Members of San Antonio’s growing cybersecurity ecosystem on Thursday listened closely to cautionary tales by Ukrainian government officials, whose industrial and political systems since 2015 have been targets of cyberattacks by Russian operatives, among others.
But cybersecurity threats are already happening locally, said Maj. Gen. Christopher Weggeman, commander of the 24th Air Force that specializes in cyberspace combat, and companies headquartered in San Antonio are feeling the impact.
“USAA, one of the world’s largest online banks … We talk to them all the time because they’re getting crushed,” he said.
“Getting crushed,” according to Weggeman illustrates the constant barrage of cyberattacks USAA faces. He noted in an email to the Rivard Report that these attacks provide an opportunity for the organization to sharpen its defense.
“Their cybersecurity is a model for all to follow,” Weggeman said.
“Like other financial institutions, and in fact, any other online organization, we’ve seen a significant increase in the number of attacks,” said Matthew Hartwig, a spokesperson for USAA. “We work closely with Maj. Gen. Weggeman’s team, as well as others across government, to share information and stop cyberattacks and fraudsters wherever possible.”
According to Hartwig, USAA blocks over 9 million cyberattacks a day.
Weggeman was one of 14 local and international cybersecurity experts serving on panels Thursday at Texas A&M University-San Antonio. Speakers shared their knowledge about ongoing cyberwarfare and its effects locally and abroad.
The conference was organized by international relations think tank The Atlantic Council, Texas A&M, and the the Victor Pinchuk Foundation, a non-partisan philanthropic foundation based in Ukraine. The event comes at the heels of House Bill 1997, which passed the U.S. House Wednesday and aims to strengthen the United States’ cybersecurity cooperation with Ukraine.
Ukrainian officials at the conference shared detailed accounts of cyberattacks on their physical, social, industrial, and economic information landscapes. Dmytro Shymkiv, deputy head of the Ukranian presidential administration, said Russia uses the Ukraine as a testing ground for cyberattacks planned for larger countries, such as the U.S.
“The whole objective of Russia is to smother the West and put all of us in the dark ages,” Shymkiv said. “The cyberwar is real, and we’re facing it in Ukraine. You can all learn from what’s happening in Ukraine.”
San Antonio’s industrial sectors are also vulnerable, said Tiffany Tremont, president and CEO of Silotech Group, a cybersecurity firm based in San Antonio.
“Areas that are of concern here in San Antonio are water – due to our reliance on this resource – energy, and the military as well,” she wrote in an e-mail to the Rivard Report.
In 2015, attackers shut down a power plant in Western Ukraine that provided services to more than 200,000 residents, Shymkiv said. Similar attacks followed in 2016 and 2017 on the Ukraine’s ministry of finance, local media, energy, military, political, and finance sectors, panelists said. Attackers exploit vulnerabilities in automated control systems that run industrial or municipal systems online. These “Supervisory Control and Data Acquisition,” or SCADA, systems are especially popular in the energy sector.
“SCADA systems used in energy are the most vulnerable,” said Tremont. “It is an area that is most vital to managing energy areas. The threat is already there, as actors have been deeply involved in the cyber domain for years and have honed their capabilities over time.”
CPS Energy filled a position for a SCADA Specialist in early 2017, according to the utility’s website.
“But the real objective of cyberattacks is citizens’ minds,” said Oleksandr Potii, deputy chief designer for Ukraine’s JSC Institute of Information Technology.
Potii and other panelists stressed the importance of collaboration between governments and social media platforms such as Facebook and Twitter, where many cyberwarfare campaigns are carried out.
Potii described cyberattacks that intended to disrupt the Ukraine’s social fabric, including the creation of fake information on social media to discredit local media outlets and fuel distrust between the public and the government.
“Social media has been erring on the side of privacy for its users,” Tremont said. Other panelists agreed that social media companies who prioritize user privacy over government collaboration create vulnerabilities that cyberattackers can exploit.
“Those who can train algorithms will be the cyberwarriors of the future,” said U.S. Rep. Will Hurd (R-Helotes), adding that cybersecurity in the future would mostly be carried out by artificial intelligence, or robots.
Hurd, a former undercover CIA officer and cybersecurity expert, voted in favor of HB 1997.
Panelists highlighted barriers to developing strong counteroffensive strategies in the public sector, such as not attracting and retaining talent, a lack of public awareness, and outdated education systems. Public-private partnerships were cited as tools to capture much needed talent from the private sector.
Sharing information about server or database activity in a trusted way is another potential solution to the problem, panelists said. This “open-source intelligence” would allow allies to share how attackers approach their systems, Weggeman said, and which counter-measures were effective in combatting them.
San Antonio is home to more than 125 cybersecurity companies, five Department of Homeland Security and National Security Agency certified academic centers of excellence, an NSA data center facility, the FBI Cyber Division, and the 24th and 25th Air Force. The 24th Air Force is a component of the U.S. Cyber Command.
“The phrase cyberwar to me is all wrong – it’s cyber in war,” Weggeman said. “It’s one arrow in our quiver of arrows that we need to integrate into our whole campaign to deter and defeat our enemies.”