In the cyber space, where digital threats lurk in the shadows, organizations like the CyberPeace Institute brings hope with its mission to safeguarding the most vulnerable individuals from cyber attacks. Recently, at RSA 2024, a conversation between Christina Stokes, from ITSP magazine, and Adrien Ogee, the Chief Operations Officer of CyberPeace Institute, highlights the institute's noble mission and impactful initiatives.
Guest: Adrien Ogee, Chief Operations Officer, CyberPeace Institute [@CyberpeaceInst]
On LinkedIn | https://www.linkedin.com/in/adrien-ogee/
____________________________
Host: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito Cybersecurity
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokes
On LinkedIn | https://www.linkedin.com/in/xTinaStokes/
____________________________
Episode Notes
A Glimpse into CyberPeace Institute
Christina welcomed Adrien, praising CyberPeace as an incredible organization with a vital mission. Adrien, an experienced cyber security professional, shared insights into his journey from working for governments to serving at the CyberPeace Institute. He emphasized the institute's focus on protecting the most vulnerable individuals globally and collaborating with governments to enhance cyber stability.
Advocacy and Protective Measures
Adrien elaborated on CyberPeace's advocacy efforts at international forums like the United Nations, highlighting the evidence-based approach to raise awareness among policymakers. With a network of 300 nonprofits, CyberPeace engages volunteers to assist vulnerable organizations in enhancing their cybersecurity posture. The institute's initiatives range from phishing simulations to incident response planning, aiming to protect those at risk in cyberspace.
Addressing Nonprofit Challenges
In response to Christina's inquiry about challenges faced by nonprofits, Adrien outlined three main threats—data breaches, financial attacks, and operational disruptions. He underscored the escalating ransomware trend and the dire consequences faced by organizations lacking robust defense mechanisms. CyberPeace's role in assisting nonprofits with cybersecurity measures underscores the institute's commitment to mitigating cyber risks for vulnerable communities.
Global Impact and Future Endeavors
The conversation moved into the global landscape of cybercrime, emphasizing the universal nature of threats while acknowledging regional nuances. Adrien highlighted the rise of ransomware as a pervasive concern and imparted insights on CyberPeace's collaborations with international partners to extend support to a broader array of nonprofits worldwide. The institute's focus on granular impact assessment aims to drive meaningful change at governmental and societal levels.
Call to Action: Join the CyberPeace Movement
As the discussion concluded, Christina underscored the critical need for collective action in combating cyber threats. Adrien stressed the importance of engaging with CyberPeace and the broader cybersecurity community to contribute skills, resources, and time towards protecting vulnerable populations. The call to action resonated with the essence of CyberPeace's mission—unity in defending against digital harm and promoting a safer online environment for all.
This conversation between Christina and Adrien at RSA 2024 highlight the role of organizations like CyberPeace Institute in fortifying cyber resilience and ensuring the safety of marginalized communities in the digital sphere.
In a world where cyber threats loom large, CyberPeace Institute's unwavering commitment to safeguarding the most vulnerable individuals underscores the transformative power of collective action in fostering a secure and inclusive digital ecosystem. Join the movement, stand united with CyberPeace, and together, let's pave the way towards a safer cyberspace for all.
Be sure to follow our Coverage Journey and subscribe to our podcasts!
____________________________
Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J
Be sure to share and subscribe!
____________________________
Resources
CyberPeace Institute: https://cyberpeaceinstitute.org/
Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Want to tell your Brand Story as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Protecting the Vulnerable in Cyberspace: Unveiling The CyberPeace Institute's Mission | An RSA Conference 2024 Conversation with Adrien Ogee and Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Christina Stokes: Hi, and welcome to ITSP magazine. Today we're sitting here at RSA 2024, and I have Adrian Ogye from CyberPeace. It's a really special occasion to have Adrian out here all the way from Geneva. CyberPeace is an incredible organization, and I'm happy to be able to share more with the rest of you. Adrian, tell me a little bit more about yourself.
[00:00:27] Adrien Ogee: Well, thanks for having me first, Christina. I'm Adrian, the Chief Operations Officer of the Cyber Peace Institute. Uh, I'm an engineer by trade, French engineer. Um, I've spent my entire career in cyber security, working for the French government, working for the European Union, working for the World Economic Forum, and most recently for the Cyber Peace Institute, a non profit based in Geneva, as you mentioned, in Switzerland, that looks after cyberspace.
So our mission is to Protect the most vulnerable people on earth, make sure that they're not getting attacked, and work with governments to develop systemic solutions to increase, improve the stability of cyber, cyberspace.
[00:01:06] Christina Stokes: Tell me a little bit more about the history of CyberPeace.
[00:01:09] Adrien Ogee: So the Institute was set up in 2019 as a non profit, a Swiss foundation, thanks to the impetus of a few American philanthropic organizations and American corporations, and the organization Um, was, was set up in view of protecting the most vulnerable, as I mentioned, with three core objectives.
One, an advocacy mission, so to address the United Nations, the Paris Peace Forum, the Internet Governance Forum, and raise the awareness of policy makers around the world in terms of how vulnerable people suffer because of cyber attacks. The advocacy that we do is evidence based, so we have a team of analysts that look at what's happening.
Around the world cyber phenomena like happened during the pandemic, for instance, and all the attacks against health care organizations that unfortunately we witnessed or the cyber security incident that are happening currently in the context of the war in Ukraine that are having profound consequences for civilians.
And so we use that, those data to, um, address policymakers with evidence that is ours that is mixing open source intelligence that we collect, uh. Through a variety of sources, but also closed source intelligence through the work that our operations team does, in which I have the privilege of leading. So we're working with around 300 non profits around the world active in humanitarian relief, in child protection, in, uh, uh, food banks, shelter organizations, uh, looking after various vulnerable communities.
And that are unfortunately, oftentimes defenseless when it comes to cyber attacks. We, we use the term cyber poor target rich organizations because they are targeted not just by, by criminals, uh, but also very much by state actors. And so the, the asymmetry in terms of the resources they have to protect themselves versus the resources that attackers have to attack them is extremely imbalanced.
This is a big issue because governments, uh, and industry alike are struggling to provide help to organizations that are ill funded and that have a, a real hard time to, Uh, prioritize cybersecurity over the core mission. And so, we have created a network of volunteers, cybersecurity experts, all coming from industry, from about 50 different companies, many of them represented here at RSA, that are contributing a couple of hours each year to help those non profits with things ranging from, um, a phishing simulation, to giving them advice on how to implement second factor authentication, to helping them draft their incident response policy, and so on.
To helping them manage an incident whenever they, they get compromised ransomware attacks or defacement or DDoS attacks. It's a volunteer step in and help those organizations protect themselves. We're trying to do even more, trying to extend Threat Intel, uh, protection programs to those organizations and working with a variety of Threat Intelligence providers, trying to make sure that those organizations are protected.
In the process, we understand better how they are being harmed. How the vulnerable communities that they protect around the world are being harmed, and what governments need to change.
[00:04:22] Christina Stokes: What are the challenges that non profits are currently facing today? And how is CyberPeace, you did talk a little bit about how CyberPeace is helping them, but how is CyberPeace helping with some of the specific challenges that you can share with us that the non
[00:04:37] Adrien Ogee: profits are experiencing?
So, non profits, most non profits, uh, face three types of main challenges. They are being attacked for the data that they have. Many non profits hold very sensitive data about refugees, migrants, about war informants. For instance, the International Committee of the Red Cross was attacked two years ago. And, uh, criminals were, well, attackers were looking after personal information of people crossing the Mediterranean Sea, uh, leaving war zones and trying to get, get into, uh, Europe.
And so you can imagine that this is, uh, Represive regimes getting their hands on such data would be available to then, uh, monitor the activities of people who have fled war zones, see where their families are and, and further a circle of violence that these people were trying to get out from. Non profits are also unfortunately attacked for the money that they have.
We often think of the non profit sector as a, not in financial terms, right? Right. Right. But the non profit economy moves around two trillion US dollars a year and those organizations Themselves move a lot of money. They have a lot of financial transactions So there's a lot of potential for CEO fraud attacks for ransomware attacks We see a lot of non profits recently falling for indiscriminate ransomware attacks criminal groups that are renting Infrastructure so ransomware as a service types of attacks and that are stumbling upon non profits just by Because they are connected to the internet, they use certain platforms, they use certain, they have certain vulnerabilities and they, they fall for criminal, criminal attacks.
And when criminals realize that they, they have targeted a, a non profit, you know, see like the directors of non profits end up chatting with them or, or we help, our volunteers help them. The response from criminal, criminals, sorry, isn't, sorry, you're a non profit protecting children around the world, like.
Here are the keys to decrypt your files and, you know, sorry about that. No, their answer is, we're sorry and we're going to offer you a discount. Right. And so they are, they still consider non profits as legitimate targets. And last but not least, the third, um, reason why many non profits also get attacked is because of the very operations that they run because of the services they provide to populations in war zones.
For instance, think of the conflict happening right now in Gaza. Think of the conflict in Ukraine. You have adversaries that are interested in Hello. So, uh, harming those organizations that are providing vital services. Think of demining organizations, for instance, in Ukraine and around the world. There was actually a non profit here in California that got hit a couple of years back and they are providing, demining services in Afghanistan.
They, they lost over a million US dollars because of, of such, such an attack. So fortunately, non profits are increasingly targeted by criminals. They are also targeted by state actors. And your level of defense is really low and we are talking about the organizations protecting the most vulnerable people on earth.
How can we let that happen? We need all to step in industry, um, individuals, academia, governments, obviously we need all to step in
[00:07:52] Christina Stokes: to
[00:07:52] Adrien Ogee: do our part and help protect them.
[00:07:54] Christina Stokes: I know cyber peace was doing a lot of work during the pandemic and that there are databases with the cyber incident tracers. Could you tell us a little bit more about that?
[00:08:04] Adrien Ogee: Yes, thank you for that question. Our incident tracers are platforms that are open to the public that you can readily access on our websites that track cybersecurity incidents happening in a particular context. We have a couple of such tracers, one that we released during the pandemic that has been tracking incidents against healthcare organizations.
Our objective with those trackers and the one we developed in Ukraine for sorry, the conflict in Ukraine. Aim to provide hard evidence on how cyber security attacks are being leveraged by adversaries in context of vulnerabilities, whether a war zone, whether a pandemic and, and those contexts of vulnerabilities are being used to further prey on already vulnerable people.
We think that there's a baseline, there's a threshold that should not be crossed when it comes to cyber Uh, uh, uh, impacting, affecting vulnerable communities and unfortunately we need, we see an acceleration in the number of attacks that are preying on people that should not be attacked in the first place.
I don't think that anyone in this planet, and I certainly do not hope that anyone in this planet would agree that it is okay to prey on orphans, to prey on women that are being beaten by their husbands, to prey on, on, uh, people. You know, people fleeing a war zones. Those people are already, uh, in a very difficult situation.
Like, how can we accept that they are further preyed upon? So those tracers are collective evidence mechanisms for us all to remember of those situations and hopefully to affect change at the highest level, the government level, at the UN level, so that we can have mechanisms in place to prevent such situations from arising again.
A couple of examples of things that we are trying to do. We call out governments, for instance, to make sure that they themselves do not get involved into attacking healthcare organizations. We call them out so that they increase pressure on criminal groups to prosecute attacks on those particular populations, and work with a variety of actors, including industry, to effect such pressure.
[00:10:14] Christina Stokes: There is a lot of suffering in the world going on right now, and there really always has been, but cybercrime has helped that kind of There have been a lot of victims of cybercrime globally. What are your thoughts on cybercrime around the world and different regions? For example, I know you and I were discussing cybercrime in Asia.
And I also recently had a conversation where we were talking about the global borders. How, when it comes to technology, there is no physical border. So, when it comes to When it comes to suffering, this is a global issue, and we all need to help and, and help these people ease that suffering and find the relief that they need.
How is CyberPeace helping in those areas?
[00:11:09] Adrien Ogee: So what we're seeing based on the research that we're doing, for instance, in the Asia Pacific region, uh, in Europe, in humanitarian context around the world, is that the threats are relatively similar, uh, uh, around the globe with particular Specificities depending on events, large events that are happening.
For instance, an earthquake in Morocco will lead to increased scams. Um, donors and organizations are trying to raise funds to help in the context of that earthquake. Um, we see, for instance, in AIPAC, a lot of, uh, scams involving, so romance scams, for instance, QR code scams, um, A lot of people in those regions use Android phones with applications that are not always coming from official, the official app store, and so they're getting attacked through those mechanisms.
Some countries in Asia use digital banking quite heavily, use electronic invoicing systems as well that are provided by the government, and so criminals find ways to spoof the identity of those platforms or even the government. and have people click on the wrong link. But at the end of the day, those types of social engineering techniques are the same everywhere around the world.
Now, the biggest trend that we're all seeing happening in the last five to ten years is the rise of ransomware. And now with the explosion of ransomware as a service, we're seeing organizations that in the past were safe from those types of threats, like non profits. Non profits were not getting ransomed five years ago because criminal groups were really looking Um, trying to, uh, go after the, the, the high paying, uh, poten poten well, potentially high paying victims, right?
Critical infrastructure operators, large organizations, healthcare organizations, large governments. And these days, we see a lot of smaller criminal groups, um, I wouldn't call them script kiddies. They're already organized. They have, you know, hierarchies, they have processes, so those are criminal, organized criminal groups.
But perhaps not, not as famous as a lot of the others. The Dora are targeting smaller organizations, small businesses, uh, non profits, and so the increase in, in, uh, ransomware is a huge source of concerns to us because it's extremely difficult to prevent. We need strong defense mechanisms that many of these organizations are not able to put in place.
And the consequences are dire. There's actually a hospital here in Illinois. That had to close down after a ransomware attack because they didn't, they, they, you know, if they were to pay the ransom, they wouldn't have cash anymore to pay their doctors, which means that it creates a medical desert in a certain area of the U.
S. And we see those situations arising in many other places around the world. And again, criminals do not know who they're targeting. They're just targeting everything they can and then try and get a ransom. If they can, great. If they cannot, they move on to the next target and don't let you decrypt your fines.
So it's, it's a concerning situation.
[00:14:09] Christina Stokes: Yes it is. What can we see from CyberPeace in the coming years?
[00:14:15] Adrien Ogee: So we're working with a number of, uh, international partners, some of them here in the U. S. and others, to try and structure volunteer networks around the world to effect even more change and have an even bigger impact.
So we are hoping that we can grow the numbers of non profits that we help around the world to thousands and thousands. We're hoping that more and more organizations, private companies are going to rally to the cause. And join this huge volunteering movement, the U. S. government, CISA, has just launched an initiative in April, so last month, to protect high risk communities.
And cyber volunteer networks make it for a fantastic opportunity to provide talent to those under resourced organizations. So, any organization that's listening to me at the moment, if you're interested in having your staff contribute to a great cause, have them look up the Cyber Peace Builders, which is the name of our volunteer network.
We're also working with governments, uh, with the UN and various, uh, other think tanks on a harm methodology to more precisely determine the impacts of cyberattacks. Too often we limit ourselves to financial considerations, but cyberattacks have profound consequences on the lives of people. Psychological impacts, even physiological impacts, right?
People commit suicide because of disinformation campaigns, because of hate speech. So we need to stop thinking about, um The impacts of cyber security attacks in much more granular terms. And that's what we're doing with various governments around the world. To help them also think about the response they need to apply in order to protect vulnerable communities.
[00:15:52] Christina Stokes: Okay. Um, one question that comes to mind as you're speaking about all of this is, you know, what can we do? Uh, what, what does cyber protect? This is an issue that is near and dear to my heart. And like many cyber security professionals, I came into the industry because I wanted to help keep other people safe.
Like you mentioned, there's a lot of crime, there's a lot of cyber crime in all different aspects, in areas and industries. Whether it is, um, you know, healthcare, financial, but also the direct and personal impact to families, to children, to people who are committing suicide because of ransom situations.
The fact that people can die if there is a hack at a hospital. These are all very critical issues that the cyber industry, you know, is, is trying to always get ahead of it. We're always trying to defend. So what does CyberPeace need? And how can we get involved?
[00:16:57] Adrien Ogee: How, how can one get involved? There's so many ways to get involved.
My first answer is, just do it. Just thought just just try and connect with us connect with the non profit cyber community There's an entire community of non profit organizations here in the US and around the world that are protecting the core infrastructure of the internet That are protecting vulnerable organizations around the world that are walking with industry and government to secure our systems to secure technologies There we are being developed here and in in many other countries.
So You know, it's just a matter of trying to connect with those organizations and see how you can contribute depending on your skills, depending on your time, depending on your availabilities. But there's opportunities all across. There's opportunities for students to collaborate, to help, uh, state, local, tribal and territorial organizations in their, in their, uh, state in the U.
S. or around the world, right? Cyber clinics, uh, led by the UC Berkeley. There's opportunity for, uh, professionals. to the site with the cyber peace builders to come and help nonprofits again around the world. These opportunities for private companies to share some of their tools for free. Like many are doing with us.
They're giving us their tools for free so that we can protect better vulnerable organizations. And there are many organizations here that have corporate social responsibility programs, ESG programs that are looking at ways in which they can align their business purpose with their social impact. And and so we can My main message is, you know, just, just, just try.
You'll see there's an entire community of hackers in government, in industry, individual hackers that are trying to do good, trying to make sure that the situation in which we find ourselves, which is extremely dire, we cannot go around this. The fact that orphans are being preyed upon using technologies that we've developed here is, you know, senseless.
There's ways in which we can reverse that trend and we just gotta get started. Mm-Hmm. .
[00:18:59] Christina Stokes: Well, thank you so much for coming to speak to us here at RSA with in, in ITSP magazine. I really appreciate everything that you are doing, everything that cyber piece is doing to help with the suffering that we're seeing in the world today.
Thank you. It's been, thank you, Christina. Thank you so much. Great having you, Adrian. My pleasure. It's an honor.
[00:19:17] Adrien Ogee: Thank you.
[00:19:18] Christina Stokes: Thank you guys for tuning in. We're here, ITSP Magazine at RSA 2024. And once again, if you're looking to get involved with helping keep people safe, whether you are an organization or an individual, please look up different organizations and nonprofits like CyberPeace to see how you can get involved and how you can help people remain safe online.
Thank you so much. Bye.