STATETECH: It seems smart to think of New York cybersecurity holistically in terms of geopolitical risk and advanced persistent threats. Are APTs at the top of your list of potential threats?
Ahern: The overall theme of cyberthreats recently is convergence. Historically, we had three distinct groups of threats with three distinct groups of targets.
We had individually motivated, ideologically motivated, politically motivated and racially motivated “hacktivists,” who were either individuals or small groups that were loosely affiliated and relatively unsophisticated. One step up, historically, we had cybercriminals: Think ransomware operations, digital smash-and-grabs and distributed denial-of-service attacks, all for financial gain. And then, the most sophisticated were from nation-states; those are sometimes referred to as advanced persistent threats. APTs are particularly troublesome for a couple of reasons.
One is that they are seeking strategic access. This means that they look for any opportunity to get a foothold onto a target, and then sit there as quietly as possible for as long as possible. In doing this, they “hold a target at risk”: While they don’t have a specific operation right now, they’re seeking to gain access, sit on it and, at a time of their choosing, perform a theft or an attack. This obviously makes them, in some ways, more dangerous and more pernicious. They’re low and slow.
There also are nation-states that have specific, operational objectives that they will spend significant resources to achieve: people, money, time, and zero-day or previously unknown exploits. For example, in the run-up to the Ukraine war, the Russian government temporarily disabled a satellite system called Viasat and significantly degraded Ukrainian military command-and-control networks. Now, in their recovery, Ukrainians have shown the world what cyber resilience really looks like. In many ways, I think we will be studying what the Ukrainians and their allies and partners have accomplished from a cyber perspective for years to come.
Today, you’re really seeing a convergence. Looking at targets, you’re seeing these roughly differentiated groups’ targets are becoming enmeshed; you’re seeing their capabilities spreading across and into an increasingly sophisticated, interconnected ecosystem. Criminals can buy sophisticated hacking tools from the dark web that are the kind previously used only by nation-states. Some nation-states, such as North Korea, now operate like criminal groups. I would say that there are still three distinct kinds of threats. But we’re seeing the convergence of these threats, targets and capabilities, all making cyber more challenging, along with the overall geopolitical factors.