We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
China & Russia are "formidable" cyber adversaries: CISA's Jen Easterly
The next 10 years are critical for America to defend itself from China and Russia in cyberspace, says US cybersecurity chief Jen Easterly.
We'll know by then if we've won or lost the battle for tech innovation against Beijing and Moscow when it comes to things like smart cities, she tells Ian Bremmer on GZERO World.
And despite the Russians being a more urgent threat, the long-term race with China to dominate global tech is arguably even more important.
"Russia is the hurricane, but China is climate change."
Easterly also shares her take on why we haven't seen major cyberattacks from the Kremlin after Russia invaded Ukraine.
Watch the GZERO World episode: Hackers, Russia, China: cyber battles & how we win
How private businesses help fight cybercrime
The federal government wants to help US businesses better defend themselves against cyberattacks — but little can be done if corporations don't report them.
That's why the Biden administration is championing a new law that forces them to do so, says Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency.
The Cyber Incident Reporting for Critical Infrastructure Act requires whoever operates critical infrastructure to report attacks coming from state and non-state actors.
And that data will "drive down risk in a much more systematic way," Easterly tells Ian Bremmer on GZERO World.
Watch the GZERO World episode: Hackers, Russia, China: cyber battles & how we win
- A (global) solution for cybercrime - GZERO Media ›
- Biggest cybersecurity threat to watch in 2022 - GZERO Media ›
- Will the US be able to withstand cyber attacks on critical ... ›
- SolarWinds hack a wake-up call to the tech sector - GZERO Media ›
- Does Jeh Johnson consider Russia's cyber attack against the US to ... ›
Will the US be able to withstand cyber attacks on critical infrastructure?
The US Cybersecurity and Infrastructure Security Agency was set up in 2018 to help protect America's critical infrastructure.
It might sound like a technical term, but CISA chief Jen Easterly explains that critical infrastructure is how we get water, power, gas — even food at the grocery store. And 80% of it is operated by the private sector.
So, how does the agency help businesses defend themselves from hackers?
"In cybersecurity, the federal government is just a partner ... so we all have to work together to drive down risk to the nation," Jen Easterly tells Ian Bremmer on GZERO World.
- Does Jeh Johnson consider Russia's cyber attack against the US to ... ›
- Podcast: Lessons of the SolarWinds attack - GZERO Media ›
- SolarWinds hack a wake-up call to the tech sector - GZERO Media ›
- Biggest cybersecurity threat to watch in 2022 - GZERO Media ›
- A (global) solution for cybercrime - GZERO Media ›
- Hackers, Russia, China: cyber battles & how we win - GZERO Media ›
US & allies unite against China's cyberattacks
Ian Bremmer's Quick Take:
Hi, everybody. Ian Bremmer here, back in Nantucket for a few days, and a Quick Take to start out the week.Well, I thought I would talk about the finger-pointing happening at China for these cyberattacks. When we've been talking about cyberattacks recently, we mostly talk about Russia. It's been ransomware, it's been espionage, it's been disinformation, and US election intervention and all of these things. But no, this week it is all about China, and specifically the White House had this unusually strong statement, citing concerns about China's, what they call, irresponsible and destabilizing behavior in cyberspace, specifically talking about a hack against the Microsoft Exchange Server that we found out about back in March. That is a big deal.
Second, and related to that, is the fact that there was a massive response, a coordinated response, from NATO, as well as all G7 members. You remember back at the G7 meeting that we had a month ago in the UK, and the surprise was the statement was much more about China, much more coordinated on China, than people would've expected. That was the 3-hour meeting that they shut down the internet so they could all talk internally. There's increasing backlash against what is seen as more assertive Chinese behavior towards the West. We saw the big speech by Xi Jinping at the 100th Communist Party plenum. On the back of that, the Chinese government has made tougher statements on Taiwan, they have taken big moves against Chinese tech companies, against their IPO-ing in the West, in the United States, which is what makes them more transparent and more interoperable and engage in a global way. And now you see the United States and our allies around the world, in turn, taking on more coordination vis-à-vis China.
In the medium-term, one of the biggest questions out there will be to what extent countries like Germany and France and the UK would get on board with the United States that considers its top national security priority to be China, to be a threat from a competitive, assertive, and increasingly powerful China. And what we've seen in last 3 months has been a surprising amount of consolidation of that position. Doesn't mean it's going to continue on that trajectory forever, doesn't mean the Americans will be able to continue to implement on it, but at least for now, what we see is a Chinese government that is looking away from globalization, that's focusing more on domestic supply chain, on domestic consumption, on national champions, and a Chinese model of development, and we're seeing in the United States, Europe, Canada, Australia, Japan, even South Korea, all say we really don't like that direction. We have to work closer together.
Here's the big push back on all of that, and that's, despite all of these headlines, the level of interdependence and interoperability between the West and China continues to be incredibly deep. And you wouldn't necessarily know it by listening to the headlines. Deep in terms of trade, in terms of tourism, in terms of access to each other's markets, access to each other's financial systems, and frankly, most of the major economic actors in the United States in the West over the coming 5, 10 years, they expect to have not only the present level of engagement in China, but even more exposure to the Chinese market. China is the leading trade partner in almost the entire world in 2021. The United States is not about to supplant that. In fact, that trajectory is moving more in that direction.
So, on the one hand, you have the reality of globalization and interdependence that no matter what the politics are, will continue to get stickier and more engaged. On the other hand, you have the politics of pretty much all of the major economies in the world driving exactly against that. It's the most important cleavage in the world today, geopolitically, and it's one we're going to be spending an awful lot of time trying to suss out as these headlines continue to drive this kind of conflict.Anyway, that's it for me today. I hope everyone has a good week. Talk to you all real soon.
- Biden and Merkel will talk China strategy; Cuban economic crisis ... ›
- Impact of Microsoft hack deepens; why cyber attacks target ... ›
- Will there be a decisive US response to Russian cyber attacks ... ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
- How North Korea trains its “cyber soldiers” - GZERO Media ›
Combating cybercrime a focus at G7 and Biden-Putin summits
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
Cyber issues took center stage at the G7 summit. Is there a consensus among world leaders on how to handle cyberweapons?
Well, depending on who is included, there is a growing consensus that the escalations of conflict in cyberspace must stop. And G7 leaders that are now all representing democracies did call on Russia to hold perpetrators of cybercrime that operate from within its borders to account. So, I guess hope dies last because laws in Russia prevents the extradition of suspects to the US, even if Vladimir Putin answered positively when Joe Biden asked for cooperation on that front. And when it comes to limiting the spread of tools that are used for hacking, surveillance and infiltration, the EU has just moved ahead and adopted new dual use regulations which reflect the concerns for human rights violations when journalists are targeted the way that Jamal Khashoggi was. So ending the proliferation of systems that are used to attack would be an urgent but also obvious step for democratic nations to agree on.
Will Biden's meeting with Putin influence a united Western approach in combating cybercrime?
Well, after the intense and high-profile series of ransomware attacks, there's a fresh focus on deterrence and accountability in this space. Biden announced several sectors of critical infrastructure should be off limits for cyberattacks. But the need is really for sufficient consequences to force those in Russia, but also elsewhere to stop their lucrative, cynical practices.
Cloud computing and US cybersecurity
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What is cloud computing?
Now it's not that easy to answer but let me give it a try. Cloud computing is the capacity to store or process data over the Internet on servers away from a device like a laptop or a mobile phone. And it actually allows for software, databases, and the storage of data to be sold as a service.
Is the future of cybersecurity in the cloud?
Well, the recently adopted executive order by President Biden with the aim of improving the US's cybersecurity does suggest as much. But I'm afraid it's not that simple. Any software can be exploited and is being breached even when it's run by major companies like Microsoft. So it's worrying that despite national security protections, even large companies cannot protect users against state hackers. So the question is, who can protect the homeland and who can assure cybersecurity?
- Impact of Microsoft hack deepens; why cyber attacks target ... ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Why we need a World Data Organization. Now. - GZERO Media ›
- Report: China's cyber security a decade behind the US, despite hype - GZERO Media ›
- US, NATO, & EU condemn China's Microsoft hack; Pegasus spyware leak - GZERO Media ›
- QR codes and the risk to your personal data - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
Highlights from our live conversation on cybersecurity challenges
Cyber is a tool, and sometimes a weapon. Whether used for commercial gain or for attacks on critical infrastructure, actions taken in cyberspace affect you directly. This means that even the most mundane realities of everyday life are vulnerable to hackers.
In our live May 18 event, "Beyond SolarWinds: Securing Cyberspace," we asked our speakers what we can do to safeguard cyberspace from future attacks.
Ian Bremmer, president of Eurasia Group and GZERO Media, (above) explains "there are three different levels of cooperation we desperately need to reduce a threat that right now is growing exponentially for our national securities at home." At one level, there needs to be greater coordination between the private and public sectors in the US. It needs to be "much deeper, much more structural, much more efficient" than what we currently have, says Bremmer.
This step requires us to acknowledge that cybersecurity is no longer different from physical security. Technology runs every aspect of our lives now, including our physical infrastructure as the Colonial Pipeline hack so evidently proved. So, with increasing cyberattacks on critical infrastructure, cyber defense needs to become more sophisticated. This requires the tech sector to continue to develop stronger security protection while the public and private sectors simultaneously implement cybersecurity practices across the board, says Brad Smith, president of Microsoft.
Microsoft's Brad Smith on the Pervasive Dangers of Ransomware Attacks | Global Stage | GZERO Mediawww.youtube.com
Jane Harman, President Emerita of the Wilson Center and former ranking Democrat on the House Intelligence Committee, notes that "the markers have been here for years about the impact of cyber" on US infrastructure. The SolarWinds and Colonial Pipeline hacks are just incidents in a series of cyberattacks that further emphasize how sophisticated hackers are, and how unprepared the US has become.
Harman added that the US specifically bungled its response to the SolarWinds hack because a private firm found out first. That's why Biden's executive order mandating private firms in business with the US government to immediately report such cyberattacks is a good first step, but it needs to be more robust. The private sector as a whole needs to coordinate better with the US government. Executive orders are "not enough" to tackle one of the United States' most difficult problems.
Biden's Executive Orders Are “Not Enough," Says Jane Harman | Global Stage | GZERO Mediawww.youtube.com
Greater coordination between the US and its transatlantic allies is the second level of cooperation we need to reduce the cybersecurity threat. But mistrust, which is both deep and structural, is standing in the way.
"Trust is the currency of diplomacy", according to Wolfgang Ischinger, chairman of the Munich Security Conference. In its absence, the US and its allies have a serious obstacle standing in their way when it comes to issues like global cybersecurity cooperation. "Europeans across the board, don't even trust their own governments" or companies let alone the US government and American companies, says Ischinger. "But the really worrisome thing is that [Europeans] mistrust Americans almost as much, … as they mistrust the Chinese."
Wolfgang Ischinger: "Europeans Don't Even Trust Their Own Governments" | Global Stage | GZERO Mediawww.youtube.com
That is why rebuilding trust across the Atlantic is an important part of the way forward for cybersecurity, says Smith. It may be hard for people, including the United States government, to fully understand the impact the current lack of trust has on cybersecurity. But there needs to be greater transparency between countries that intend to work together to combat growing waves of distrust. Transparency "is central to everything else we need to do together to address the cybersecurity threats we're seeing around the world," says Smith.
Microsoft's Brad Smith on Actions Needed to Build Cyber Trust | Global Stage | GZERO Mediawww.youtube.com
Lastly, we must seek a broader level of global coordination and trust, says Bremmer. "While we all recognize we need that, we are right now heading in the opposite direction."
However, there is some hope on the horizon as we are becoming more away of this crisis. "It is moving up in the league of tables in terms of major policymakers around the world understanding that this is a real threat" we need to address. This leads Bremmer to feel fairly confident in the resources that will be devoted to global cybersecurity cooperation over the next five years.
"Beyond SolarWinds: Securing Cyberspace," a Global Stage live conversation on cyber challenges facing governments, companies, and citizens, was recorded on May 18, 2021. It's presented by GZERO Media and Microsoft, and held in collaboration with the Munich Security Conference as part of their "Road to Munich" series.
DarkSide hack reveals risk of ransomware cyberattacks
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What did the DarkSide incident targeting Colonial Pipeline reveal about ransomware and the vulnerability of critical infrastructure?
Well, basically everything you need to know. The type of impact debilitating infrastructure through a ransomware or other method of cyberattack has been warned about for years. The risk of exploitation of vulnerabilities in software with enormous ripple effects became very tangible with the attack on Colonial Pipelines. But remember that energy infrastructure in the US already enjoys the highest protections, and still the attackers managed to perpetrate.
How can companies and governments catch up on cyber defense?
Now, it's critical that there is a mapping of an entire ecosystem, whether that is a company network or an entire country's architecture. Is it clear who is responsible for protecting which parts and how does information flow in case of emergency? I worry about the overreliance on software companies, which, as illustrated by the SolarWinds exchange server and now Colonial hacks are not strong enough. Connectivity brings new and often invisible vulnerabilities that must be addressed with more resilient protections and with more insights to public and Democratic leaders.
- Would you pay a cyber ransom? - GZERO Media ›
- Hackers shut down US pipeline - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- The Graphic Truth: Who's Hacking Whom? - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Spyware concerns prompt US Congress to move toward sanctions - GZERO Media ›
- "We're identifying new cyber threats and attacks every day" – Microsoft’s Brad Smith - GZERO Media ›