DefCamp #11: Chris Kubecka on the geopolitics of cyber warfare and the deep impact of digital conflict

One of the most interesting – and most challenging – aspects of information security is how it lives at the intersection of key sectors and disciplines.

While industry outsiders may still view infosec work as purely technology-driven, leaders who’ve been in the trenches for decades know that security expands far beyond the tech layer.

People. Technology. Cybersecurity

As you progress through your own career, you will discover that, once you have the tech figured out, other challenges arise that have a direct effect on your work. From human psychology to business transformations, from regulatory changes to geopolitics, infosec leaders in large organizations and institutions are constantly working with a range of moving parts across disciplines.

Outside of most people’s range, some of the most brilliant hacker minds in the world are working behind the scenes on complex issues that impact the global infrastructure our society depends on to function.

So it was an honor to get insights from one of the most knowledgeable experts on the delicate issue of digital conflict.

Earlier this year, Chris Kubecka, owner at HypaSec and former DefCamp speaker (among her many incredible experiences) became Distinguished Chair at the Middle East Institute Cyber Program at the Middle East Institute (MEI).

Along with her colleagues, Mike Sexton, Fellow and Director of MEI’s Cyber Program, and Eliza Campbell, Associate Director for Impact and Innovation, Chris captured essential insights that are bound to influence cyber policy decisions in the next year.

Taking a deep-dive into this thorny topic and pooling together their experience and know-how, Eliza and Mike co-wrote an essential book: Cyber War & Cyber Peace in the Middle East: Digital Conflict in the Cradle of Civilization. If the ideas they shared with us spark an interest, you can start by reading it to get up to speed with how things really look like at that level of policy-making.

“As the presidential election reached its apparent conclusion, the cyber security concerns that were top of mind throughout certainly have not.

Cyber policy is poised to be at the forefront of the Biden administration’s agenda, particularly related to the recent Abraham Accords.”

To summarize, the Abraham Accords seek to establish and normalize “diplomatic relations between Israel and two Arab Gulf states, Bahrain and the United Arab Emirates (UAE)”, according to The Conversation.

But what started under one US president will continue to unfold under another, with implications at a global scale.

So why is cybersecurity on the agenda?

Chris, Eliza, and Mike explain:

“As the Biden administration will likely inherit the task of finalizing the Abraham Accord negotiations, one crucial aspect to consider is cyber.

Both Israel and countries normalizing ties with Israel will be looking for strategic alignment in terms of cyber threats for Israel with regards to cyber crime, online extremism, technology infrastructure, etc.”

To enable productive negotiations, one of the parties will have to act as mediator.

“In finalizing these normalization deals, the U.S. will play a major role in arbitrating a cyber norms agreement to ensure commitment to identifying and propagating norms of responsible state conduct in cyberspace. “

As a result, US representatives are bound to play a major role in shaping the future of the internet, of digital conflict, and how phenomena like the Balkanization of the internet evolve. Cascading towards public institutions and private organizations, these accords might bring important changes to the regulatory context and to the daily jobs of hundreds of thousands of cybersecurity specialists.

“In these agreements, the U.S. should advocate for responsible conduct on information and communications technology (ICT) infrastructure that includes not executing or knowingly supporting ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.”

Could this lead to less aggressive nation-state sponsored cyber attacks?

It’s definitely too early to stay, but watching Chris, Eliza, and Mike and their work will surely keep you in the know.

Here’s a glance into the future and which international milestones to watch and study if you’re interested in understanding how geopolitics shapes cybersecurity and viceversa.

“We anticipate that some language in any cyber norms agreements between Israel and other countries will be watered down or taken out at the negotiating table.

One example where this may occur is “welcoming” the analysis of the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, since the parties may be averse to opening themselves up to new legal scrutiny based on its findings.

We nevertheless think it is valuable to bring this to the negotiating table in order to promote existing legal analysis undertaken under the support of NATO.”

Chris, Mike, and Eliza have incredible insight and they are bound to offer unparalleled analysis on how the Biden administration should be preparing to grapple with cyber security. You’ll want to follow their work and broaden your view of the forces that mold your work, the infosec industry, and your life as both a citizen and a netizen.

3 key takeaways to build on:

  1. Cyber warfare and information operations influence not only international politics, but also private organizations and the work and lives of cybersecurity specialists tasked with protecting them.
  2. A job in cybersecurity may start at the technical layer but it requires multidisciplinary knowledge as you advance in roles, organizations, and the industry itself.
  3. The fastest way to figure your way around thorny, complex issues such as the intersection between geopolitics and cybersecurity is to follow people like Chris Kubecka, Mike Sexton, and Eliza Campbell.

    Related articles​

    Securing the cloud: insights on threats, ..

    BY Adina Harabagiu
    There is no mystery that everything nowadays has a digital component. A growing number of companies are ..

    Striking a balance between security updates, ..

    BY Adina Harabagiu
    The world of cybersecurity is fast paced, there’s no denying it. Innovation is constant and threats are ..

    Pentesting: a tool for empowering – not ..

    BY Adina Harabagiu
    You’ve likely caught wind of this rising tide – offensive security, pentesting, and #RedTeams are not ..