the annual conference, this year held both physically and virtually.
Krebs addressed attendees on the conference’s 25th edition as the opening keynote speaker.
Taiwan in dire straits
Earlier, Black Hat founder Jeff Moss introduced the talk by reflecting on how Russia’s invasion of Ukraine had awakened the infosec community to its power to help the government defend human rights and tackle “mis, dis, and mal information”.
Krebs, who served under President Donald Trump, said organizations, too, had an obligation to have principles and red lines in place before further geopolitical conflagrations – for both ethical and self-interested motives.
Catch up with the latest cyber warfare news
US officials had indeed told him that a Chinese attack on Taiwan was highly likely at some point, as Krebs warned that organizations should “manage risk yesterday” and physically segment their networks in Taiwan starting “now”.
Workforce shortage
Krebs noted that he found it “confounding” that the cybersecurity workforce continues to face workforce shortages. After all, the cybersecurity career was fun, lucrative, durable, fascinating, and, given that national security was at stake, meaningful, he said.
One key to addressing growing cyber-threats is providing more opportunities for young people to experience coding and to instil “critical thinking skills”, he said.
Thankfully, Krebs took hope from an increasingly tech-native workforce.
Another reason for cheer was that though “a CEO that sees cyber risk as business risk is rare, that is changing post Colonial [Pipeline ransomware attack].”
Unthinkable complexity
The workforce gap is fuelled by, as Krebs described it to a US congressional committee, society’s “pathological need to connect everything to the internet”, resulting in a ballooning attack surface.
The targets are increasingly complex too, to the point where even experts struggle to understand what Neuromancer author William Gibson prophetically called “the unthinkable complexity of cyberspace”.
Every country in the world – not just China, Russian, Iran, and North Korea – is seeing the internet as the “fifth domain”.
Meanwhile, ransomware groups are capable of exploits that were sole preserve of nation states only few years ago, and that following NotPetya and SolarWInds more novel, innovative attack techniques were inevitable, he warned.
The government should help the country prepare for the unforeseeable threats of tomorrow in its role as consumer, enforcer, defender, and enabler. As a consumer for instance, he said: “The US Department of Defence the largest customer of big tech firms” with “incredible purchasing power – they have to use it.”
He also said CISA is, and must continue to be, apolitical.
RECOMMENDED The best Black Hat and DEF CON talks of all time