By Riley Phillips
The European Cyber Conflict Research Initiative (ECCRI) is a collective of professionals, scholars, journalists, and government officials within the cybersecurity space that seeks to “promote interdisciplinary research on cyber conflict and statecraft.”[1] Their 2024 Cyber Forum at the Blavatnik School of Government of Oxford University was the first of its kind. The Forum allowed the ECCRI community to meet and discuss the evolving threat landscape. Themes of sovereignty, responsibility, pessimism and optimism dominated conversations on policy, China, efficacy of attacks, and prepositioning.
The Forum kicked off with a Mandiant workshop. Early career professionals were invited to take part in three groups looking at the current threats in cyberspace. My session was led by Jamie Collier, Lead Mandiant Threat Intelligence Advisor (Europe), who led the room of ten professionals and experts in thinking about the value and application of Cyber Threat Intelligence (CTI). We considered the value of CTI to policymakers and how that would influence or not influence their decisions when it came to growing threats. We considered the role of the consumer, the provider, and the government. In a security landscape of hybrid attacks, who should step in when, what does instant response look like, who is responsible when attacks occur? And how can operationally profiling of threats expand our view on how we understand threats by using terms like “clumsy” or “agile.” While discussed in theory, the application of these thoughts is necessary and urgent. Cyber threats regarding Chinese methods of hacking, the threat AI appears but so far isn’t, and election security proved harder to find routes to security. For example, in the case of election security, the perception of interference is “good enough” for the attacker because it creates a threat by creating the perception there is one. This raises the predicament of how to talk about disinformation without creating more harm by talking about it. These were the thoughts and questions raised during the workshop. There were little clear answers but rather questions that raised more questions pointing towards the necessity of meeting where professionals, academics, and government officials can exchange ideas.
Following the Mandiant workshop, there were three formal sessions to the day. The first two sessions were under Chatham House Rule. Chatham House Rule requires there be no audio or video recording and that you cannot reveal who said what during the session. You can, however, discuss what was discussed without revealing identities of who said what in order to facilitate candor around the topics discussed.[2] Without violating this rule, I hope to present my takeaways and reflections on topics discussed during the three sessions of the conference.
The three sessions that followed were candor considerations of the current cyber landscape, where it has been and where it’s going based off analysis of intelligence and recent events. The First session was called Cyber Threat Landscape with speakers from Dutch Ministry of Defense, ECCRI European Cybersecurity Fellowship, and a Global Leader for Threat Intelligence from PwC. The conversation emphasized the proliferation and diversification of adversaries. State actors Russia and China were discussed as being on the forefront of this due to their decentralized cyber threat landscape. Noting that China has grown significantly through a process of policy experimentations surrounding cyber intelligence. Chinese decentralization cyber-attacks and activities by farming it out to contractors and incentivizing their success. As a result, there has been growth through competition. Now, operation maturity appears as effective pre-positioning and attacks through edging, living off the land, and burning through 0-day exploitation practices to name a few. This conversation surrounding the threat and growth of cyber threats continued to echo throughout the rest of the day.
The second session was called Charting the Course for Military Cyber Policy. Speakers included representatives from the U.S. Cyber Command and NATO as well as a professor from Johns Hopkins. There was an overwhelming call for collaboration regarding cyber threats not only between nation states but also with private entities. The international marshalling behind Ukraine was used to exemplify the capacity to provide support and resources through collaboration. Additionally, private sector entities can be in coalition with one another. The importance of this rests in the overarching reality that all war has cyber capabilities and nations must pivot alongside and learn intra war adaptations which have proven challenging. Pre-positioning remained at the forefront of the conversations. Pre-positioning being the infecting of structure with malware etc. Instead of performing the attack the attackers wait until it is needed. China has been found pre-positioning itself within the critical infrastructure of the U.S. Private sector involvement is critical because critical infrastructure is owned by the private sector and is also monitored by civilians. Implications include the different jurisdictions that cyber warfare inhabits, when article 5 applies to cyber war, and whether there is merit to military cyber policy. Overall, there is room to grow and need for development and change to better approach the cyber threats that exist.
The last session was the only session not under Chatham House Rule. It was a conversation between Jan Easterly, Director of Cybersecurity and Infrastructure at U.S. Homeland Security, and Ciaran Martin, Professor of Practice in the Management of Public Organizations of Blavatnik School of Government at Oxford. The conversation surrounded the role of Cybersecurity and Infrastructure Security Agency of Department of Homeland Security (CISA), its goals, current threats, and what it’s doing. Primary points included defending networks people depend on like water or healthcare, catalyzing trusted partnerships between non-profits, state elected official, and industries, and how to best protect to target rich and cyber poor companies/ sectors. Some responses to these key points again echoed the need to collaborate, need to watch for pre-positioning, and to provide training services for vulnerable sectors and companies. Despite all of this, it was clear that cyber threats weren’t going away but becoming more dangerous and more prominent. In response there is a need for growth and continued collaboration between policy, private, and public sectors.
The ECCRI forum highlighted the need to unite in attacking the threats that cyberspace faces all the way down to consumers. The consumer holds power to their own security through engaging with secure practices like dual authentication. Despite its many challenges’ cybersecurity relies on cooperation at every level. The ECCRI Cyber Forum practiced this by creating a space for international leaders, experts, young professionals, and the public to discuss with and educate one another.
ECCRI. “Our Story.” Accessed July 8, 2024. https://eccri.eu/our-story/.
House, Chatham. “Chatham House Rule Chatham House Rule,” n.d. https://www.chathamhouse.org/about-us/chatham-house-rule.
[1] ECCRI, “Our Story,” accessed July 8, 2024, https://eccri.eu/our-story/.
[2] Chatham House, “Chatham House Rule Chatham House Rule,” n.d., https://www.chathamhouse.org/about-us/chatham-house-rule.