Preparing for a Cyber Conflict / Hybrid War
Christopher Martlew • 22 March 2022

Will the war in Ukraine escalate into a hybrid war / cyber conflict?

Western intelligence on Putin’s plans has been on point so far.

 

So the recent White House briefing and statement by President Biden on cybersecurity is a serious wake-up call (insofar needed) for us all.

 

These White House briefings are based on what they call “evolving intelligence” that the Russian Government is exploring options for cyberattacks.

The UK National Cyber Security Centre published a warning on 18th March, including advice on actions to be undertaken.

Other Five Eyes countries are also warning of the threat. Australia has advice here. New Zealand here. Canada  here.

The European Union Agency for Cybersecurity nor the Dutch Government have concrete advice as yet on the possible Russian attack scenarios.

The Microsoft Threat Intelligence Center detected an attack on Ukraine’s digital infrastructure in January and again hours before the actual invasion started. These attacks include “Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises.” Microsoft raises concerns about possible contravention of the Geneva Convention.

It’s widely reported that Putin has his back to the wall, and the US and others are predicting he will deploy biological and/or chemical weapons. Against the backdrop of Putin’s increasing outrageous barbarity, a cyberattack is not unthinkable.

How to prepare for hybrid warfare or a state-backed cyber-attack?

For companies with any kind of relationship with people in or from Russia, Ukraine or Belarus, this is a minefield of complexity. Especially perhaps in Europe where millions of Russians and Ukrainians have made their home outside their native countries. This aspect is too much for this post — other than to put it at the top in the list — but Gartner has a good piece here on where to start.

Many companies sharpened their defences at the start of the Covid19 pandemic: Improved end-point security, vulnerability management and multi-factor authentication were triggered by the wave of people working-from-home and increased phishing attacks.

Notwithstanding the increased focus, worldwide government ransomware attacks rose by 1885% last year , and healthcare attacks by 775%.

The current threat goes a lot further than the security aspects of the pandemic — and will have long-lasting consequences. The security suggestions below are intended as input to the conversation and are, obviously, not exhaustive.

To do Now

1. Draw up a plan for the next 5/10/20 days.

2. People-first & Safety first: Physical and mental well-being. Stress levels were raised from the pandemic and many (security) teams are suffering from chronic high workloads and crisis-management. As with covid19, promote a sense of psychological safety and avoid burnout.

3. Stay calm and confident.

4. Communicate with all staff to ensure awareness and ability to execute as needed. Communicate regularly.

5. This is not going to be for free. Ensure sufficient funding is switched into security. Not for the next budget-cycle, but immediately.

6. Ratchet-up all your existing security activities. Revisit and refresh the points you put in place for the pandemic on end-point security, vulnerability management and monitoring.

7. Track government advice and follow-up as needed.

8. Check recommendations from suppliers — solicit where needed.

9. Offer advice to clients.

To do Next

1. Stay calm and confident.

2. Practice your Business Continuity Plan. Improve it and repeat. Focus on what you can control.

3. Prepare for communications when internet and/or email and/or social media no longer work. Provide hard copies of key documents.

4. Choose and check your information sources before acting. There is a lot of bad information out there.

5. Be prepared for a ransomware attack.

6. Ensure all data is held in secure (geographic) locations.

7. Check your insurance. Does it cover an act of war?

8. Draw up a plan for the next 100 days.

And Later

1. Cybersecurity budgeting will probably need to be increased. Fear, uncertainty and doubt (FUD) are poor strategic counsellors and do not sell well in board rooms. So a balance needs to be struck with the new realities of the world, without relying on the bottomless pit of FUD.

2. Review your geo-political strategic positioning. Review (global) supply-chain sourcing and out-sourcing. Review your customer base against a global security threat landscape. Review data storage locations and back-up strategies.

3. Align with industry suppliers, peers and customers.

4. Review Business Continuity Planning to include your full eco-system.

5. Support the government and industry agencies in adopting a global cybersecurity leadership role.

Also at: Website | amazon.co.uk | bol.comblog

Preparing for a Cyber Conflict / Hybrid War was originally published in On Being Agile on Medium, where people are continuing the conversation by highlighting and responding to this story.

2024 will be a year that changes everything

1 January 2024
OK…sticking my neck out a little, but there’s a lot going on. And there are one or two stand-out items for 2024 on our forecast bingo card: AI and HR. We certainly have a few wildcards in play in the Middle East and Ukraine, plus a plethora of ‘democratic’ (some more than others) elections across the world. Wildcards (and potential black swans) notwithstanding, and steering clear of politics, wars and religion, here’s my clutch of 24 predictions, mini-rants, speculations and contemplations for 2024. 1. HR: Insofar as Agile and Digital Transformation programs didn’t kill hierarchies and silos in organizations, AI (AGI, ML) will. HR teams will face unprecedented pressure as the labour market remains tight and AI adoption forces the pace. 2. HR (again): will adapt by (an even greater) focus on internal marketplaces, AI usage and more ‘make’ not ‘buy’ through internal skills development. 3. HR (again): Will move out of their comfort zones in re-imagining support for IT and other communities who are going 'radical' on Agile and upending traditional management structures. 4. Artificial Intelligence will accelerate towards full human-level AGI by 2028. Regulators will not be able to keep up. 5. Apple will release AI (ML) integrated across all its ecosystem but centered on the iPhone. 6. AI will impact the Legal profession in ways that we’re only just starting to comprehend. There will be some casualties amongst the laggards. 7. Despite the darker sides of homo sapiens on our planet, people will remain broadly optimistic that 2024 will be better than 2023. (Source: Ipsos https://www.ipsos.com/en/ipsos-global-predictions-2024 ). 8. NASA will land multiple vehicles on the moon. 9. India’s space industry is on a roll. Its agile space industry will flourish with dozens of new space start-ups added to the 54 created in 2023. 10. Spending on Cloud will increase by 20% to $670 billion (Gartner). 11. The Chinese population will continue its inevitable decline towards halving its current number by 2099. 12. The New York Times case against OpenAI and Microsoft will drag on. But the first fines will land on the doormats of LLM owners for privacy violations. 13. >90% of software engineers will use AI to generate code thereby increasing productivity. 14. 98% of creative workers will use Generative AI to create reports, emails, slides, images and ideas. 15. GenAI will prove a headache for cybersecurity staff trying to keep corporate data safe, while unemployment in cybersecurity remains zero. 16. AI will increasingly be used to generate legal contracts – and even negotiate them. 17. Machines will order from machines, or at least influence human buying decisions. Potentially impacting trillions of dollars of trade by 2030 and making 20% of human-readable websites obsolete. (Source: Gartner https://www.gartner.com/en/information-technology/insights/top-technology-trends .) 18. The engines of the global economy will include Foshan (China), Surat (India) and Kumasi (China). Most in the West have never heard of these places. (Source: McKinsey at https://www.mckinsey.com/mgi/no-ordinary-disruption .) 19. Elon Musk will hang on to X but raise additional capital as he takes it in the direction of WeChat. 20. The world’s largest producer of oil will be…the US. 21. 90% of all mobile phones and the majority of IoT devices will be powered by architectures developed by UK-based firm ARM. 22. 100% of all high-end chips will be forged on machines built by ASML of The Netherlands. ASML will roll out more of its ‘High NA’ machines – each one larger than a truck and costing $300M a pop. But will ship less machines overall than in 2023 and none of the High NA will go to China. 23. Economic acceleration will be 10X faster than the Industrial Revolution and 300X the scale. (source: McKinsey https://www.mckinsey.com/mgi/no-ordinary-disruption .) 24. The top 10 advertising agencies will spend a combined $50 million to build custom AI solutions that enable their clients to scale personalized marketing campaigns and brand experiences. (Source: Forrester https://www.forrester.com/press-newsroom/forrester-predictions-2024/ .) Stay safe. Have a great 2024! “You can’t connect the dots looking forward; you can only connect them looking backwards” – Steve Jobs. Image (c) Shutterstock. Forecasts or expectations expressed in this piece may contain inaccurate forward-looking statements and are not intended as investment advice. Also at: amazon.com | amazon.co.uk | bol.com | blog #OnBeingAgile wn from a different source.

On Strategy, Mission and Purpose (Ithaca — in Greek Mythology the island home of Odysseus).

by Christopher Martlew 11 March 2023
On Strategy, Mission and Purpose (Ithaca — in Greek Mythology the island home of Odysseus).As you set out for IthacaHope your road is a long oneFull of adventure, full of discovery.Fear, Uncertainty and Doubt —Don’t be afraid of themYou’ll not find those on your wayAs long as you keep your thoughts raised highAs long as a rare excitementStirs your spirit and your bodyFear, Uncertainty and Doubt — you’ll not encounter themUnless you bring them along inside your soulUnless your soul puts them in front of youHope your road is a long oneMay there be many summer mornings when,with what pleasure, what joy,you enter harbours you’re seeing for the first time;may you stop at many trading stationsto buy fine things,and may you visit many citiesto learn and go on learning from their scholars.Keep Ithaca always in your mind.Arriving there is not the goalSo don’t hurry the journey at all.Better if it lasts for years,so you’re wealthy with all you’ve gained on the way,not expecting Ithaca to make you rich.Ithaca gave you the marvellous journey.Without her you wouldn’t have set out.Source: Excerpted and (shamelessly) adapted from: C. P. Cavafy, “The City” from C.P. Cavafy: Collected Poems. Translated by Edmund Keeley and Philip Sherrard. Translation Copyright © 1975, 1992 by Edmund Keeley and Philip Sherrard.On Strategy, Mission and Purpose (Ithaca — in Greek Mythology the island home of Odysseus). was originally published in On Being Agile on Medium, where people are continuing the conversation by highlighting and responding to this story.
Share by: