Dmitri Alperovitch: 'Every day in cyberspace has the potential to be a bad day'

With the continued threat of Russian cyber escalation, cybersecurity and geopolitics expert Dmitri Alperovitch says it’s not ideal for the U.S. to oscillate between moments of high alert and lesser states of cyber readiness.

Dmitri Alperovitch (the co-founder and former CTO of CrowdStrike)

Dmitri Alperovitch (the co-founder and former CTO of CrowdStrike) speaks at RSA Conference 2022.

Photo: RSA Conference

When it comes to cybersecurity vigilance, Dmitri Alperovitch wants to see more focus on resiliency of IT systems — and less on doing "surges" around particular dates or events.

For instance, whatever Russia is doing at the moment.

In an interview with Protocol, Alperovitch, a Russian-born cybersecurity and geopolitics expert, said he doesn't want to see the U.S. oscillating between moments of high alert and lesser states of readiness on cybersecurity.

Instead, "every organization needs to have the mindset that today could be the day when they get hit," said Alperovitch, who previously co-founded and served as the CTO of cybersecurity powerhouse CrowdStrike. He is now the co-founder and executive chairman of Silverado Policy Accelerator, a Washington think tank.

Alperovitch also spoke with Protocol about the reasons why a Russian cyber escalation against the West might still occur; why we don't have many details on the successful cyberattacks against Ukraine; and the importance of being clear about what the U.S. is doing on offensive cyber operations.

This interview has been lightly edited for clarity and brevity.

Do you see a possibility that Putin would try to use cyberattacks to get Western sanctions lifted?

I would say there are much more effective tools in his arsenal to pressure us. He has used a few of them. He's banned the export of fertilizer, for example, which obviously is exacerbating the food crisis. But he has not banned the export of a lot of critical materials: aluminum, nickel, titanium, palladium and others that are critical for our industry. So there's still a lot of leverage that he has that he has not used. That will probably be the first thing that he tries to do, before he's going to resort to cyberattacks.

How likely is it that things will get to that point? And when could that be?

If they feel like the sanctions that are most impactful to the Russian economy — the financial sanctions on the banks, as well as on the imports of semiconductors that are shutting down much of Russian industry — if those sanctions have no prospect of being lifted, or being mitigated through other mechanisms, then yes, I think he would look to increase pressure on the West through cyber.

He may not necessarily have a lot of hopes that cyberattacks alone would change our mind — and I don't think they would — on sanctions relief. But combined with other tools that he may have to further increase inflation, to further drive economic instability in the West, he may decide that it's a tool worth pursuing.

[In terms of timing] Moscow is looking at a lot of political polls here in the United States, and the prospects of a Republican takeover of Congress in the midterms. So I don't think that they'll do anything before all of that gets resolved. And then they'll reevaluate where they stand and what their chances are.

So not before the U.S. elections in November, at the very least?

Yeah, and probably not until early [winter] to mid-winter.

[Putin] is also not in a rush, because he can sustain this for quite some time. Over the long term, if he doesn't get those sanctions removed, the Russian economy will be a basket case. But he has time to try to fix that.

What do you think a Russian cyber escalation against the West might look like?

If there are those attacks launched, they'll be done by Russian intelligence services — most likely GRU, as they have the mandate overall for disruption and disruptive cyberattacks.

Are Russian data-wiper attacks against the West possible at some point?

Yes, absolutely.

Could the ransomware groups have a role to play?

I don't think there will be direct tasking. There might be signals that will be sent to groups that it's a free-for-all, and if you target Western interests, there'll be no repercussions. But I don't think that they will use them in a direct fashion against specific targets.

Do you think that cybersecurity vigilance in the U.S. is still as high as it was earlier this year, when the "Shields Up" warnings were first issued? Or do you think it's subsided at all?

You can't be on high alert for four or five months, [which is how long] this has been going on. That's just not sustainable. People have to take vacations. People have to resume normal operations.

I do wonder if putting people on high alert was the right decision, because the reality is that every day in cyberspace has the potential to be a really bad day. Every organization needs to have the mindset that today could be the day when they get hit. And they need to focus on resiliency. They need to focus on rapid detection and response. And that needs to be just a normal part of the operations. Doing "surges" on particular dates, or related to particular events — that's not sustainable.

When it comes to resiliency, what are the most important areas for organizations to prioritize?

Focus on assuming that your network can get destroyed — assume that it can go down — and practice rebuilding it. Practice operating without it. That's what U.S. government folks should be focused on, as far as their purview is concerned. That's what industry should be focused on as well.

The Ukrainians have had a lot of practice — eight years of practice — at responding to Russian wiper attacks on their networks. And so they have gotten very good at minimizing the damage, being resilient and rebuilding networks when they're destroyed. That's not necessarily something that many organizations in the United States practice. They focus very much on the prevention piece of it, but do not spend enough time looking at what happens when prevention fails.

So for U.S. businesses, what is the biggest lesson on cybersecurity from Ukraine?

The lesson from Ukraine is that cyberattacks don't need to result in a disaster. Because if you're prepared, you can survive through it. And practice makes perfect. There's no reason why organizations, particularly those in critical infrastructure, shouldn't be doing those types of practice rounds themselves right now.

Speaking of the cyberattacks against Ukraine, why do you think it is that we're not hearing many details about the cyberattacks that have succeeded?

The Ukrainians are so good at operational security, about not revealing what's going on — not just in cyberspace, but throughout the whole war. We know so little about the casualties that they've sustained, very little about the damage that's been done — both in the course of the war and through cyber. They've just been very, very tight-lipped about that. And understandably so, because they don't want to demoralize their own population that is under siege. But also, they want to present themselves in the best possible light to the West. So they're obviously not interested in publicizing their own misses and losses.

What are your thoughts on the recent comments by General Paul Nakasone [who heads the Cyber Command and NSA] signaling that the U.S. has engaged in some type of offensive cyber operations in support of Ukraine?

I think we just have to be very clear when we talk about cyber operations that we're waging — to the extent that we're going to talk about it publicly — about that means. Because offensive cyber operations can mean an entire range of things. [It can range] from purely intelligence collection, to trying to take action against some of their servers that they may have overseas, that can be used in cyberattacks that they're launching against Ukraine, to actually taking action inside Russia itself, [such as] destructive actions.

I don't think there's any evidence that we're doing the latter. And not being clear on that, I think, can provoke the Russians to retaliate unnecessarily.


Netflix Games had its best month yet. Here’s what’s next

A closer look at the company’s nascent gaming initiative suggests big plans that could involve cloud gaming and more.

Netflix’s acquisitions in the gaming space, and clues found in a number of job listings, suggest it has big plans.

Illustration: Christopher T. Fong/Protocol

Netflix’s foray into gaming is dead on arrival — at least according to the latest headlines about the company’s first few mobile games.

“Less than 1 percent of Netflix’s subscribers are playing its games,” declared Engadget recently. The article was referencing data from app analytics company Apptopia, which estimated that on any given day, only around 1.7 million people were playing Netflix’s mobile games on average.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Sponsored Content

How cybercrime is going small time

Blockbuster hacks are no longer the norm – causing problems for companies trying to track down small-scale crime

Cybercrime is often thought of on a relatively large scale. Massive breaches lead to painful financial losses, bankrupting companies and causing untold embarrassment, splashed across the front pages of news websites worldwide. That’s unsurprising: cyber events typically cost businesses around $200,000, according to cybersecurity firm the Cyentia Institute. One in 10 of those victims suffer losses of more than $20 million, with some reaching $100 million or more.

That’s big money – but there’s plenty of loot out there for cybercriminals willing to aim lower. In 2021, the Internet Crime Complaint Center (IC3) received 847,376 complaints – reports by cybercrime victims – totaling losses of $6.9 billion. Averaged out, each victim lost $8,143.

Keep Reading Show less
Chris Stokel-Walker

Chris Stokel-Walker is a freelance technology and culture journalist and author of "YouTubers: How YouTube Shook Up TV and Created a New Generation of Stars." His work has been published in The New York Times, The Guardian and Wired.


How Zoom uses Zoom

Zoom employees disclose whether it’s OK to ever eat on camera.

Zoom employees — Zoomies — have their own ways of using the tool.

Illustration: Christopher T. Fong/Protocol

Ever wondered how the companies behind your favorite tech use their own products? We’ve told you how Spotify uses Spotify, how Meta uses Meta and how Canva uses Canva. In this installment, we talked to Zoom execs about how they use Zoom.

Sam Kokajko has been in up to eight Zoom meetings at once. Someone else on the Zoom events support team has a simultaneous Zoom record of 36. Even with all the handy Zoom tips in the world, I’m not sure my brain could take that much stimulation. It’s part of the job, though, when coordinating large-scale events via the platform.

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at llawrence@protocol.com.


How I decided to step down as CEO

How Alto Pharmacy CEO Jamie Karraker decided to let Amazon’s Alicia Boler Davis take the helm.

Alto Pharmacy's James Karraker (right), with fellow co-founder Matthew Gamache-Asselin, said letting Amazon's Alicia Boler Davis take charge would maximize the company's chance of changing the pharmacy industry for the better.

Photo: Alto Pharmacy

Click banner image for more How I decided series

Jamie Karraker is the co-founder and CEO of Alto Pharmacy, a prescription delivery company that he and Mattieu Gamache-Asselin launched in 2015. The company’s grown to almost $1 billion annualized revenue, but Karraker said it still only represents 2% of the pharmacy market. The company believes it found just the right person to take Alto to the next level.

Keep Reading Show less
Sarah Roach

Sarah (Sarahroach_) writes for Source Code at Protocol. She's based in Boston and can be reached at sroach@protocol.com


What it's like to stay and work in an automated hotel

The fast-evolving world of hotel automation aims to lower labor costs and streamline services for guests by replacing humans with automatic liquor dispensers, noise sensors, offshore concierges on video monitors and more.

Welcome to the world of hotel automation, where wall monitors and chatbots have replaced in-person interactions with human staff.

Photo: AndreyPopov/iStock/Getty Images Plus

Guests staying at a Sextant hotel in New Orleans check in without any interaction with a human being. They’re greeted by a virtual concierge visible on a computer monitor but based thousands of miles away. And if they want to wind down from a stressful flight, a shot of Maker’s Mark bourbon from the lobby’s automated booze dispenser will cost them $5 — but if someone isn’t there in-person that day to check their IDs and present them with a special card for the machine, they’re out of luck.

Welcome to the fast-evolving world of hotel automation, where wall monitors and chatbots have replaced in-person interactions with human staff, and third-party tech and services partnerships are a core part of the business model.

Keep Reading Show less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories