An Interview with Anri Amir David in May 2022 in Singapore, Abu Dhabi, & Jerusalem
Black Wall Global is a Digital Intelligence, Cyber and Defense Agency founded by Veterans of Elite Intelligence Cyber Units. The President is Commissioner Khoo Boon Hui, former Chief of Singapore Police and former President of Interpol. The Chairman is Chief Superintendent (ret.) Asher Ben Artzi, former director of Interpol of the Israel National Police. Senior Board members include Arik Barbing, the Founder and Head of Cyber Division and a Senior Official in the ISA, the Israel Security Agency (Shin Bet), Legal Counsel Barrister Nicos Clerides, a well-known international legal consultant and litigation expert and Yaniv David Zangilevitch, Senior Expert in the Homeland Security and Counter Terror Arena.
The team also includes veterans who have held senior positions in the Shin Bet and elite army and intelligence units in Israel.
We spoke with Amir (Anri) David CEO of Black Wall Global, former SEA to President of the International Cyber Police, and Senior Adviser National and Internal Security Service, about cyber risks and how world powers can counter threats to their national security.
Q Is the cyber war threat underestimated or exaggerated?
A It depends on how you define cyber warfare. If you define it as I do, it represents a government involved in the destruction of another in cyberspace. It hasn’t really happened yet. The few cyberattacks that have occurred (which we are aware of) were carried out with limited targets.
But this does not mean that a “full-blown” cyber war will not happen in the future as I believe that it will surely occur at some point in the not so distant future. The point is, however, that governments will only engage in “all-out” cyber warfare in the context of a war that they would otherwise have intended to wage militarily.
Q Do the leaders of the world’s superpower nations truly grasp the gravitas of the many cyber threats facing the national security of the country they represent?
A I do think that the leaders of the the superpowers generally understand the magnitude of the threat and the potential damage that cyber threats can cause to our countries, but they have not yet responded to it. I believe that many of them do not understand exactly what actions should be taken. Quite frankly, until these countries fall victim to a large-scale cyberattack, it is unlikely that legislators will prioritize making cyber infrastructure resilient in the private sector.
Q Is it possible to create a reliable deterrent to the malevolent infiltration of cyberspace?
A No. Cyberwar is unique in this regard. We must deter cyberattacks with the threat of conventional or economic retaliation. It is difficult to develop an effective cyber deterrent because you must already demonstrate the capabilities of your arsenal of retaliation. Your opponents need to know what you are capable of.
This was not difficult to do during the Cold War, because you just had to detonate some hydrogen bombs on some desert island and everyone understood that these weapons were available to you.
In cyberwar, this is not possible for two reasons. Firstly, the network infrastructure of each region of a country is different, and you cannot prove that the attack you just carried out in country A would also affect country B. Secondly, there is no cyber equivalent of this uninhabited island that you can destroy in order to prove to everyone else that you can.
Deterrence also necessarily operates in a system where each player can attribute an attack to a specific party with a very high degree of certainty, but cyberwarfare operates in a fundamentally different scenario, where participants carry out attacks by hiding their identity and never publicly take responsibility. Deterrence is a good concept in conventional warfare, but it hasn’t worked in cyberspace yet.
Q Does the development of new technologies help non-state actors? How can terrorists use new technologies and cyberspace to attack states?
A Absolutely. The Internet of Things is extremely useful for malicious non-state actors because it is notoriously insecure. For those unfamiliar, the Internet of Things is a generic term used to describe the cumulative suite of modern consumer, commercial and industrial electronics that depend on network connectivity to function.
I’m not just talking about your new Wi-Fi-enabled toaster or mixer; I’m talking about electronically controlled valves in nuclear power plants, power switches, devices that keep people alive in hospitals, pressure regulators on natural gas pipelines, etc. and the list continues. These are devices that can be found in every city in this country, which are now vulnerable to cyberattacks and can cause real, tangible harm to the people if the wrong person gains access to them. This is one of the main reasons why network security is so important in today’s era, especially for industry.
Q NATO has formally recognized cyberspace as an area of military operations. Is this a big deal?
A NATO is now an organization in itself, grasping the threat of cyber war and trying to defend its own networks. This is really a big deal because never before has a coalition of countries worked together to make their networks more resilient to mitigate cyber threats.
Q The United States, Britain, Israel, Russia, and China are often considered the world’s cyber superpowers. Are there new or emerging cyber powers that will play an important role in this area?
A Countries like Iran and North Korea have already demonstrated some of their capabilities in in recent years, and in the future, they will remain major players. The barrier to entry into cyber war is low and as technology spreads and the world as a whole becomes more tech-savvy, I believe new players will continue to emerge, whether they are non-state actors or states themselves.
Q Will the use of cyberspace ultimately be regulated through international agreements?
A We need more international agreements that help in the fight against cybercrime and help to establish cyber norms, considering that certain behavior in cyberspace is a violation of international law, an extension of the existing Budapest Convention.
For example, I think it would be wise for everyone to agree that compromising hospital networks or financial services is prohibited. However, there is the aforementioned question about attribution. How can you prove that a particular actor carried out a particular attack?
But in theory, this can be counteracted by reaching an agreement that obliges each country to take responsibility for attacks that pass through servers within their borders. It is obvious that today there are serious problems associated with such a structure, but I believe that this is something that the world community cannot solve in sufficient time.
Q What is the right balance between security and freedom of information?
A In the context of cyberspace, security and privacy are mutually reinforcing rather than competing. This is not a choice between one or the other, this is not a zero-sum game. Information security is paramount to trusting information from the outset. Without secure systems, you cannot be sure that the information you have is accurate.
Q What should countries do to improve their defense methods against the growing number of global cyber threats?
A There are three important steps that all countries must take.
Governance and Regulation – creation of a National Cyber Regulatory Body that will set the standards, regulations and assistance on protection of critical infrastructure, financial institutions, hospitals, and various enterprises.
National Governmental CERT (Cyber Emergency Response Team) Center that will provide advanced security and defense capabilities for detecting, monitoring, and handling of cyber advanced threats and attacks at the national level on critical infrastructure.
And the most important is Education- Everything starts with education.
I would implement a comprehensive curriculum of cyber education which would commence in primary schools for children.
The foundation and a critical requirement for the success of any security measures and protections is an informed administration with an in-depth knowledge of the risks and threats of cyber-attacks. We must substantially raise awareness across sectors and provide a quality education on the relevance of strict policies, protocols, and safeguards. To educate and train by customizing curriculum to the specifics of any organization.