Frank Ranero is cyber security expert from the US. He is currently working as US Cyber Security Advisor to the the Ministry of Defence of the Republic of North Macedonia. His engagement in the MoD is a part of the cooperation and strategic partnership with the United States of America. In the forthcoming period, he will work intensively with key cyber personnel to fulfil the ambitious agenda of the Ministry of Defence and the joint efforts to build and strengthen the cyber capacity at the national level. Within the planned activities, it is planned to develop new so-called cyber authorities and specialized cyber teams for rapid response and monitoring. More than enough reasons for an interview…
CIVIL MEDIA: What are the key challenges in the area of cyber security in this period?
RANERO: In my opinion, the key cybersecurity challenges faced by governments, industry, and academia are maintaining secure data and ensuring a safe user experience, while managing very complex IT infrastructures that see rapid technological change and are increasingly interconnected. These complexities often result in organizations being forced to manage different security systems, which decreases overall cyber resiliency and increases costs. Furthermore, malicious actors will always try to breach systems using the weakest points.
Therefore, complex IT infrastructures are more difficult to defend. An organization might be satisfied that 99.999% of their IT infrastructure is secured but an attacker may find that vulnerable 0.001% (a system or application that missed the latest patch or was configured incorrectly) resulting in unauthorized access and eventual data leak or malware installation.
Finally, organized cybercrime is a serious threat to national security and critical infrastructure as malicious actors have built a very lucrative economy in the Dark Web by finding vulnerabilities and then providing modern tools and services, at relative low cost, to other actors to exploit them.
CIVIL MEDIA: What types of cyber threats are most common and what are the consequences of poor cyber defense of critical infrastructure and institutions?
The most common cyber threat that nations face is probably ransomware, which has seen a global increase in the past couple of years. A recent article from the Georgetown University Center for Security Studies called 2021 “the year of the rise in ransomware.” The list of ransomware victims used to be limited to financial institutions and big corporations, which have the means to pay big ransoms. However, the list of victim organizations has expanded to other sectors such as health care, energy, food, transportation, and even educational institutions.
One of the most recent and highly publicized victims of ransomware was the Colonial Pipeline Company, which transports fuel to most of the Southeastern part of the United States. A criminal group called DarkSide in May 2021 when they gained access to an old VPN account compromised the company. DarkSide was able to steal a significant amount of data before it encrypted several company systems. The compromise forced the company to halt operations, which resulted in fuel disruptions and price increases.
The lessons from this attack easily apply to all governments and private sectors and include the importance of real-time system monitoring of critical infrastructure, sharing of timely and actionable information, and the importance of cataloging all systems and access points. However, I would say that the most important lesson is that the cost of appropriately resourcing cybersecurity before an incident happens is lower than the cost of handling a breach. That includes, not only the costs associated with recovery and return to normal operations, but also dealing with potential legal actions and the loss of reputation and trust from the customers and public in general. A good source of ransomware information is the CISA Resources website.
In addition, nations should focus equally on the most dangerous threats that they might have to address, known as “zero-day” vulnerabilities. A perfect and very recent example is the Log4j vulnerability, which impacted Belgium’s Ministry of Defence. The ministry’s email servers were shut down for several days in mid-December after a successful exploitation of this vulnerability. The lesson learned is that early information sharing and acting on this information are key in reducing threats.
CIVIL MEDIA: How well is North Macedonia prepared against cyber-attacks? What is in place, and what needs to be done in this respect?
RANERO: North Macedonia’s efforts and initiatives in cyber defense are on the right path. The government is working on new legislation called the “Law on Security of Networks and Information Systems” which is expected to be aligned with the European Union “Network and Information Systems (NIS)” Directive. The government has also established the National Computer Security and Incident Response Team (MKD-CIRT) to coordinate the national response to cyber events. In particular, the Ministry of Defence (MoD) is making great progress at enhancing its cybersecurity responsibilities by meeting the objectives established by the National Cyber Strategy.
For example, the MoD is currently working to upgrade or replace critical IT systems, and actively participates in cyber exercises with other NATO allies. It is in the process of creating its own CSIRT to perform real-time cyber monitoring and defense, is working to establish the “National Institute for Cyber Security and Digital Forensics”, and is aligning policies, processes, and technologies to fully meet NATO requirements. MoD is also partnering with U.S. agencies and organizations to increase its cybersecurity capacity and I am very excited and humbled to be able to contribute to this effort.
The challenges faced by North Macedonia are not unique. I believe that governments should continue to refine laws that clearly define the legal roles, responsibilities, and national level processes to ensure the protection of critical infrastructure. This includes energy, transport, banking, healthcare, water, food, etc. Second, protection of these assets should be resourced according to their priority either directly by governments or by means of regulatory requirements. Finally, a national CSIRT should ensure coordinated responses to cyber events that includes inter-agency, industry, and academia.
CIVIL MEDIA: How public, civil society and media could help build resilience against cyber threats?
RANERO: I have always thought that “cyber hygiene” practices are the first line of defense against cyber threats and individuals may reduce the risk of becoming victims by taking several basic steps. For example, using and ensuring anti-virus software are up to date (including mobile devices), enabling multi-factor authentication when accessing personal accounts, using VPN services when connecting to public networks (preferably based on either OpenVPN or WireGuard protocols), deleting unsolicited emails/SMS without clicking on any embedded links, encrypting data, deleting applications that are not used, and so on.
The private sector can benefit from increased and persistent cyber information sharing, especially with key government agencies, academia, and international counterparts. This increases the awareness of current vulnerabilities and exploits happening in the wild as well as successful methods used to reduce risks. The Log4j vulnerability is a good example of the criticality of information sharing, especially with software vendors.
Finally, I want to mention that the Military Academy is in the very early planning phase of an organization aimed at conducting cyber research called the “Regional Cyber Security Training and Research Center” and this is a great opportunity available to the private sector to contribute to the cybersecurity resiliency of North Macedonia.