Inside Modern Cyber Warfare: The Invisible Battles Happening Every Day | Chris Kubecka

Posted by:

|

On:

|

This podcast episode delves into the intricate interplay between global politics, cybersecurity, and the evolving nature of threats faced by critical infrastructure. Our esteemed guest, Chris, shares his compelling journey from early experiences with technology to significant roles in safeguarding vital systems against sophisticated cyber threats. Notably, the discussion illuminates the transformation of cyber warfare, highlighting the emergence of physical attacks that disrupt both digital and physical infrastructures. We also examine collaborative efforts among nations to fortify defenses against such challenges, emphasizing the necessity of cooperation in the face of rising geopolitical tensions. As we navigate this complex digital landscape, it becomes increasingly apparent that a unified approach is paramount to ensuring our collective security and resilience in an interconnected world.

Join Joseph Carson in this insightful episode as he interviews cybersecurity expert Chris Kubecka. They discuss critical infrastructure security, cyber warfare, geopolitical risks, and the evolving landscape of digital threats, providing valuable lessons for cybersecurity professionals and policymakers.

Key Topics

Cybersecurity in critical infrastructure

Geopolitical cyber threats and hybrid warfare

Evolving landscape of digital threats and resilience

Sound bites

“GPS jamming has been a massive challenge.”

“Digital Empires: China, Europe, and the US.”

“Radio communications are a vital fallback.”

Chapters

  • 00:00 Introduction and Background of Chris Kubecka
  • 01:37 Cybersecurity Challenges in Critical Infrastructure
  • 03:37 Evolving Nature of Cyber Threats
  • 05:45 The Role of Drones in Modern Warfare
  • 07:25 Hybrid Warfare and Global Diplomacy
  • 10:10 The Shift in Global Cybersecurity Dynamics
  • 12:18 The Importance of International Cooperation
  • 14:33 Privacy and Ethics in Cybersecurity
  • 16:50 Historical Context and Regional Cooperation
  • 18:55 Cyber Attacks on Civilian Infrastructure
  • 22:04 Personal Experiences in Estonia
  • 24:10 Geopolitical Tensions and Cybersecurity
  • 25:52 Challenges in Maritime Connectivity
  • 28:16 Critical Infrastructure Vulnerabilities
  • 30:22 The Role of Radio in Authoritarian Regimes
  • 33:43 International Maritime Law and Cybersecurity
  • 37:46 Recent Projects and Activism in Cybersecurity
  • 39:51 Staying Informed in a Rapidly Changing Landscape

Resources

Chris Kubecka’s LinkedIn – https://www.linkedin.com/in/chriskubecka/

Field Tested: How to Hack a Modern Dictatorship with AI – https://www.amazon.com/dp/B0C7F4XYZ

Transcript
Speaker A:

Hi, everyone.

Speaker A:

Welcome back to another episode of the Security By Default podcast.

Speaker A:

I’m the host of the show, Joe Carson.

Speaker A:

It’s a pleasure to be here with you.

Speaker A:

And I have an awesome guest who I really admire has been a fantastic mentor and global leader in policy and advising and critical infrastructure.

Speaker A:

So welcome to the podcast.

Speaker A:

Chris, do you want to give the audience a little bit of your origin story background before we get into some of the nitty gritty of the world politics and cybersecurity challenges that we have around the world?

Speaker B:

I have an origin story.

Speaker B:

Oh, this is interesting.

Speaker B:

Ooh, I feel like Batman.

Speaker A:

Ooh.

Speaker B:

So it all started when my parents were.

Speaker B:

No, no, it did start.

Speaker B:

My parents were divorced, and my mother just loved to teach me everything about her work.

Speaker B:

Computers, computer science, networking, you name it.

Speaker B:

And then as a kid, I decided I would explore, and I explored too much.

Speaker B:

And I broke into the FBI and Department of justice without knowing it, by the way.

Speaker B:

I did not have intent, but that’s okay.

Speaker B:

Anyway, so after I could use a computer again at the age of 18, voila, I was in the Air Force doing all sorts of lovely jubbly things.

Speaker B:

And from there, I learned to hack land, space, CN Air in a nice ethical way, or against enemies, but in a nice way.

Speaker A:

That’s always.

Speaker A:

It’s always interesting.

Speaker A:

I mean, you’ve had a very interesting and exciting career going from the Air Force and then getting into a lot of the critical infrastructure side of things.

Speaker A:

You did a lot of work on the Saudi Aramco and critical infrastructure, especially when there was lots of major cyber attacks happening around that time.

Speaker A:

So if you want to give a little bit about kind of, you know, the experience around then and the transition you had during that time, certainly.

Speaker B:

So it’s.

Speaker B:

When most people, they get a corporate job, they might be, I don’t know, an executive, junior executive, whatever you’re thinking, oh, this is going to be easy and cush.

Speaker B:

But, no, not with Saudi Aramco because their threat profile is rocket launches against their infrastructure and weaponized drones.

Speaker B:

So when we think about, oh, all of the drone wars that have been going on between Ukraine and Russia, actually, a precursor was Azerbaijan in Armenia, but even before that, the Iranians had been giving the Houthis, et cetera, all of their favorite club, weaponized drones.

Speaker B:

So Iran’s been developing weaponized drones and surveillance drones for much longer than most people think, unless you’re familiar with the Middle East.

Speaker B:

So the threat profile for Saudi Aramco is executives getting assassination attempts, so.

Speaker B:

Or board members.

Speaker B:

There are tanks There are rocket launchers at the compounds and that’s for a reason.

Speaker B:

The buildings are laid out so in case one gets blown up, you can still keep operations going in another building.

Speaker B:

So it’s a very different type of aspect of cybersecurity that most people in say, computer science don’t have to deal with.

Speaker B:

Unless you are, say, an amateur lock picker.

Speaker B:

And I’m looking at my lock picks up there, but you have to deal with these things.

Speaker B:

And then on top of that, they had just sold the largest fleet of ships called Velo, but yet they were still monitoring it.

Speaker B:

And I was on a crisis team with the most Scottish guy ever.

Speaker B:

His name was Donald McJonald and he had like the thickest Scottish brogue.

Speaker B:

Right.

Speaker B:

And him and I, we would have to monitor the Velo fleet in case he got hit by pirates.

Speaker B:

So in between your regular viruses, massive cyber warfare by the Iranians or whoever else, you know, and you know, pirates and, you know, joint ventures connected with nuclear facilities in South Korea, rockets, drones,.

Speaker A:

Which kind of, kind of reminds me of what’s happening.

Speaker A:

It’s only at the last couple of years we’ve seen a switch from.

Speaker A:

We still, on occasion we, we do get the, the very digitalization, you know, the cyber attacks, DDoS attacks and phishing and ransomware, you know, they’re very common things that you’re used to.

Speaker A:

But in the last couple of years it’s changed quite significantly to the point where it started really with GPS jamming.

Speaker A:

GPS jamming has been a massive challenge.

Speaker A:

If you go close to the border, you’ll find that your GPS will, will not function.

Speaker B:

It doesn’t work at all.

Speaker A:

So using navigation zone and even I remember just last year that Finnair started a flight from Helsinki to Tartu and that inaugural flight had to turn around because Tartar airport didn’t have.

Speaker A:

They used and depended on GPS for landing the flights.

Speaker A:

And of course GPS jamming occurred and they had to cancel and turn the flight around because it didn’t have gps, alternative to gps.

Speaker A:

So GPS has been a massive challenge, especially when you go closer to the border or around that area, it just doesn’t work.

Speaker A:

And then in the last couple of years, of course it’s been the ghost ships and the anchors dragging across the Baltic Sea and that’s now create a lot more challenges.

Speaker A:

So, you know, first of all it was the energy cables because between Estonia and Finland we share energy grid between the Baltics and Nordics.

Speaker A:

And now in the, even the last couple of months it’s been the data cables.

Speaker A:

So it’s turned really around that it’s more, you know, the sabotage and espionage, whether it being trying to plug into those cables to get the data in transit or to just destroy the infrastructure.

Speaker A:

Disregard.

Speaker A:

So cyber attacks have definitely.

Speaker A:

It’s evolved into your point, you know, physical side.

Speaker A:

And drones is definitely now one of the big top areas that we need to be prepared for.

Speaker A:

I always say that, you know, we’re not, we’re not just protecting computer systems.

Speaker A:

And I love Mikko’s mention about that.

Speaker A:

We’re not protecting the digital society.

Speaker A:

So we’re almost like the, you know, we’re the digital Marvel heroes.

Speaker A:

And I admire even, even with Mikko changing direction as well, moving into more the drone security side of things.

Speaker A:

So, so what’s your.

Speaker A:

You’ve had a lot of experience in this, you know, around the political side and the global side.

Speaker A:

What experiences have you had when it comes from drones, but now with a lot of different mechanisms for disrupting the digital world that we live in?

Speaker B:

Well, it’s been a very dynamic digital battlefield.

Speaker B:

Late last year, I don’t know, a few months ago, filming of this, I had the pleasure and opportunity of being put on stage next to the head of the Cyber Authority of Ukraine and then on the other side next to the head of the DNSC of Romania to basically represent the ethical hackers which are aiding Ukraine.

Speaker B:

And during that time, here I am on stage and it’s a very public thing, right?

Speaker B:

I was undergoing a Russian smear campaign by a false inflated German expert who runs a think tank with dubious funding after I just released an exclusive on Sofia University in Bulgaria.

Speaker B:

Professors meeting up like a secret cabal to vote in some guy without credentials to be a professor.

Speaker B:

And he too had a think tank, a Eurasian center, which is code word for foreign policy of Russia.

Speaker B:

Anytime you hear Eurasian.

Speaker B:

And it was a surreal experience because it’s been almost four years since the escalation.

Speaker B:

And there I was on stage with this storm going all around me and knowing that the year previous, the conference I was at, we had to change locations because one of the speakers within two hours of her speaking at that conference, the Russian government had deep faked her to say that she was a secret CIA agent or some, you know, bogus whatever, right?

Speaker B:

And you’re just like, how did I get here?

Speaker B:

I wanted the beautiful house, I wanted the nice husband.

Speaker B:

Wait a second, I’m in the middle of hybrid warfare, right?

Speaker B:

Oh, yeah.

Speaker B:

And then D site had come out with an article, a full thing about me speaking about hybrid Warfare, all at the same time.

Speaker B:

And you’re like, huh, Is this real?

Speaker B:

It’s real.

Speaker B:

And you’re like, I don’t want it to be real, but it’s real.

Speaker B:

And all of the stuff that goes on where you’re dealing with very nervous diplomats, like, right now, because the us, as per the current administration, when they came into power, they decided that certain countries were not the biggest threat.

Speaker B:

Fine.

Speaker B:

That’s their prerogative.

Speaker B:

That’s not the case in the Baltics.

Speaker B:

Right.

Speaker B:

And because of that, and because of an article that came out, a statement from the US Government a few days ago, basically saying, we’re going to concentrate on our internal stuff, world, you’re on your own.

Speaker B:

But I’d already been hearing diplomats going, oh, no.

Speaker B:

The US had been doing all of these diplomatic services in the background, and now they’re like, yo, bye, Mic, drop out the door.

Speaker B:

And in the middle of such chaos.

Speaker B:

And it’s been very interesting.

Speaker B:

It’s a shame it’s real, or it would be a really good TV series, but it’s real.

Speaker B:

And I’m finding there are some countries that really, really want to work together, break some of those old barriers, baggage from our grandparents type of thing, and then other countries are still too entitled or thinking about the grandparents and who killed the grandparents, whatever, you know, but in order to look at the threat, if we’re going to survive this, we.

Speaker B:

We gotta, like, work together.

Speaker B:

Because Uncle.

Speaker B:

Uncle Sam.

Speaker B:

Yeah.

Speaker B:In:Speaker B:

After Trump became president, the 45th president, I was with an organization.

Speaker B:

We were running the eu, NATO cyber warfare exercises down in Brussels.

Speaker B:

And for our devastating scenario, Dead Canary, we wrote a letter from President Trump, you know, good morning, blah, blah, blah.

Speaker B:

And it was all about massive cyber attacks that were killing people across Europe and the uk.

Speaker B:

He goes, you know, oh, you know, so sorry to hear about these massive cyber attacks.

Speaker B:

This is a terrible thing that’s happening to Europe.

Speaker B:

However, when I was last at NATO headquarters, I told them no, I begged them to put more money into defense.

Speaker B:

Because, you see, now is the time for Europe to stand on its two feet.

Speaker B:

American blood will not be spilled.

Speaker B:

And what’s funny is I heard very, very similar, almost haunting rhetoric from, I think it was Rubio and another person in the cabinet of the Trump administration.

Speaker B:

And you’re like, it’s really now time for Europe to stand on its own two feet.

Speaker B:

So it’s.

Speaker B:

It’s interesting times.

Speaker B:

I feel like I should write a book, War and Peace,.

Speaker A:

Version two, the digital.

Speaker A:

The Digital era.

Speaker A:

Right.

Speaker A:

It’s interesting because I read a book last year.

Speaker A:

It was interesting to read it now because it was, it was published maybe about three years ago.

Speaker A:

It was a book by Ano Bradford called Digital Empires.

Speaker A:

And it talks about, you know, the world and digital empires where it’s about China being state driven, European being rights driven for, you know, citizens in the US being economic driven driven.

Speaker A:

It’s a very interesting because to your point that what changed a lot the last year definitely is that the switch where it was more about an alliance and that that and that it was about intellectual property and it was about ethics and everything being kind of the rule of law globally.

Speaker A:

What seems to be now driving a lot of decision making.

Speaker A:

It’s the economic side of things, purely financial, which means everything else, alliances, transparency, cooperation, all goes out the window if you’re not making money out of the whole thing.

Speaker A:

And immediately I think it really impacts because that means that yes, you know, Russia and China are definitely not, you know, not seen as.

Speaker A:

I think it’s more China from an economic perspective rather than a digital perspective as being as, you know, seen as the challenger.

Speaker A:

And it’s really interesting that I find that it’s, it’s very, it’s changing the whole dynamics of the world very quickly and rapidly from trade to cooperation to data sharing to stability.

Speaker A:

And it’s really connected to, you know what I’ve seen a lot of, a lot of organizations which were critical to the industry that we work in, in the security and cyberspace, the likes of CISA and things like CVEs that are now all, you know, from a resource perspective getting very challenging.

Speaker A:

Do we have the people in there to really make those critical decisions?

Speaker A:

Me being based in Estonia, we have had those incidents multiple times over the years.

Speaker A:

Ukraine’s been going through it many times in the last couple of years as well, to the point where that you get so much disruption that we have to work together in the digital world.

Speaker A:

In a physical world you can choose how you do things and trade and whatever, but in the digital world there is no realistically borders.

Speaker A:

It’s all connected, interconnected and there’s many ways to communicate.

Speaker A:

And for me I think the only way that we can reduce where cyber criminals or mercenaries or malicious operators can work from is cooperation.

Speaker A:

But my concern is those corporations are starting to fail right now and disappear.

Speaker A:

Which means that more places we will likely see a massive increase or a spike in cybercrime malicious attacks into more damaging that not just about from a financial perspective because we’re seeing in the last year more kinetic types of attacks that it could start to damage the way we live and the society in general.

Speaker A:

Have you seen, I mean, what’s, what’s your perspective on that?

Speaker A:

Is the alliances and the cooperation?

Speaker A:

I think it’s getting stronger in some areas.

Speaker A:

I think definitely between European and Canada and Asia, some Asian countries, there’s strength or relationships happening there.

Speaker A:

And maybe some countries are stepping up to being the leaders in that area.

Speaker B:

I think some are, I think some are now realizing, whether by shock or necessity, that these types of things are going to happen.

Speaker B:

But at the same time, then you’ve got still such an interesting difference of opinion even inside Europe.

Speaker B:

And one of my best examples is Denmark and Sweden.

Speaker B:

Their concept of privacy is no privacy.

Speaker B:

So last year Denmark had the rotating every six months EU presidency thing and they had been trying to quietly push EU jet control in conjunction with the Swedes and the private security firm out of Sweden that is privately funded with no listing of their board members whatsoever.

Speaker B:

Not suspicious at all.

Speaker B:

And they currently use the system in Sweden and it’s got about a 20% false positive rate, meaning 20% of the people hauled in are arrested for having child pornography and their entire lives ruined and their families broken up.

Speaker B:

Because as you’re going to, what is, you know, is your wife going to look at you the same?

Speaker B:

And then a year later they’re like, oh, yeah, so sorry our software messed up.

Speaker A:

It’s miscalculated and didn’t under.

Speaker A:

I mean, especially if you’re using AI, it’s, it’s so, so many inaccuracies, right?

Speaker B:

It’s so many inaccuracies, right?

Speaker B:

We’re not there yet.

Speaker B:

Right.

Speaker B:

So they’ve been pushing you chat control both through the front door and now through the back door.

Speaker B:

Now that they don’t have the presidency with the statement of, you know, basically the Danish EU president at the time said, you know, privacy is dead.

Speaker B:

But the problem is we’re still kind of broken up with this idea of what is privacy.

Speaker B:

And here the EU has such a strong EU gdpr.

Speaker B:

What is cybersecurity?

Speaker B:

Well, privacy actually comes into play with that.

Speaker B:

Right.

Speaker B:

We’re in the middle of a hybrid warfare, so maybe we should keep things more private.

Speaker B:

But there seems to be a disconnect with some of the countries of what those ideas are.

Speaker B:

Right.

Speaker B:

Ethics are different everywhere.

Speaker B:

The idea of privacy is different everywhere.

Speaker B:

Right.

Speaker B:

I live in the Netherlands.

Speaker B:

They like to keep their curtains open even when they’re changing.

Speaker B:

I’m like, no, no.

Speaker B:

All my Curtains are closed.

Speaker B:

So, you know, I know I don’t quite fit in to this, but we also have to understand and get on the same page that even though we might have different ideas in peace time and wartime, the same information can absolutely turn into poison for us.

Speaker B:

So we have to plan for that.

Speaker B:

We have to absolutely be more cohesive because the big plan is to break us up and make us, you know, fight amongst each other instead of the real issues.

Speaker B:

And I’m seeing a lot more cohesiveness when it comes to the Baltics and the Balkans right now.

Speaker B:

They are cooperating big time.

Speaker B:

Big time.

Speaker B:

But they’re still kind of like dragging in some of the Western countries where they’re still not all that cooperating.

Speaker B:

I don’t see French delegates at cybersecurity conferences in Sofia, Bulgaria, or in Bucharest.

Speaker B:

I’ve yet to see one.

Speaker B:

Where are they?

Speaker B:

But yet Bucharest right now is the center of cybersecurity in all of Europe.

Speaker B:

I can understand.

Speaker B:

I just would really like to have that more.

Speaker A:

Yeah, absolutely.

Speaker A:

We do mean they are from a history perspective.

Speaker A:

I think that’s one of the things, is that they, they were, you know, through the Soviet times and they’ve got that really kind of not too far distant memory of the situation.

Speaker A:

And that’s, that’s why the cooperation and visibility and working together through the Baltics as well.

Speaker B:

Yeah.

Speaker B:

I mean, they had even a spin on the Soviet times because Ceausescu, the leader, wasn’t quite all Soviet.

Speaker B:

I mean, he was very angry that the Soviets invaded Czechoslovakia.

Speaker B:

Right.

Speaker B:

But he leaned towards North Korea, so him and the Kim family were friends.

Speaker B:

So imagine it was even worse, right?

Speaker B:

I was like.

Speaker B:

And no food.

Speaker B:

Not joking.

Speaker B:

The guy exported all the good food.

Speaker B:

So, you know, it was even worse.

Speaker B:

So they know last November, I should.

Speaker B:

One second, I’ll get the book.

Speaker A:

Okay.

Speaker B:

I should market myself more.

Speaker B:

I forget this.

Speaker B:

Oh, I wrote this little book, Fuel Tested how to Hack a Modern Dictatorship with AI, the digital CIA OSS sabotage manual.

Speaker B:

And I was giving a talk about it at the Romanian Parliament last November, just after Johnny Christmas, because he had the keynote.

Speaker B:

And I was discussing, you know, authoritarian regimes and dictatorships.

Speaker B:

The Romanian parliament that was built by the.

Speaker B:

The Romanian authoritarian and dictator.

Speaker B:

Right.

Speaker B:

And looking at the digital tools that, that they’re using more and more against us.

Speaker B:

So we’ve already discussed some of those tools, like smear campaigns, Right.

Speaker B:

They’ll do these types of things really, really nasty against groups of people or refugees.

Speaker B:

Like, for example, there’s been very unfortunate ones, not really in the News where the Bulgarians highly suspect and attribute a variety of different cyber attacks against refugee centers, specifically to get information, private information about Ukrainian refugees, because there’s quite a few that are in Bulgaria.

Speaker B:

There, again, privacy and cybersecurity kind of sync up.

Speaker B:

Right, sorry.

Speaker B:

Denmark, we have to look at these tactics, what used to be considered no go lines.

Speaker B:

Yes, you might bomb a hospital, but you’re really not supposed to.

Speaker B:

Right.

Speaker B:

But you can cyber attack a hospital.

Speaker B:

So the year before last, majority of Romania’s big hospital networks were under attack and were basically shut down.

Speaker B:

But they’re not at physical war with Russia.

Speaker B:

So we’re seeing this more and more in the Baltics, in Estonia.

Speaker B:

Lovely.

Speaker B:

Estonia.

Speaker B:

A week as I’m on the bus.

Speaker B:

So for everybody listening, Estonia is a bit unique.

Speaker B:

They’ve got one of the last remaining land borders with Russia in the Baltics.

Speaker B:

And that particular land border has actually been broken by the Estonians, so that you cannot drive over it.

Speaker B:

It’s got dragon teeth to keep the tanks out and you can only walk over.

Speaker B:

It’s very, very strict.

Speaker B:

Now, in order to get to that border and the border town is called Narva, you have to take a bus on Lux bus.

Speaker B:

The St. Petersburg, Russia bus driver does not speak English, does not speak Estonian, does not speak Ukrainian, but he only speaks Russian.

Speaker B:

And that sets the stage for getting to Narva.

Speaker B:

Now I’m on my way to Narva and I’m chatting with my friend who’s in Estonia who couldn’t join me.

Speaker B:

And I’m getting the news.

Speaker B:

And we’re passing by a.

Speaker B:

A port city begins with an S. It was the closest port city to Narva.

Speaker B:

Right.

Speaker B:

And as we’re passing, a ship is leaving the port, still in Estonian waters.

Speaker B:

And the Russian government seizes the ship as we’re going past, because the week before the.

Speaker B:

The Estonians had boarded a Russian ship that had come into Estonian waters.

Speaker B:

Awesome.

Speaker B:

So then I get to Narva and boy, oh, boy, it was so much fun.

Speaker B:

On the way, I found out that you can.

Speaker B:

So the buses, this is the part they’ll never let me back on the bus.

Speaker B:

So everybody’s like plugging in to charge their phones and they might play some games and share their contact info, whatever,.

Speaker A:

Inadvertently, with the infotainment system in the bus.

Speaker B:

Right.

Speaker B:

So as I’m on the bus, I find a blog of a guy, an Estonian I translated, where he had hacked them.

Speaker B:

So I’m like, oh, let me see.

Speaker B:

And of course, I’m getting all the contact information from everybody that is plugged in use a USB data blocker sometimes.

Speaker B:

And it was so much fun getting all this stuff.

Speaker B:

One lady did get yelled at on the bus for trying to play really loud, annoying, patriotic Russian music because we all wanted to sleep.

Speaker B:

But it was a very interesting crowd.

Speaker B:

And so you get off the bus and there’s a really long line.

Speaker B:

And because you can only walk over now, I’m not going to Russia because, you know, bad things would happen to me.

Speaker B:

But I’m like walking around, I’m like, wow, there’s more Russian spoken here in Narva, Estonia, than there was when I was in Transnistria around Russian peacekeeping troops.

Speaker B:

And there was all this other stuff going on.

Speaker B:

Like the GPS didn’t work, of course.

Speaker B:

So I had mapped out my stuff of where I wanted to go anyway.

Speaker B:

It’s not like it’s a big city.

Speaker B:

When I tried to connect to my phone, I noticed a few things.

Speaker B:

The estonians only offered 2G, which you can easily surveil the Russians on the other side.

Speaker B:

And the border’s only 350 meters.

Speaker B:

Yep.

Speaker B:

Small waterway.

Speaker A:

Small waterway.

Speaker A:

The river that goes into Lake Baby.

Speaker B:

Yeah.

Speaker B:

So the Russians, their cell phone signal was stronger than the estonians offering, and 4G to try to get you to connect to their network.

Speaker B:

And of course, if you have auto connecting, which most phones do, then you will automatically connect to the Russian side.

Speaker B:

Isn’t that cool?

Speaker B:

Right.

Speaker B:

So there’s even a fight, even with what’s in your pocket.

Speaker B:

It’s amazing.

Speaker B:

And then you have to be very careful what language you speak or where you stay, because there’s only a few places that will proudly put out that they’re Ukrainian.

Speaker B:

The rest are pro Russia.

Speaker B:

Then a week after I left, oh, and by the way, I started training the crows with fish in case the Russians sent drones over.

Speaker B:

I figure they could protect me.

Speaker B:

And they started following me around, you know, it’s just in case.

Speaker B:

Right.

Speaker B:

So then I leave Narva, I get back to Estonia, got an interview with a great firm.

Speaker B:

Try Estonian Mexican food.

Speaker B:

I do not recommend Estonian Mexican food.

Speaker B:

It’s not good.

Speaker B:

But I did it.

Speaker B:

I did it, I did it.

Speaker B:

And then city council members from Narva are arrested because they were running an intelligence op trying to restore some of the roads around to allow bypassing of the Dragon’s death teeth.

Speaker B:

Because there’s a section that goes like this in and out of Russia.

Speaker B:

You’re not allowed to stop your car.

Speaker B:

Not allowed to.

Speaker B:

That’s now been shut down.

Speaker A:

Yeah, there’s a road, this one.

Speaker A:

So in the southern Part of near Setima, there’s a road that, in order to get some of the villages and towns, there’s a section of the road that actually goes through Rochelle land.

Speaker A:

And the.

Speaker A:

The idea is that it’s.

Speaker A:

It’s only about 1km plus it’s not.

Speaker A:

Not very, very long.

Speaker A:

But the idea is that when you’re driving on that road, you’re not allowed to stop.

Speaker A:

You must continue moving because if you stop, then you’re considered trespassing on Russian land.

Speaker A:

It’s always.

Speaker A:

It’s always a challenge doing that last.

Speaker A:

The drive there.

Speaker A:

You just like.

Speaker A:

You drive and you’re just like, okay.

Speaker A:

But it’s also been controversy as well.

Speaker A:

There’s been border guards who’s been captured and taken into Russia, and then there’s been exchange and commonplace in order to do prisoner exchanges as well.

Speaker A:

But it is.

Speaker A:

It is an area that you have to always be kind of very cautious about, especially about, you know, connectivity and what you’re listening, you know, the information that’s there.

Speaker A:

And also.

Speaker A:

So it’s something they’ll always be very aware of in.

Speaker A:

Very cautious.

Speaker B:

Yes, very much so.

Speaker B:

There was also recently an incursion by some Russian troops near Narva as well.

Speaker B:

So it’s getting very interesting in that area of town in Europe.

Speaker A:

Well, I’ve been.

Speaker A:

Most of what I’ve been monitoring mostly is around the ships, the ghost ships and the anchors and stuff, because that’s.

Speaker A:

That’s a real.

Speaker A:

That’s one of the biggest challenges is that one, they sever the cables.

Speaker A:

In the last couple of years, we focused on resiliency in the energy cables.

Speaker A:

So we have enough.

Speaker A:

Because when Estonia cut themselves off from Russia last year, basically from the frequency.

Speaker A:

So that was a massive change.

Speaker A:

It was.

Speaker A:

You’re talking about cutting yourself off and not just the frequency, but also the revenue that you get from the energy that you’re transferring into Russia as well.

Speaker A:

But that’s been cut off.

Speaker A:

And it means that the frequency between Estonia and Finland and Sweden and Baltics and stuff has to be at the right frequency.

Speaker A:

So you have to.

Speaker A:

At the right level.

Speaker A:

And the moment, you know, those cables are severed, that causes a lot of disruption, a lot of challenges.

Speaker B:

So deharmonization.

Speaker A:

Yeah.

Speaker A:

And we saw that in Spain happening not too long ago where they didn’t have the ability to switch the frequency or shut off the switches quick enough in order to stop the cascading effect.

Speaker A:

But now that’s been kind of.

Speaker A:

The resiliency has been put in place.

Speaker A:

So there’s no capacity to deal with those situations.

Speaker A:

But most recently it was the data cable.

Speaker A:

We don’t have, you know, that too many resiliency in the data cables.

Speaker A:

So what that causes then is either a switch to satellite communications, which of course then you have to deal with latency.

Speaker A:

So there’s a massive challenge there, I think, for me, is that, you know, that’s the area that, you know, from a perspective that we need to have more protection over.

Speaker B:

Oh, yeah.

Speaker B:

Oh, definitely.

Speaker B:

I mean, one thing I learned a couple of years ago was at the imo, International Maritime Organization, I went to their very first cybersecurity summit in London.

Speaker B:

And funny enough, we had a storm and we lost power, second day.

Speaker B:

But the things that I learned there were quite shocking.

Speaker B:

I remember one speaker, he gets up and he goes, firstly he mentions that all hackers wear hoodies.

Speaker B:

And I was there with a hoodie, and I had a hacker friend there with a hoodie.

Speaker B:

We were the only two people with hoodies.

Speaker B:

And then he goes, we need to change this idea.

Speaker B:at default password should be:Speaker B:

But then he went on to describe.

Speaker B:

And so did the lady speaker.

Speaker B:

Gosh, I forget her name, but you should definitely have her on.

Speaker B:

I’ll, I’ll get her name for you.

Speaker B:

She’s an expert in it.

Speaker B:

And she was explaining how basically because there’s a general lack of regulation in maritime, anyone can lay any cable that they want.

Speaker B:

And so there’s this mishmash of all of these cables around.

Speaker B:

And one of the big things that I believe part of this, I don’t even call it a ghost fleet, but the surveillance network that Russia had going before was called the ghost fleet.

Speaker B:

Up in your area, the Baltics and Nordics, they were trying to figure out where some of these, say, non public undocumented data cables and energy cables were, because it isn’t.

Speaker B:

You can cut an energy cable.

Speaker B:

Oh, man, that hurts.

Speaker B:

But also, if you cut data cables, one thing you have to realize, and this might not be common knowledge, after the Heathrow issue, just after Heathrow Airport, there was a fire at a substation nearby.

Speaker B:

I had the.

Speaker B:

I’m gonna sound like a LinkedIn lunatic, humble bragger person.

Speaker B:

I had the privilege.

Speaker B:

I was so honored.

Speaker B:

But I was.

Speaker B:

Yeah, I was first time ever, I got to keynote at Cambridge University.

Speaker B:

Right.

Speaker B:

Like, right.

Speaker B:

And so the person after me was the lady who was put in charge of leading the investigation for what happened with Heathrow.

Speaker B:

And privately, one of the big things is when you’re dealing with critical infrastructure and electricity substations Water, you name it.

Speaker B:

It’s about 20% of the cost is actually mobile phone cost because you have to connect the things to be able to pull and transmit data because they might not be physically connected.

Speaker B:

And these devices only have half an hour to an hour battery power.

Speaker B:

So if there’s a fire and it drains the batteries, all of that stuff has to be brought up.

Speaker B:

Just like imagine a big old network in the sequence that you have to bring it up, but then you have to worry about the batteries being charged up enough.

Speaker B:

Right.

Speaker B:

So if you’re cutting off the electric or the mobile data, then suddenly the water company cannot connect remotely to the water pump because you don’t want a water pump sucking in water boom, boom, boom, boom next to where people live.

Speaker B:

So of course these things are far out.

Speaker B:

So that’s the other dangers because once you kill the Internet, you’re also killing connectivity between networked critical infrastructure.

Speaker B:

Now, I’m still wondering, I have not done a naughty scan cause I’ve been sick, but Iran is now back online.

Speaker B:

And I was wondering the entire time not only about my, my friends and their safety, but what was going on with the critical infrastructure.

Speaker B:

Because in order to do maintenance and things of that nature, say Honeywell and those types of manufacturers will connect and will poll and look at the entire environment.

Speaker B:

And that was all cut off and it starts to drift and drift in some cases.

Speaker B:

So it’s very, very, it’s very interesting how things have been developing in maritime and I hope that there are increases and that say less maritime powers that are in our wonderful alliance, start seeing the risks with maritime and start ramping up things between ice cutters and ice vessels because we definitely are going to have an Arctic war very soon.

Speaker B:

Yay.

Speaker B:

My, my, I’ve been to Greenland, so I’m not joking.

Speaker B:

So yeah, we need to take what’s occurring now and turn it into a plan in a way that we can hopefully dissuade our frenemies and our enemies.

Speaker A:

Yeah, it’s interesting when you’re talking about, because I remember years ago when I was working on the EU GDPR and it was interesting because I was doing at the time it was a lot of advisory for the maritime industry, satellite companies, shipping manufacturers, logistics.

Speaker A:

And I remember we were doing a project, it was just after you were talking about the PIR earlier, we had this project called Looking Glass, which is where ships could centrally communicate in when they saw, you know, potential dangers.

Speaker A:

And then that would broadcast out the rest of the vessel.

Speaker A:

So, you know, avoid this area or kind of move away.

Speaker A:

So, and it was interesting because at the, at the time and I was, I went to, to Belgium again to, to we were doing, the Ministry of Transportation was talking about, you know, GDPR and maritime side.

Speaker A:

And then just after we had this massive EU council meeting and I remember afterwards we’re talking about, it was like.

Speaker A:

And somebody said, as we were having a discussion about gdpr, they said, oh my goodness, what about international waters?

Speaker A:

And that just brought up a massive issue because the whole idea was like an international maritime law for data across the cyberspace, but in international waters, of course it doesn’t apply.

Speaker A:

Um, your point is, and that’s where you ran into lots of issues.

Speaker A:

Things like autonomous shipping can be done because it would be considered no person on the vessel, therefore it could be salvaged.

Speaker B:

Oh, that’s true, that’s true.

Speaker B:

Because if there’s no person, you can take that boat.

Speaker B:

I, I did that once in Florida.

Speaker A:

But that’s, that’s when you get into the law of law.

Speaker A:

International water territory, international maritime law applies and therefore then it’s space considered like in space the same.

Speaker A:

And so that’s where we, you have, you know, when cables are moving through or go across international waters, you have to have some way of protecting and monitoring them, making sure.

Speaker A:

Because, because a lot of whatever flag is flying on the vessel is the law that applies.

Speaker B:

Yeah.

Speaker A:

And usually it’s in the countries where there is pretty much very.

Speaker A:

No, no existing law that’s really kind of strength strong enough to protect.

Speaker B:

Correct?

Speaker B:

Yeah, yeah, yeah, yeah.

Speaker A:

So it was interesting.

Speaker A:

And in that case when we realized that it didn’t apply and it became the maritime best practice framework came out which was focused, mostly focused at nearshore agreement because.

Speaker A:

And it was like, you know, when you can get so many countries to agree on GDPR, then you’re talking about was 196, 197 countries had to agree on international maritime and getting something passed then was.

Speaker A:

Was impossible to change because it’s a law that hasn’t changed for hundreds of years.

Speaker B:

No, no, no, no.

Speaker B:

So.

Speaker B:

So one thing I learned really quickly at the IMO is although the International Maritime Organization is officially part of the un, it’s only for show.

Speaker B:

They’re their own international organization.

Speaker A:

Very independent, very separate.

Speaker B:

Very, very separate.

Speaker B:

Yeah, no, no, it’s only in name only.

Speaker B:

Oh yeah, yeah, yeah, that’s nice.

Speaker B:

But we’re our own thing.

Speaker B:

Yeah.

Speaker B:

Maritime.

Speaker B:

If I have the opportunity listeners and I had a cyber sugar daddy, I would do a barrister one year course in London and concentrate on cyber maritime and space because they’re all quite interconnected and look at that.

Speaker B:

And wow, maritime law.

Speaker B:

It’s just so fascinating.

Speaker B:

I love it.

Speaker A:

So yes, yes it is.

Speaker A:

I mean that’s me.

Speaker A:

It was really interesting because after that then I got heavily involved in.

Speaker A:

To the satellite communications because in space side and satellites it is very interesting into looking at the L band and cave end and then the security elements that gets into those, which was very fascinating.

Speaker B:

Oh, would you mind if I brought up an interesting topic sort of related to that?

Speaker A:

Sure, absolutely.

Speaker B:

Yeah.

Speaker B:

Okay.

Speaker B:

It’s not an interesting topic.

Speaker B:

It’s a bit of a dark topic.

Speaker B:

I’m not sure you are aware of a particular situation.

Speaker B:

I was told about it by a few individuals.

Speaker B:

Now in Belarus there used to be about 50 licensed ham radio amateur radio folks, right.

Speaker B:

And unfortunately they have been deemed enemies of the state suddenly and they are now being hunted down.

Speaker B:

Some have been executed and the Amateur Radio association internationally has been trying to spread the word of the plight of what’s going on.

Speaker B:

And it’s, it’s quite dire and it is a very unfortunate thing that seems to be a pattern more and more authoritarian regimes.

Speaker B:

For example, during and now even after the Internet has come back on.

Speaker B:

In Iran there were at the time before the Internet shutdown, 10 licensed radio operators as of last year in Iran and none of them have been back online since the Internet has come back even though they were already highly restricted and what type of communications they could actually do.

Speaker B:

So it’s very, very sad.

Speaker B:

But also shows the importance of radio.

Speaker A:

And being able to so critical I think, I mean that’s, that’s, you know, when everything else doesn’t work, that’s what you’re, that’s.

Speaker A:

That’s your doomsday fallback scenario.

Speaker A:

Exactly.

Speaker A:

For myself I, I got fascinated.

Speaker A:

It must have been a little bit over 12 years ago when it was.

Speaker A:

I was working in a lot of.

Speaker A:

It was actually back the maritime side that we did a lot of RFID testing and I end up doing a lot with a Proxmark and of course flip of zeros and stuff like that.

Speaker A:

And I became a ham radio certified operator as well just from that fascination of radio.

Speaker A:

Because that’s the fallback is that one thing that you know, you don’t have to require on connectivity from satellites or cables.

Speaker A:

You can just basically binds the signal across.

Speaker A:

And it’s actually one of the things when you mentioned earlier about the critical infrastructure, these edge devices, typically cell phone or data stops working.

Speaker A:

They usually do have a fallback to radio.

Speaker A:

But of course it does require power and it does require near communication.

Speaker A:

So, so it’s usually that’s, that’s sometimes a fallback for critical infrastructure.

Speaker A:

You’re absolutely right.

Speaker A:

Is that, you know when, when, when places go dark radio is, is, you know what especially low powered, you know, large antennas do have the ability to get information across.

Speaker A:

That’s what you even.

Speaker A:

That’s why Finnish had their TV antennas.

Speaker A:

Finland was near Helsinki, not in the middle of Finland but near Helsinki because then it was able to broadcast radio and western signals to the Baltics when it was Soviet times.

Speaker A:

That’s why a lot of these certain places, locations of antennas and TV towers was so that you can actually broadcast and they could receive it.

Speaker A:

So sometimes it’s very key locations.

Speaker A:

But yeah, it’s very concerning.

Speaker A:

You know, especially countries which are very dictatorship and very controlling from a state perspective is that if you have the communication, the ability to communicate data in and out beyond their control because radio, you know you become restricted to the ham radio license restrictions and of course that if you’re able to, to secretly communicate information then yeah, it can be very damaging and very concerning.

Speaker A:

It’s a shame that some countries are very controlling over that.

Speaker B:

Well, I think a good index of how authoritarian a country is is the ability to get an amateur radio license.

Speaker A:

Yep.

Speaker A:

Yeah, I think that really.

Speaker A:

Yeah, because that for them is losing control unless you control the person somehow.

Speaker A:

So what other things have you been working?

Speaker A:

What’s the most recent thing you’ve been getting involved?

Speaker A:

What’s the latest project you’re working on?

Speaker B:

Well, so there’s been a few of them recently.

Speaker B:

Intel came out with a press release first in German, gotta center around the English one.

Speaker B:

The book that I had held up before really I need to market myself more one day.

Speaker B:

It’s actually field tested and it was based on some of the activities that myself and a group that I’m now a spokesperson for, White Lotus Security and what we had been doing was processing things like and receiving detainee lists, checking legitimate prisons versus torture sites, working on gathering information, helping to track and rescue political opponents whose children were politically kidnapped, help facilitate and a few other rather high profile things in Venezuela and trying to keep certain key individuals in Venezuela safe whilst also facilitating a variety of different types of evacuations as well as loads and loads of information about the ongoings of the then Maduro administration, the head of their intelligence and the cartel networks that they are connected with via the Minister of Transport which is the head of the intelligence brother.

Speaker B:

It’s all very tightly controlled as, as.

Speaker A:

They typically would have.

Speaker B:

Yes, yes.

Speaker B:

So after the interesting arrest of now former President Maduro, we decided to go public and we’re still operating in that area.

Speaker B:

However, our big focus is to protect people and certain key individuals and to make sure that hopefully the government doesn’t turn its guns on peaceful protesters again that we know ahead of time.

Speaker A:

Absolutely.

Speaker A:

It’s important that people that are doing the right thing and the best thing stay safe and get the protection they need.

Speaker A:

So how do you stay up to date yourself?

Speaker A:

What’s the resources?

Speaker A:

You mean how do you stay.

Speaker A:

What, what, what do you, what books do you read or what podcasts do you listen to?

Speaker A:

How do you stay up to date or what conferences do you go to?

Speaker A:

What’s good?

Speaker B:

Well, let’s see.

Speaker B:

I go to a good deal of B sides conferences because I love the atmosphere and I’ll be doing the keynote out.

Speaker B:

I, I seem to not be able to pronounce it correctly.

Speaker B:

Galway.

Speaker B:

Yeah, Galway.

Speaker B:

Galway.

Speaker B:

Galway, Ireland in a month.

Speaker B:

But I also attend a lot of government sort of stuffy conferences.

Speaker B:

Stuffy on the front where all the photographs are taken, but quite exciting in the back room.

Speaker B:

For example, I got to witness a cyber defense agreement signed between Romania and Kenya late last year.

Speaker B:

Right.

Speaker A:

Capacity planning, I guess are supporting or sharing.

Speaker B:

It now gives an opportunity for the EU to get intelligence directly from East Africa.

Speaker B:

Now previous it was only the US it had two rather large listening stations, but the larger one at the time was in Dar es Salaam in Tanzania.

Speaker B:

And now that the US is no longer a full on intelligence partner with the eu, that’s one of the resources.

Speaker B:

And from Kenya and East Africa there are a good deal of very interesting a different type of terrorist activity flavor, a different type of cybercrime, just with a different view.

Speaker B:

But now that information can be absorbed and processed and enriched and its relevance can be measured for the rest of Europe.

Speaker A:

That’s where it goes back to the transparency, incorporation, that’s key.

Speaker A:

It’s key that we have ways of working together and the information is flowing so we can all make critical decisions both directions for the audience.

Speaker A:

What’s the best way if they do want to contact you or have questions or want to learn more, what’s the best way for them to reach out to you?

Speaker B:

Ooh, golly g will occur.

Speaker B:

Well, we’ll put up a link for my LinkedIn profile because that’s easy.

Speaker B:

And also my website has email for journalists listed as well or my substack.

Speaker B:

I keep forgetting all these Things.

Speaker A:

Oh no, there’s so, so many resources today.

Speaker B:

But yeah, I mean I like talking to people, I like meeting new people, I like to collaborate.

Speaker B:

I know that we have to collaborate more and more and that’s one of the areas when you ask me, oh, what podcasts do you listen to?

Speaker B:

Whatever, whatever.

Speaker B:

My biggest source of information is directly from the people that I meet and their local news and I do a lot of that with where I will look at the right, left in between of local news, try to get the flavor, but also talk directly to people.

Speaker B:

Like recently I’ve been running a series and I’ve gotta do some more from one of my sources from Iran of really what’s been for realsy going on and what some of the major issues are.

Speaker B:

And in that way I meet a lot of people at conferences to be able to do this.

Speaker B:

So I say network and go to conferences and talk to the people.

Speaker B:

The talks are cool, but the people are even cooler.

Speaker A:

Absolutely.

Speaker A:

The networking and the.

Speaker A:

And the connections it’s made is the most critical things and the ones that say as well.

Speaker B:

So.

Speaker A:

Well, many thanks for being on the podcast.

Speaker A:

It’s always great talking with and we spent way too long.

Speaker B:

I know it’s been way too long.

Speaker B:

Next time I’m in Estonia I gotta visit you and I’m gonna do this in.

Speaker B:

Perfect.

Speaker A:

We’ll do it in person.

Speaker A:

I’ve got a podcast studio over here, so.

Speaker B:

Or we’ll go on on site to Narva and I’ll introduce you to the crows that I trained.

Speaker A:

Actually there are some fascinating places in Nara.

Speaker B:

Oh no.

Speaker A:

Yes.

Speaker B:

Yeah.

Speaker B:

Oh, we can take our fishing poles.

Speaker A:

Fishing poles, yeah.

Speaker A:

So.

Speaker A:

But absolutely we’ll find, find another follow up.

Speaker A:

That’ll be fun.

Speaker A:

Absolutely.

Speaker A:

In person.

Speaker A:

But many thanks for being on and you know, it’s always great chatting with all three insights and what you’re doing in the world and you know, the focus around keeping people safe and keeping information flowing and makes it makes the world a safer place and it also makes us more knowledgeable as well.

Speaker A:

I think it’s really important is that information that gets shared that we can all consume it and make decisions in context out of it.

Speaker A:

So it’s, it’s critical.

Speaker A:

Thanks for being on and it’s always great chatting with you.

Speaker A:

So for everyone, this is the security by default podcast.

Speaker A:

Bringing awesome guests knowledge, insights, lessons and world experience in order for you to help incorporate that into your own daily life and work.

Speaker A:

And hopefully we all have the same goal to make the world a safer place and a fun one at the same time.

Speaker A:

So stay safe and thank you until the next time.

Posted by

in