We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
As part of the Global Stage series, a partnership between Microsoft and GZERO Media, the 5-part podcast “Patching the System” will explore the biggest cyber risks and challenges for governments, corporations, and consumers alike. Through the Cybersecurity Tech Accord, a public commitment from more than 150 technology companies, private sector tech leaders are working to create solutions and foster greater cyber resilience.
Even as tensions build in Ukraine, Russia is not a long-term strategic rival for the United States. That’s according to former US Department of Homeland Security Secretary Michael Chertoff, who spoke to GZERO World last September. “The danger with Russia in the short-term is recklessness in the neighborhood,” he said. But even though Moscow may not be the same sort of adversary it was during the Cold War, Chertoff sees big challenges for Washington, especially in cybersecurity and hybrid warfare. “The real danger comes when the red lines are murky or fuzzy,” he added.
Watch all of Chertoff's interview on GZERO World with Ian Bremmer: Is America safer since 9/11?
Russia recently arrested 14 hackers from REvil, a ransomware gang involved in last year's cyberattack against the Colonial Pipeline in the US.
Some think it was a gesture by Vladimir Putin to deescalate tensions with the US over Ukraine. But analyst Alina Polyakova tells Ian Bremmer she doesn't buy it.
It's more likely, she says, that the hackers did something to irritate the Russians.
“When people see strategy in something that the Kremlin does, I usually see circumstantial reasons and coincidence, and maybe some incompetence here and there," Polyakova explains. "I think these were two separate events.”
Watch this episode of GZERO World with Ian Bremmer: Will Putin invade Ukraine?
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What are the positive changes in 2022 that we might expect to see in the cyber world?
Well, my hope is that more awareness of the harms of cyberattacks and intrusions on people will lead to stronger political leadership towards better prevention and accountability. Because too often criminals or states that attack others for their own gains simply get away with it. Only when we appreciate that the digital realm is not a universe detached from our own lives, and that attacks lead to patients sent away at hospitals, to food not reaching grocery stores, or fuel not being available at gas stations, we see more political concern over the systemic weakness throughout the technological system and ecosystem. We use both in everyday, mundane context or in very sensitive ones.
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
Has Russian behavior in cyber changed after President Biden and President Putin's meeting earlier this year?
Well, unfortunately, we see ongoing assertiveness and aggression from the Russian side, targeting the US government, but also US tech companies. And the fact that there is so little accountability probably keeps motivating. Shortly before the Russian elections, Apple and Google removed an app built by opposition parties, to help voters identify the best candidate to challenge Putin's party. The company cited pressure on their employees in Russia, but of course, the pressure on the Russian population is constant. And after these dramatic events, the silence from Western governments was deafening.
What about US companies being targeted by attackers from Russia?
Well, it is a very inconvenient truth that the very companies whose software we all rely on is not secure enough to withstand these attacks. And again, the lack of accountability of attackers is a problem. Intelligence gathering currently does not violate international law and is rarely met with sanctions, even if the consequences of breaching systems, can be significant throughout an ecosystem. There is a legal vacuum and a political vacuum, in clarity around what is and is not acceptable. So, a combination of state accountability, and corporate liability standards are needed, to change the status quo.
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
Experts want us to stop using the term "cyber 9/11". Why is that?
Well, indeed many cybersecurity experts, including my brilliant Stanford colleague, Jacquelyn Schneider, have pointed out that a "cyber 9/11" is not the metaphor that helps people understand the actual nature of the threats. You may have also heard politicians warning for a "cyber Pearl Harbor," and indeed experts are also pushing back against this metaphor. Cyberattacks happen often and are maybe more like massive shots of hail. By trying to probe many vulnerabilities and sending multiple phishing emails, criminals and state entities are trying which digital door might open, trying over and over again, and then can help them achieve their criminal, intelligence or geopolitical goals. The notion of a perpetual shot of hail may also make people realize that the attacks can be closer to them, and then empowering them to be part of the solution instead of feeling defeated by the notion of a massive terrorist attack, targeting a landmark far away, and causing major physical and human suffering.
How much should we worry about children's data leaking?
Well, we should worry. And for some reason, despite the risks, educational institutions are not part of critical infrastructure, even if between universities and schools, vast amounts of data that can be exploited for espionage or distortion are kept. So, I believe more support needs to be unlocked to prevent criminals from easy successes, and to support schools, universities, and other educational institutions with public resources and very solid expertise. And including them in a critical knowledge infrastructure category, might actually help
