×

Expert discusses mitigating cyber risks

Sean Kanuck, an international attorney and strategic consultant, discusses how to mitigate potential cyber risks Monday night at the Economic Club of Marquette County’s monthly gathering as club president Stephanie Jones looks on. It was a timely topic since National Cyber Security Awareness Month is observed throughout this month in the United States. (Journal photo by Jaymie Depew)

MARQUETTE — As National Cyber Security Awareness Month is observed this month in the U.S., the Economic Club of Marquette County hosted international attorney and strategic consultant Sean Kanuck during its monthly gathering Monday night to discuss the timely subject of mitigating cyber risks in the 21st century.

Kanuck advises governments, corporations and entrepreneurs on the future of information technology and serves as director of the Cyber, Space and Future Conflict program at the International Institute for Strategic Studies in London.

Instead of focusing on international cybersecurity, Kanuck discussed potential global information risks since it’s impossible to have perfect security in cyberspace.

“It’s not just international. It’s not just about countries today. It’s about companies, non-governmental organizations, terrorists and various skilled individuals,” Kanuck said. “I use the word ‘risk’ because like anything else, with functionality comes risks, vulnerability and opportunity. It’s risk, it’s not security. It’s something to be managed and mitigated.”

Kanuck worked at the U.S. Office of the Director of National Intelligence for five years. He said every year the ODNI is asked to brief Congress on the greatest threats to the U.S. Cyber was the first topic addressed in 2011-12 with the biggest concerns consisting of hacking information and data.

Kanuck suggested Congress lean toward a risk-based approach and think like “the attacker” to determine an appropriate risk management assessment.

“Who is trying to take what from you, and why? Is it a business competitor seeking your intellectual property, is a terrorist seeking to cause casualties by bringing down networks at a hospital?” Kanuck asked.

Kanuck mentioned how Facebook was manipulated by Russian intelligence officers around the 2016 presidential election.

“Mark Zuckerburg eventually puts on his Facebook page about a month ago stating that in 2016, his company was completely unprepared, had not thought about what those Russian intelligence officers and their proxies might try and do to them,” Kanuck said. “Leading up to the midterm elections now, they are preparing and taking other measures … but in 2016, they were completely unprepared.”

Kanuck suggested that Russia questioned the legitimacy of the entire electoral process in the U.S.

“Now if you’re a partisan candidate or operative, the issue in that one election obviously significantly matters to you,” he said. “But if you’re Mr. (Vladimir) Putin or those intelligence agencies, you are largely concerned about your own regime stability (and) how your national populace views you, compared to the competing Western model.

“If you can show that the alternate governance styles in the Western democracies are racist, misogynists, violent and illegitimate, that serves your political purposes not only against your Western competitors but actually for your own domestic audiences.”

Kanuck said he’s concerned about the status of cybersecurity in the health sector particularly.

“We’ve seen the personal information theft, we’ve see ransom-ware against these entities,” Kanuck said. “There are actors out there who would like to cause casualties and death, talking about terrorists and extremist groups who might consider that a great victory by harming, possibly, hospital networks.

“Unfortunately, the technical studies are out there, whether it’s infusion pumps, in the actual inpatient rooms, whether its pacemakers and insulin pumps, all these devices have been shown to be hackable.”

So, how do agencies improve resilience to cyber risks?

“The first thing is better defenses such as that primary system that you’re dependent on can’t be easily compromised,” Kanuck said. “The second is what we think of as redundancy, alternative systems to use or rely upon when your primary system is temporarily degraded.”

Scott Holman, Northern Michigan University trustee, asked about a Bloomberg News article regarding Chinese officials placing microchips into motherboards being sent to the U.S.

“What are the opportunities for them to turn them on and how dangerous a risk is it for us?” Holman asked.

If true, Kanuck said it’s a huge concern and it’d be like “owning the keys to a castle.”

“It allows you to completely dominate the device and it’s a very real concern and threat at a conceptual level,” he said. When using anything in the cyber network, Kanuck said one must question how a network could be exploited. “Are you just going to be getting my Christmas recipe or are you going to be getting my banking information?” he asked.

Newsletter

Today's breaking news and more in your inbox

I'm interested in (please check all that apply)
Are you a paying subscriber to the newspaper *
   

Starting at $4.62/week.

Subscribe Today