SUBSCRIBER+EXCLUSIVE INTERVIEW – With a new Homeland Security task force underway, designed to examine threats posed by both Beijing and ever-more potent forms of artificial intelligence, bigger – and perhaps even existential – questions are being hashed out about the evolving landscape of hazards that confront U.S. policymakers. It is clear they extend well beyond America's usual battery of adversaries, according to Colonel Candice E. Frost, Commander of the Joint Intelligence Operations Center at U.S. Cyber Command.
China, Russia, Iran, and North Korea, are not only joined by a growing crop of cybercriminals, “proxy actors, executed by actors in Russia, or elsewhere in other domains,” but also criminals without political affiliations – many of whom increasingly benefit from AI-powered technologies, such as ChaptGPT, that can reshape the very nature of both business and national security.
“In some areas, we've seen an increase in the last year of 240% in phishing emails,” she added during a gathering of top security experts at this year’s Cyber Initiatives Group Spring Summit. “We have to be cognizant [that] we are focused on main state actors, but we've got to look at those criminals.”
Frost also hinted at a concern expressed by those like Elon Musk and others that co-authored an open letter with the Future of Life Institute that called for a six-month “pause” in the development of more advanced forms of AI. She highlighted the importance of creating systems that “ensure that we are doing the right thing.”
Those like Musk continue to express concerns that such such systems could lead to unintended consequences, particularly as it relates to autonomous systems, noting that the abilities of these configurations are not yet fully understood. In fact, the rapid development and capacity of large-language modeling that power technologies, such as ChatGPT, surprised even the chatbot's chief technology officer.
“Stopping that train [after] it's already left the station, that's going to be pretty hard,” Frost added.
QUICK GLOSSARY
Malware: A blanket term for software with a malicious design, there are many kinds, and they often employ AI to course-correct and avoid security measures. They are commonly circulated through websites, emails, and software, which typically appear innocuous to the victim or victims.
Phishing: Email schemes that try to get victims to click on links with the intention of stealing data. Hackers sometimes pose as legitimate actors. They can also employ machine-learning and natural language processing to develop more persuasive tactics.
Advanced Persistent Threats (APTs): Considered a relatively sophisticated attack, it operates covertly inside a network over time, with the intention of security avoidance and ultimately data theft.
DDoS attacks: Distributed Denial of Service (DDoS) attacks commonly employ AI to pin-point vulnerabilities in an organization’s network. Subsequent strikes then overwhelm the server with traffic, and can effectively shut down the operation.
Deep fakes: Such strikes impersonate, typically through AI-powered voice or video platforms, to steal information, or even influence events.
THE INTERVIEW
The Cipher Brief spoke with Col. Candice Frost during the Cyber Initiatives Group Spring Summit to talk about Cyber Command's perspectives on the scope of cyber-related threats facing the public and private sectors. This version of interview has been lightly edited for length and clarity.
The full interview is also posted on YouTube.
The Cipher Brief: I thought we might start with just insights on today's threat environment.
Col. Candice Frost: When we are looking at today's threat environments, we really need to look at the present, our big four that we're looking at, and then eventually into the future.
The National Defense Strategy … [has] looked at China as the military pacing challenge. This comes as no surprise. But we are looking at the competition that the [People's Republic of China (PRC)] has had and how that's taken it on to really a global scale. We know that PRC, the latest time (General Paul Nakasone) briefed Congress, they sponsored cyber actors and they really represent a growing sophistication and threat to both the United States and our allies' interest.
Next, I'd be remiss not to miss Russia. In the actions that we've seen them have in Ukraine and really elsewhere. The National Defense Strategy calls Russia an acute threat to free and open global systems, and noting that Moscow really does flout their international norms with destabilizing actions. Within the intelligence and the cyber world, they're skilled and persistent, just as China is. And so, we've tried to manipulate and make sure that our organizations are very rapidly reacting to both Russia, but then also keeping a bulk of it focused on China.
I'd be remiss though, not to mention Iran and the enduring commitment that we have had in Cyber Command to deterring the aggression in the Middle East and then of course promoting that stability in East Asia. Iran does work as a major destabilizer in their region, and then we've also seen their attempt to really use their malicious cyber activity, both in their neighbors but also against the US in the midterm elections. And last but not least, North Korea and the actions that they've taken in their regime, and the use that they have taken towards stealing cryptocurrency.
When I look at the big four, those are the heavy hitters that I see out there, with the first two being the bulk of the effort. But I'd really be remiss not to mention those non-state actors, whether they're proxy actors, executed by actors in Russia or elsewhere in other domains, really cyber criminals … In some areas, we've seen an increase in the last year of 240% in phishing emails.
“We have to be cognizant [that] we are focused on main state actors, but we've got to look at those criminals.”
The Cipher Brief: You've just mentioned China, Russia, and Iran as being top of radar for Cyber Command. Now that you're seeing a stronger alliance among those three countries, when it comes to the situation in Ukraine, are you seeing a difference or an uptick in some of the cyber capabilities that each of them has? Is there an opportunity for them to organize their capabilities in ways that will bring different kind of threat?
Col. Candice Frost: There are always opportunities. I would say what we have seen though, where Russia is particularly focused on and then where China has focused. China is definitely watching the Russia-Ukraine activity and learning. Whereas Russia has continued to focus on their ability to target critical infrastructures. We know underwater cables, industrial control systems, those are areas and China is taking note. And I think that's the most important.
Iran learned a tremendous amount from Russia and the work that they had done during the 2016 elections. And then what we saw in the midterm, as stated by General Nakasone in front of Congress. So we see this area of learning from each other, and that's considerable with the fact that this space is so rapidly evolving and changing. That learning could really have an impact.
Looking for a way to get ahead of the week in cyber and tech? Subscribe to the Cyber Initiatives Group Sunday newsletter to quickly get up to speed on the biggest cyber and tech headlines and be ready for the week ahead. Sign up today.
The Cipher Brief: You also mentioned that the proxy groups, that you can't really ignore the fact that they're being used in different ways. I know just speaking with colleagues at the Department of Justice over the past couple of years, that they were really noting an uptick in convergence between nation states and criminal actors. Is that something that you're still seeing more coordination among those two groups?
Col. Candice Frost: We definitely see it in both the money laundering arena and then financial crimes. Obviously, we know professional money launderers, that they've started to become the gatekeepers to, it's almost a professionalization of those cyber criminals that are going forward. They have accountants, lawyers, notaries. When you start to professionalize a business based on crime, that really is a stark reminder to the rest of us just how much this has grown.
And additionally, those high impact ransomware attacks, that ability to execute that coupled with where they're targeting in different areas. It's notable the exposure of sensitive data, all the way down to hospitals and now even schools. That's substantive in the fact that those easier to hit areas have exponentially increased in the last year.
Cybersecurity really is a marathon. It's not a sprint. But we've got to be weary that as it continues to grow, that lengthens the marathon beyond 26.2 miles. And we've just got to continue to not only drink water, but also get a little help from those around us. Because unlike a race, where you're going by yourself, cybersecurity is a team sport. And we've had a lot of players work together. And when we look at cooperation across the plane, we have seen substantive work with obviously NSA and Cyber Command working hand in glove together. But also at the DOJ, specifically the FBI and the great work that CISA has done. I personally got to see that working during the midterm elections, but it happens every single day to even the team level. It's pretty impressive.
The Cipher Brief: One of the actors that we talked about today, that we're going to be talking about a lot more today is Russia. I wonder, does it hit the radar of the Cyber Command anywhere? When you talk about disinformation campaigns and you look at the upcoming election, and Russia, they're really good at launching disinformation campaigns and at making Americans angry at each other. Are you worried about this at Cyber Command?
Col. Candice Frost: Russia does present one of the most serious foreign threats when we're looking at influence on the United States. And China, again, is watching this. Those influence actors have really injected themselves into the most contentious of our United States issues. We are very aware. We obviously were aware of the elections and the maligned influence, setting up for the 2024 elections. Even right now in 2023, we're looking forward to make sure that we can combat and make sure that that is downplayed as much as possible. But Russia is an actor that has really worked to hide their hand. And their influence that they've been able to maneuver in this space, they've laundered those message through Russian proxies. Whereas, say, we're a little more professional, we've been able to kind of strike at that. What we have seen is how they've been able to maneuver in different areas.
It just makes it harder, but we'll be able to hopefully work with private industry to notify and let people know what they're reading. I think that's the most important part that we saw, those shifts in social media. And that goes to the private industry and how they've worked together with us. I've seen great gains in that and I hope that that continues as we maneuver forward in this ever-evolving and changing landscape of both media and social media spaces.
The Cipher Brief: Elon Musk is one of close to a thousand signatories on this letter stating we all need to take a pause on AI for a moment because it can be potentially very dangerous and none of us really understands how AI is going to be impacting the future world. Is this something you spend a lot of time thinking about as well?
Col. Candice Frost: I think less so in my current position at Cyber Command right now, I'm also an instructor. And I do think about the impacts of ChatGPT and what it will have on papers and how to go about that. We have to look at the whole scope of how it will impact, it's really hard to stop progress.
And so, how do we maneuver within this space to make sure that we are bringing in people that understand ethics? Philosophers, that's where I always try to encourage people that may not be so technical, to come into this space. Because they are needed underneath this tent to ensure that we are doing the right thing when we create systems and use them for the future. Stopping that train (when) it's already left the station, that's going to be pretty hard.
The Cipher Brief: North Korea, where do you see the trajectory of their activity in cyber going?
Col. Candice Frost: I think they've got a real niche area in the crypto space. And despite the fluctuations over the past year in value itself, that's an area that they need to fund all sorts of operations in their country. That is a huge part of their income stream. I don't see that changing very much. I see them still relying on that to be a part of really their GDP and how they bring funds into their country.
Again, they're also outsourced for bringing in remittances and working outside of their country to bring money back to families. Just being aware and cognizant of the people that you hire. I tell people just be very cognizant, if it's work from home, making sure that you're really getting someone that's not from North Korea to help you in your software development.
The Cipher Brief: I'm sure a lot of people would love to hear if you have some tips on how Cyber Command looks at guarding against things like that when so many of us are working remotely.
Col. Candice Frost: I know CISA does a great job at the public information campaign, of making sure that people that you hire in the information domain, especially in software development, are who they say they are. And of course, again, it's always those security professionals that work with you is check and double check your workforce. That'll help you out.
And opening the space where if somebody's like, "This just doesn't seem right," making it very easy for them to talk to somebody in HR to say, "The hair on the back of my neck is standing up with this employee." Let it be known, and that helps. When we're all in this as a community, it really does.
It pays to be a Subscriber+Member with exclusive access to virtual briefings with leading experts and top officials in the national security and intelligence space.
The Cipher Brief: Iran has always been a major destabilizer, I think both in cyber, physically in areas, particularly in Europe, where the US is present. They've now started contributing drones and other technologies to Russia for the war in Ukraine. What kind of trajectory do you see Iran on at this point in time?
Col. Candice Frost: Iran is still the biggest agitator in the Middle East. And although they are, we've seen trade because of Russia's economy truly being locked down on every single piece, kit, and component. And definitely chips. Microchips are incredibly important for a lot of warfare-like systems. That shut off to the ability to get that has caused strange bedfellows.
And with Iran and the work that they've done, projecting forward for them, I still think that, at the end of the day, they're willing to be a partner just to an extent. And the fact that they've got their own regional issues, that they've always got to maintain a focus and care about.
The Cipher Brief: Russia. Given their campaign in Ukraine, has it taken their attention off of some of the more persistent threats that we've seen in the past in cyber?
Col. Candice Frost: When we look at their ability to use this space to grow, they still have their proxy actors that are out there. But like anything, if a proxy actor is being called to the front line, they're not in front of the keyboard. And so, you've got, already, if you just look at the trajectory of their population, you've already got a decline in a growing aging population. This is impacting that as well.
There are many different things that they'll have to eventually choose guns or butter. They're going to have to face that decision. But at the end of the day, never discount Russia. History has absolutely taught us, when you think that this country has reached its limits, it absolutely hasn't. Just look at World War II and the impact that that country really did have on it. We have to be very cognizant of the fact that being able to pull people from different areas, the budget itself, and the impact of what their primary export is, it still has a little bit of an influence in the world and we've got to pay attention to that.
The Cipher Brief: Let's talk about China. Everyone is looking at Ukraine and thinking how might China be watching, be paying attention when it comes to the issue of Taiwan? Are you seeing changes, that you're able to talk about, when it comes to how China using the cyberspace and technology for whatever its future action will be in Taiwan?
Col. Candice Frost: I would say they're watching with an eye towards what's gone on in Russia, Ukraine. Absolutely the events that are happening. But they've also looked at, hey, what happens when those economic levers were turned up on Russia? And China still has that ever-present concern with their supply chain, when it comes to semiconductors, minerals, batteries. They are really gripping a hold of the solar panels, almost to the fact that they have a choke hold on the market. And then pharmaceuticals as well.
They understand how they'd have to maneuver and grow in different areas in the cyberspace, absolutely. But where can they start to invest in? We are absolutely seeing that, so that the work that Xi has tried to do with respect to China 2025 and semiconductors, and by the way, The Chip War by, I think, Chris Miller is one great book to read. And the other one is The Wires of War by Jacob Helberg. Those are two phenomenal books that I've read lately, that really, I think, grasp at what these issues are. And longitudinally have us look forward into where those areas that China could really, that are unique to only China that they could maneuver in, especially in the world that we live focused on cybersecurity and cyberspace.
Read more expert-driven national security insights, perspectives and analysis in The Cipher Brief because National Security is Everyone’s Business
