Dmitri Alperovitch: 'Every day in cyberspace has the potential to be a bad day'

With the continued threat of Russian cyber escalation, cybersecurity and geopolitics expert Dmitri Alperovitch says it’s not ideal for the U.S. to oscillate between moments of high alert and lesser states of cyber readiness.

Dmitri Alperovitch (the co-founder and former CTO of CrowdStrike)

Dmitri Alperovitch (the co-founder and former CTO of CrowdStrike) speaks at RSA Conference 2022.

Photo: RSA Conference

When it comes to cybersecurity vigilance, Dmitri Alperovitch wants to see more focus on resiliency of IT systems — and less on doing "surges" around particular dates or events.

For instance, whatever Russia is doing at the moment.

In an interview with Protocol, Alperovitch, a Russian-born cybersecurity and geopolitics expert, said he doesn't want to see the U.S. oscillating between moments of high alert and lesser states of readiness on cybersecurity.

Instead, "every organization needs to have the mindset that today could be the day when they get hit," said Alperovitch, who previously co-founded and served as the CTO of cybersecurity powerhouse CrowdStrike. He is now the co-founder and executive chairman of Silverado Policy Accelerator, a Washington think tank.

Alperovitch also spoke with Protocol about the reasons why a Russian cyber escalation against the West might still occur; why we don't have many details on the successful cyberattacks against Ukraine; and the importance of being clear about what the U.S. is doing on offensive cyber operations.

This interview has been lightly edited for clarity and brevity.

Do you see a possibility that Putin would try to use cyberattacks to get Western sanctions lifted?

I would say there are much more effective tools in his arsenal to pressure us. He has used a few of them. He's banned the export of fertilizer, for example, which obviously is exacerbating the food crisis. But he has not banned the export of a lot of critical materials: aluminum, nickel, titanium, palladium and others that are critical for our industry. So there's still a lot of leverage that he has that he has not used. That will probably be the first thing that he tries to do, before he's going to resort to cyberattacks.

How likely is it that things will get to that point? And when could that be?

If they feel like the sanctions that are most impactful to the Russian economy — the financial sanctions on the banks, as well as on the imports of semiconductors that are shutting down much of Russian industry — if those sanctions have no prospect of being lifted, or being mitigated through other mechanisms, then yes, I think he would look to increase pressure on the West through cyber.

He may not necessarily have a lot of hopes that cyberattacks alone would change our mind — and I don't think they would — on sanctions relief. But combined with other tools that he may have to further increase inflation, to further drive economic instability in the West, he may decide that it's a tool worth pursuing.

[In terms of timing] Moscow is looking at a lot of political polls here in the United States, and the prospects of a Republican takeover of Congress in the midterms. So I don't think that they'll do anything before all of that gets resolved. And then they'll reevaluate where they stand and what their chances are.

So not before the U.S. elections in November, at the very least?

Yeah, and probably not until early [winter] to mid-winter.

[Putin] is also not in a rush, because he can sustain this for quite some time. Over the long term, if he doesn't get those sanctions removed, the Russian economy will be a basket case. But he has time to try to fix that.

What do you think a Russian cyber escalation against the West might look like?

If there are those attacks launched, they'll be done by Russian intelligence services — most likely GRU, as they have the mandate overall for disruption and disruptive cyberattacks.

Are Russian data-wiper attacks against the West possible at some point?

Yes, absolutely.

Could the ransomware groups have a role to play?

I don't think there will be direct tasking. There might be signals that will be sent to groups that it's a free-for-all, and if you target Western interests, there'll be no repercussions. But I don't think that they will use them in a direct fashion against specific targets.

Do you think that cybersecurity vigilance in the U.S. is still as high as it was earlier this year, when the "Shields Up" warnings were first issued? Or do you think it's subsided at all?

You can't be on high alert for four or five months, [which is how long] this has been going on. That's just not sustainable. People have to take vacations. People have to resume normal operations.

I do wonder if putting people on high alert was the right decision, because the reality is that every day in cyberspace has the potential to be a really bad day. Every organization needs to have the mindset that today could be the day when they get hit. And they need to focus on resiliency. They need to focus on rapid detection and response. And that needs to be just a normal part of the operations. Doing "surges" on particular dates, or related to particular events — that's not sustainable.

When it comes to resiliency, what are the most important areas for organizations to prioritize?

Focus on assuming that your network can get destroyed — assume that it can go down — and practice rebuilding it. Practice operating without it. That's what U.S. government folks should be focused on, as far as their purview is concerned. That's what industry should be focused on as well.

The Ukrainians have had a lot of practice — eight years of practice — at responding to Russian wiper attacks on their networks. And so they have gotten very good at minimizing the damage, being resilient and rebuilding networks when they're destroyed. That's not necessarily something that many organizations in the United States practice. They focus very much on the prevention piece of it, but do not spend enough time looking at what happens when prevention fails.

So for U.S. businesses, what is the biggest lesson on cybersecurity from Ukraine?

The lesson from Ukraine is that cyberattacks don't need to result in a disaster. Because if you're prepared, you can survive through it. And practice makes perfect. There's no reason why organizations, particularly those in critical infrastructure, shouldn't be doing those types of practice rounds themselves right now.

Speaking of the cyberattacks against Ukraine, why do you think it is that we're not hearing many details about the cyberattacks that have succeeded?

The Ukrainians are so good at operational security, about not revealing what's going on — not just in cyberspace, but throughout the whole war. We know so little about the casualties that they've sustained, very little about the damage that's been done — both in the course of the war and through cyber. They've just been very, very tight-lipped about that. And understandably so, because they don't want to demoralize their own population that is under siege. But also, they want to present themselves in the best possible light to the West. So they're obviously not interested in publicizing their own misses and losses.

What are your thoughts on the recent comments by General Paul Nakasone [who heads the Cyber Command and NSA] signaling that the U.S. has engaged in some type of offensive cyber operations in support of Ukraine?

I think we just have to be very clear when we talk about cyber operations that we're waging — to the extent that we're going to talk about it publicly — about that means. Because offensive cyber operations can mean an entire range of things. [It can range] from purely intelligence collection, to trying to take action against some of their servers that they may have overseas, that can be used in cyberattacks that they're launching against Ukraine, to actually taking action inside Russia itself, [such as] destructive actions.

I don't think there's any evidence that we're doing the latter. And not being clear on that, I think, can provoke the Russians to retaliate unnecessarily.


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories