Hacking groups, state actors active in ‘dynamic and crowded’ cyber environment: Expert

American Enterprise Institute Senior Fellow Klon Kitchen sits down with Yahoo Finance Live to discuss the cybersecurity threats that hacker groups and Russian state actors may pose to American companies and infrastructure.

Video Transcript

BRIAN CHEUNG: Well, we want to turn our attention now on the other hand of this conflict which, of course, is the cyber aspect of all of this. Cyberattacks in focus as some groups like the global group Anonymous commit to, quote, "a cyber war" against Russia. Let's bring in Klon Kitchen, American Enterprise Institute Senior Fellow who is also an expert on national security.

Klon, it's great to have you on the program this afternoon. You know, things are changing by the day. But it cannot be discounted the fact that this is not a war that's just going to be fought on the ground but on the internet as well.

KLON KITCHEN: Yeah, that's absolutely right. And, Brian, one of the interesting things is that we, frankly, expected even more activity online than we've seen thus far. And a lot of us are trying to figure out why that is. We're not sure if the Russians just overestimated their capabilities, and so chose not to take cyber actions or if some of those efforts were attempted but then rolled back.

But one of the things, as you mentioned, the Anonymous hacker collective-- one of the things that typifies the current environment is that it's very crowded. So you have state actors, both in Russia and Ukraine, including the United States and its allies. You have private companies like Microsoft and Facebook who are doing active threat monitoring and taking mitigating actions. And then you have hacking groups like Anonymous. So it is a dynamic and crowded space right now.

BRIAN CHEUNG: Now, again, it's not like the Russia-Ukraine invasion has really been the beginning of a cyber war between Russia and the rest of the world. I mean, we have seen attacks well before this. So based off of what we are used to seeing from Russian hackers as far as the playbook goes, where is the biggest risk? Is it among these large multinational corporates that Russia might have an interest in taking down? Or is it individual users, and people's credit card accounts, and maybe opening up ransomware by accident through an email?

KLON KITCHEN: Yeah, so the challenge is they can do all of it. And they can largely do all of that at the same time. That's one of the challenges with cyber. What I would anticipate seeing right now, I'll maybe divide it into a couple of categories, one, in Ukraine, I think the likelihood of what we call tactical cyber operations, aimed at suppressing Ukraine's ability to use the internet and other digital capabilities, I think that's going to increase and be real significant going forward.

In addition, Russia has a tendency to use non-state hacking groups like the REvil or DarkSide ransomware groups as a way of just causing general havoc. Now, right now, these groups seem to be a little bit on a leash. And I think Putin is trying to manage the situation. He doesn't want to accidentally escalate this thing outside of Ukraine any further than he already has. But at whatever point he decides that he wants to reintroduce that friction into the system, it's available to him and they can do a lot of damage, both to individual users and to corporate targets.

BRIAN CHEUNG: Can you explain a little bit deeper about just exactly how state sanctioned some of these groups are? I mean, you know, is it the form of an agency that's actually government run with a bunch of people and hackers that are doing this? Or is it kind of informal relationships between the Russian government and some of these independent hackers to carry out this work?

KLON KITCHEN: So it's all of the above. A lot of individual hackers and even the groups themselves operate and even move along a spectrum of collaboration with the government. So take some of these ransomware syndicates.

They will typically operate quite independent of the government, but with the government's unstated allowance. And you know, Moscow sees their activities as, one, just introducing friction into the system that they find politically advantageous, and then two, as kind of the cost of having those capabilities on call if and when the government ever needs them.

And then occasionally, they do. They call them. And when the government wants a veneer of deniability, they'll employ groups like that and have them go after specific targets. And then other times, as happened recently in the run-up to the invasion of Ukraine, a number of these ransomware hackers will be arrested and then subsequently employed by government services for their specific skill sets. So Russia has maximal freedom of movement in terms of how it leverages these capabilities and has historically shown themselves to be very capable at doing this.

BRIAN CHEUNG: Now, obviously, the big focus is still on Ukraine, but let's say, for example, the Russians were to go after some large US government website, for example. What types of capabilities does the United States have in countering that?

KLON KITCHEN: Well, in terms of countering, you know, cybersecurity is an offensive game. It's impossible to defend against all of the risks. And you know, the scale and the speed are all in the attacker's favor. So in terms of what we can do, we do what's called active threat mitigation and active defense.

That's where we proactively infiltrate our enemies' networks so that we can see them coming before they actually launch an attack. But those types of efforts are typically trained on the more sensitive systems. If we're just talking about government websites, public-facing websites, those aren't as big a priority. That being said, we have the ability to interrupt and shut down the technical infrastructure that a lot of these organizations use to attack us.

But again, this is always a little bit of a cat and mouse game, because as quickly as you knock it down, they can typically set it back up. And so that's why you don't want to generally resolve yourself only to a defensive posture. If and when push comes to shove, the United States and its allies are going to go offensive, and that will be a much more expansive, aggressive posture than just trying to protect some websites.

BRIAN CHEUNG: All right, Klon Kitchen, American Enterprise Institute Senior Fellow, thanks for much for stopping by Yahoo Finance this afternoon.