“The pandemic caught us with our pants down, not understanding how big the cyberthreat is”

A fascinating conversation between two intelligence giants: former CIA Director David Petraeus, and Former Head of the Mossad Tamir Pardo, on cybersecurity, leadership, and decision-making in crisis, during the Cybertech Global Dubai conference

“The pandemic caught us with our pants down, not understanding how big the cyberthreat is”

Pardo and Petraeus at Cybertech Global - UAE Dubai, screenshot

״There is no single application or single product that can provide (general) cybersecurity, even though many firms buy such products,” says Former CIA Director, Gen. (Ret.) David H. Petraeus. “Each company must have an overview idea that guides the process.” Petraeus spoke via Zoom with Former Head of the Mossad and Chairman of XM Cyber, Tamir Pardo, on “Cybersecurity, leadership and decision-making in crisis” earlier today (Monday), at the Cybertech Global UAE-Dubai conference. 

The two intelligence heavyweights discussed the changes and turmoil 2020 brought to the cyber world. “The pandemic meant that many of us moved to working from home, using home routers etc. Also, many of us added IoT devices to our home equipment, meaning that we have a lot more weaknesses and vulnerabilities than in the past,” explains Petraeus. “So, the effect of the pandemic was to dramatically increase the amount of risk companies are facing because of the new devices touching the networks – a big change with many challenges.”

Petraeus then goes on to name additional challenges in the cybersecurity sphere the US has been facing, perhaps the most prominent one being “the SolarWinds hack by a Russian intelligence agency, which may have had elements of supply chain hacking which may have begun in the US” – a particular challenge for the US, since “our greatest cyber expertise is in the NSA, which focuses on foreign intelligence gathering, whereas internal threats are handled by the Department of Homeland Security, which still has a very nascent cybersecurity agency, CISA.”

“We’ve got to do some serious stocktaking, identify new big ideas and a new approach – clearly, what we’ve done in the past isn’t effective, CISA needs to be built up substantially,” says Petraeus, and immediately points to an additional problem, that of time and lack of agility. “It takes an enormous amount of time to recruit people, put everything together, develop the architecture…There must be collaboration between the government and the private sector.”

On the necessity of agility, Pardo adds: “Governments and big institutions move so slow. In the pandemic, we were caught with our pants down without understanding how big the threat is - new warfare, attacking directly the civilian establishment, and this way you can win a war. We need to predict and to prevent: to close the gate before the attackers arrive, and to catch them before they enter my house.” 

Pardo points to the biggest challenge, which is the basis for everything: “We cannot protect everything. Therefore, the most important thing for a company to understand what its crown jewels are and make sure they are protected, set up defense priorities. 

“I believe that the understanding of the threat is not year clear to many countries, many organizations, the understanding that the world became transparent. It’s necessary not only to protect the crown jewels, but to understand what they are, and this is an answer the CEO of a company has to give, not the technician. This is not understood yet.”

Petraeus: “The company’s architecture has to be based on its operations, what matters most to the company. And that must be protected by additional measures. In the military realm, increasingly the battle is going to be trying to take down the enemy’s network. Networks are increasingly complex, unmanned sea, air, land, space systems. The fight is going to be between increasingly unmanned weapons as well as cyberspace, algorithm battling algorithm, with the prize being shutting down the adversary’s network. 

Pardo: “In the past, war was totally different. Now, we don’t need to pull the trigger, we have the algorithm that controls everything. This is something we never saw in the past. “

Petraeus: "There’s got to be sharing between government and civilian factors, the more sharing the better, but – just like we saw when we started working from home, there will be many challenges. 
We’ve got to get the big ideas that will guide this write in each of our countries and between our countries, so that we can share between our agencies. It’s like a counterinsurgency, a very tall order to provide that kind of cybersecurity. And most businesses still don’t have what they need, which is a specially designed, comprehensive cybersecurity solution.”

 

The Cybertech Global UAE-Dubai conference is taking place now, April 5th-7th, 2021.
Conference website: https://www.cybertechconference.com/