Cyber Readiness on the Eastern Front

In my lifetime, four significant events have changed my perspectives on what security means in the European theater. These events profoundly impacted how we view safety, security, and risks to our nations, economies, and defensive strategies.

1. The Cold War
2. The Fall of the Berlin Wall/Glasnost
3. The Formation of the EU
4. The Growth of NATO

Each of these events, in various ways, led to the Ukraine invasion. We have seen fundamental changes in how nation-states, critical infrastructure companies, and organizations have had to rethink their approach to cyber security. As we face the ramifications of the latest invasion of Ukraine, we have seen how conflicts have evolved to be fought on five fronts:

1. Land
2. Sea
3. Air
4. Economic
5. Cyber

Last year, I spent as much time in eastern Europe as I did in the United States. I was primarily working with the U.S. Cyber Command, Mandiant, and other strategic security partners to enhance the cyber readiness of our allied aligned nations. Coming from the States, we need to remember the relative size and resources available to these nations to wage any type of warfare and how interdependent they are on each other for mutual protection.

The nations of eastern Europe range from the size of mid-sized U.S. cities to some of our smaller states. They have populations that are often under 3 to 5 million people, and their militaries are often the size of U.S. police forces. Combined, the nations bordering Russia are only about the size of the eastern seaboard of the U.S. and have less than a third of the population. They are willing to fight, but we should understand that we are referring to dozens of governments, infrastructure models, military capabilities, and degrees of cyber readiness.

When we think about the nation-state and cybercrime threat actors the nations bordering Russia are facing, they tend to focus on four target areas:

1. Critical Infrastructure
2. Military Capabilities
3. Intelligence/Intellectual Property Theft
4. Financial Extortion/Benefits

The war in Ukraine is more focused on the first three items on this list. I wanted to share my thoughts and observations about how the U.S. Cyber Command, NATO, the EU, allied nations, Mandiant, and SimSpace are helping countries bordering this conflict improve their cyber security readiness.

• Threat Actors - It is not just the Russians. Iran is also very active in attacking these nations. I have observed that Russia is attacking about half of these bordering nations, and Iran is attacking the other half. These threat actors ran trial attacks to reduce critical infrastructure (rail, power, water, military) and operational capabilities before the war. Those attacks have increased dramatically in the past year. The only good news is it does provide a roadmap for what needs to be improved and how to identify weaknesses in security postures.
• A “Hunt Forward” Mindset - “Hunt forward” is defined as a proactive mindset to cyber security. It involves looking ahead to anticipate and prepare for emerging threats before they occur. This includes analyzing current trends and implementing strategies to ensure that a system or network is adequately designed and protected against future security breaches and attacks. Hunt forward also includes developing plans to detect, contain, and respond quickly should an attack occur. We are seeing the U.S. Cyber Command send “hunt forward” teams into these nations to help them up-level their cyber training and cyber security infrastructure to modernize these environments and increase operational compatibilities.
• Self-Reliant Cyber Readiness - The leaders I speak with in these nations all have one clear message. They want self-reliance and native cyber security readiness skills and infrastructure. This is where SimSpace provides cyber range platforms to help these nation-state partners perform live-fire exercises, test versus threats, execute cyber training and implement best practices to create self-reliance and up-level cyber readiness.
• Upgrading Critical Infrastructure - In addition to up-leveling cyber training and expanding the size of border nations’ cyber teams, the U.S. and EU have funded modernizing the security infrastructure. Much of the older equipment in these nations has known vulnerabilities that Russia, Iran, and other cybercrime organizations can easily exploit. These efforts will take years, but they are beginning today and becoming more capable every day.
• Developing Security Skills and Retention - I have worked with many countries with national cyber teams with fewer than 20 individuals. They need help with two main issues. First, they must build a pipeline of cyber talent at the university level and, second, retain this talent in their nations after training. We are working with universities to provide our platform to train, test, and develop the elite-level cyber skills they need and retain the right skills and people to protect their national operations, critical infrastructure, and vital private sector industries.
• Joint Cyber Training and Events - The next steps for these nations are to participate in joint cyber exercises, just as they do with kinetic exercises. These exercises will share knowledge, capabilities, and best practices to create a more unified and resilient cyber defense across our allied nations. We see this happen first with military organizations and critical infrastructure (air, rail, water, medical, and power grids). We expect these exercises to include banking and other essential private industry companies.

The task in front of the U.S. and our allied nations is complex, will require vigilance, and will take time to implement and achieve our shared goals. But it is moving forward, and we see early results. It has been a year of new insights, painful lessons, and rapid adjustments to help our nation-state partners, but this unified approach to security is one of our strategic goals at SimSpace.

I look forward to growing cyber security readiness and training capabilities with strategic partners and our Cyber Force Platform in 2023 and beyond.