Former US Cyber Official Warns of Russian War RepercussionsFormer Presidential Adviser Richard Clarke Advises US Orgs to Go 'Shields Up'
A former top U.S. cybersecurity official warns that the conflict in Ukraine will likely worsen before showing any signs of improvement, including potential cyber escalation with the U.S. and its NATO allies.
In an event on Wednesday hosted by Shared Assessments, a member-driven organization that promotes third-party risk management best practices, Richard Clarke, former special adviser to the president of the U.S. on terrorism and cybersecurity, and current chairman and CEO of the risk management advisory firm Good Harbor, urged U.S. organizations to go "Shields Up" and allocate additional resources, where possible, to cyber defense. This, he said, may prevent the "worst-case scenario" - something he says has already played out in Eastern Europe.
The increasingly complicated Russia-Ukraine crisis has triggered a rise in cyberattacks against Ukrainian ministries, as well as a free-for-all among the digital underground - with hacking collectives waging all-out war and the Ukrainians amassing an "IT Army" of some 400,000 members to attack Russia's digital infrastructure. Clarke told risk managers in attendance that this dramatic escalation and the potential for spillover into U.S. or NATO-member networks must not be overlooked.
Clarity in the Situation Room?
"U.S. intelligence came to the conclusion as far back as November that Putin was thinking seriously about this," said Clarke, who served Presidents Ronald Reagan, George H.W. Bush and Bill Clinton as special adviser for cyberspace, global affairs and security and counterterrorism. "Why is it, therefore, that lots of people, including I think perhaps even President [Volodymyr] Zelenskyy in Ukraine, didn't believe it? The reason comes down to 'first occurrence syndrome': Nothing like this has ever happened before on this scale, in the lifetime and memory of adults today."
But Clarke credited the Biden administration with "believing" the intelligence, monitoring it and reportedly commencing a series of mitigations - including tabletop exercises in the Situation Room and uniting the NATO alliance.
He also noted that in the heat of war or geopolitical tension, decision-makers are often forced to move quickly or, unfortunately, receive flawed information.
"Because of the volume of information, they also miss things," he said. "This is one of the reasons why I'm a big advocate of training for crisis management - having exercises that are realistic and put the actual decision-makers, not their deputies, through the wringer."
Clarke urged risk managers to ask even harder questions, including:
- What if the organization's backups fail?
- What would happen in the event that no company phones or laptops work?
- Can you put more eyes on glass in the SOC?
- Can you outsource some of the SOC function to an MSSP?
He encouraged incident responders to ensure data loss prevention software is in place, turned on and active; he also urged teams to ensure multifactor authentication extends laterally across the network. And the former federal official said security teams should consider a higher patching frequency.
Such measures, he said, "take time. They take money. … But, if ever there were a time to do that, it's now - and for the next month or so."
Luckily, Clarke said, U.S. cyber officials at the Department of Homeland Security, and particularly its Cybersecurity and Infrastructure Security Agency, have produced key guidance for U.S. security teams to go "Shields Up."
To estimate what's next, Clarke said, it remains important to "get into the mind of the person on the other side of the table." That said, he estimates that President Putin's formative years as a KGB officer may have left him wanting to "recreate something like the Soviet Union" or "the greater Russia that he grew up with and loved."
And for weeks, experts have been guessing whether Putin, as part of his offensive, will next employ more crippling cyberattacks.
Clarke, however, says Putin recognizes that there is an "escalatory ladder" when it comes to cyber military strikes. He said: "The person being attacked has a lot of motivation to respond not with a cyberattack, but with a conventional war attack."
Nonetheless, the former official urged security and risk practitioners to remain cognizant of the evolving shape of the war. In fact, he said, the "hybrid" tactics have grown more complex. He estimated that disinformation will continue to be peddled across social media channels.
But to keep up the campaign, Putin will likely need to address his weakened economy, Clarke said.
"He can't switch from being part of the global economy to being an isolated economy - they can't do that overnight without collapse. They're going to have companies failing, unemployment and a lot of economic dislocation. They will find ways over time to get around the sanctions somewhat. And they will find ways to do deals with countries like China that will mitigate the sanctions. But you can't do that fast. So for a period of time, it's going to really hurt."
U.S. officials have warned that as the Russian economy reels - including record low value for its currency, the ruble - Putin could escalate the cyber stakes, or even have elites or entities skirt sanctions by resorting to veiled cryptocurrency transactions.