LONDON — Cyber and strategy adviser T. Casey Fleming stood up in front of a group of insurance professionals here and told them, “We’re fighting ghosts.”
He introduced the audience at Advisen’s Cyber Risk Insights Conference in London to a concept called “Asymmetrical Hybrid Warfare.” Yes, it sounds like a bold-font title on a manila file folder with hastily pressed red-ink “top secret” stamp, briskly carried into a room for which you do not have clearance.
“Our adversaries are a lot better at intelligence than we are,” Fleming said. We—places like the UK and US—are operating in tactical, maybe operational mode. Our Chinese, Russian and North Korean opponents are operating at the strategic level. He called what is happening now the “Cold War on steroids.”
Fleming, CEO of BLACKOPS Partners, spoke in a tone of I’m-telling-you-what-I-can-but-I-can’t-tell-you-everything. He said cyber warfare would be a key accelerator to cyber incidents in the near future: information, media, cultural, economic, intelligence, and espionage warfare (…among a laundry list of types. You can access his presentation slides now) on our companies and homes.
Asymmetrical Hybrid Warfare does not have rules, and because there is a severe lack of awareness of this strategy, we are not fighting in the correct manner and lose trillions of dollars a year in stolen innovation.
“We are looking through the wrong end of a telescope. We are focusing on a perimeter that does not exist but that we still think needs to be protected,” he said.
It is important for organizations—up and down the employee list—to participate in data breach exercises. Determine how the company is most likely to be breached. Identify the jewels and give a limited amount of people access, Fleming advised as part of 10 questions he’s outlined for risk officers (Here are those presentation slides again).
Fleming implicated Chinese investment in US start-ups as an avenue to access, control, and steal information—just like they’ve done with solar-panel technology, he said. Fleming implied large gifts from the Chinese to some our highest educational institutions were also a way in, an effort to influence the system and send students, *cough* operatives, to the US.
A few more pieces of advice from Fleming: There’s no such thing as free WiFi. E-cigarettes can be used to extract information when plugged into a computer to charge. Avoid all electronics made in China, North Korea or Taiwan.
Fleming caught a few people sitting in the conference room off guard. I could tell. People looked at each other, sometimes with the expression that says: “You believe this guy?!”
It reminded me of a similar moment about six years ago when Advisen first invited Nicholas K. Coch, professor of geology at Queens College in New York and “forensic hurricanologist” to speak at a property conference. I remember seeing those same expressions in the audience as Coch told property risk pros New York was the most dangerous place in the world for storm surge, that the city would one day be home to the world’s largest aquarium—the subway system.
Then Sandy hit, not even as a hurricane, in October 2012. Advisen invited Coch back to the next property conference after nearly everything he predicted actually happened the way he said it would. People weren’t calling his “Dr. Doom” anymore. They were just calling him often.
I will outwardly hope we do not invite Fleming back to a cyber-conference for the same reason because there are similarly aspects of his warnings that would be terrible for us if we do not heed. I also hope a large majority in London listened and thought about what he said, no matter how movie-script-like it sounded. And, yeah, I admit some of it sounded like that.
But five years ago, could we have anticipated “cyber” being what it is today? If someone described how hackers would inflict chaos via ransomware, for instance, would you have believed them?
Managing editor Chad Hemenway can be reached at firstname.lastname@example.org