In the face of cyber threats, how do nations & organisations safeguard personal data & secure the digital systems we rely on?
In the face of cyber threats, how do nations & organisations safeguard personal data & secure the digital systems we rely on? In this episode, host David Karsten is joined by Dr Nickson Karie, a cybersecurity and forensics expert to discuss the looming threat of cyberattacks, the potential impacts of cyberwarfare on a nation, and what we can all do to keep our information safe in cyberspace.
What is cyberwarfare? [00:57]
The future of cyber-defence and AI [06:23]
The likelihood of a catastrophic cyberattack [09:20]
What inspires Dr Karie [20:20]
Curtin Institute for Data Science (Formerly Curtin Centre for Computation)
Bachelor of Science (Cyber Security)
Dr Nickson M Karie
Dr Karie is an accomplished cybersecurity and forensics professional with more than ten years of academic teaching and research. He is currently a Senior Lecturer in Cybersecurity and Forensics at Curtin University.
Dr Karie uses his cybersecurity and forensics skills and knowledge to contribute to the technological advances happening in different industries. He believes that security is not only a fundamental part of our daily life but also key to the future of our global
digital economy.
Dr Karie graduated from the University of Pretoria, South Africa in 2016 with a PhD in Computer Science. His research interests are in cloud forensics, critical infrastructure security, cybersecurity, digital forensics, incident handling and intrusion detection,
IoT forensics, and mobile forensics.
This podcast is brought to you by Curtin University. Curtin is a global university known for its commitment to making positive change happen through high-impact research, strong industry partnerships and practical teaching.
Got any questions, or suggestions for future topics?
Email thefutureof@curtin.edu.au
Host: David Karsten
Content creator: Alex Foot
Producer and Recordist: Emilia Jolakoska
Social Media: Amy Hosking
Executive Producers: Anita Shore
Curtin University acknowledges the traditional owners of the land on which Curtin Perth is located, the Whadjuk people of the Nyungar Nation, and on Curtin Kalgoorlie, the Wongutha people of the North-Eastern Goldfields; and the First Nations peoples on all Curtin locations.
OKAY by 13ounce Creative Commons — Attribution-ShareAlike 3.0 Unported — CC BY-SA 3.0 Music promoted by Audio Library.
Curtin University supports academic freedom of speech. The views expressed in The Future Of podcast may not reflect those of Curtin University.
00:00:00:00 - 00:00:31:21
David Karsten
This is the future of where experts share their vision of the future and how their work is helping shape it for the better.
I'm David Karsten. Cyber warfare has become an intense global security issue. As technology advances, nations are becoming increasingly vulnerable to a cyber attack on their digital systems and infrastructure. Such attacks may disrupt essential services such as power, healthcare, banking and transport systems, and have the potential to severely impact the nations population.
00:00:32:01 - 00:00:57:02
David Karsten
So what can countries do to mitigate the risk? Today, I was joined by Dr. Nickson Karie an accomplished cyber security and forensics expert and lecturer at Curtin University. We discussed how cyber warfare has evolved, the risks of cyber warfare and what countries can do to defend themselves. If you'd like to find out more about research and cyber security, you can visit the links provided in the show notes.
00:00:57:04 - 00:01:25:13
David Karsten
So look, I guess a good place to start is just defining what cyber warfare is. So. So next on what is cyber warfare and how is it evolved over time.
Nickson Karie
Thank you so much, David. I would want to say that cyber warfare physical refers to the use of digital hacking techniques or any information technologies to disrupt or damage computing systems and networks.
00:01:25:14 - 00:01:54:10
Nickson Karie
And this could be of individuals or even organisations or nations. So that to me is cyber warfare.
David Karsten
And so it's certainly changed shape over time, hasn't it? I mean, yeah, And I guess in that context, how how has it developed to the cybersecurity and cyber? Cyber warfare issues that we see today?
Nickson Karie
Yeah, definitely. The cyber warfare has evolved over time.
00:01:54:10 - 00:02:25:05
Nickson Karie
And if you look back most of the time we think of cyber warfare into sides of either offensive or defensive. But most of the time people think of the offensive more than the defensive. But it has two sides. But if you look at it from the beginning, look at the early stages of of cyber warfare, this was really a hard thing because in the early stages it primarily involved basic hacking.
00:02:25:05 - 00:02:50:03
Nickson Karie
And this is where the whole concept of everyone wanting to hack came to, you know, due to the limelight. So it involves simple basic hacking techniques such as defacing our website. So if you have a website, someone plays around with it and changes a few things there. So those were the early stages of, of this whole, you know, feed and people would launch denial of service.
00:02:50:03 - 00:03:13:08
Nickson Karie
So if you want to send an email or want to receive an email, you can get it. So these were the early stages of cyber warfare, in my opinion.
David Karsten
So so Nickson, we've had the PayPal customers targeted MailChimp, the US hospital system, even Air France and KLM were targeted in cyber attacks and that was just in January this year and that was just a few of them.
00:03:13:13 - 00:03:40:21
David Karsten
What are some of the notable examples of cyber warfare in both Australia and internationally that that you've been aware of?
Nickson Karie
Well, are quite a good number and in Australia if we even look back, they are Australian Parliament hack, if you remember about that, that was one good example that Australia probably was checked, and they had to act and do something.
00:03:40:23 - 00:04:13:23
Nickson Karie
But look, internationally there is more than just the parliamentary there. If again, if we think about Australia, the Department of Meteorological, you know, they were also attacked and they are whether that town was disrupted and they couldn't do much of their work. Think of the SolarWinds attack which also affected Australia, UK and many other countries as well. So this is not just a concept of Australia, but it's a global thing.
00:04:13:23 - 00:04:43:00
Nickson Karie
So look at the US, the standard Stuxnet attack, which was also a global one, so quite a good number. Look at the Ukrainian power grid attacks. So most of these things, when they happen, we think maybe it's just for that country, but the more they do this, the more they in these other countries as well, because when it affects one and they cannot deliver services to the other, then again, you are affected.
00:04:43:02 - 00:05:08:09
Nickson Karie
So it's becoming a global problem. So it's not just a one man's or one country's issue. It's really a global thing.
David Karsten
Well, Nixon, you talk about affecting, uh, everybody, you and I, when when a cyber attack does happen, can you perhaps give an example of how that literally can affect us? Say, for instance, uh, hospital systems, electronic records are compromised.
00:05:08:11 - 00:05:34:13
David Karsten
What could happen in that scenario?
Nickson Karie
Yeah, that's a good one. Especially in the health sector. You know, it's one of the areas that I think if anything happens, think of it this way. If, if you have an automated, uh, dispenser for medicine, for example, where you supposed to take two tablets a day or three or maybe one's three times, right?
00:05:34:13 - 00:06:09:20
Nickson Karie
So morning, afternoon and evening, somehow an attacker or some guy decides to attack this machine and dispenses three times three. That means three tablets three times a day. You can imagine taking a one day dose three times what will happen. So this is the problem with this cyber warfare kind of attacks, because when they affect the system, they affect you as an individual, because when they attack the hospital and and attack the dispenser, it doesn't affect the hospital, only it affects you as a person.
00:06:09:20 - 00:06:39:02
Nickson Karie
Because now you're taking triple dose. And of course, probably by the end of the day, you're dead already because you're supposed to take triple a dose in such cases. So this is how it goes down to the individuals. And it can it just doesn't affect it can kill.
David Karsten
It's a frightening proposition, isn't it? It really is. And and it's only becoming more, I guess, severe and critical as emerging technologies make themselves known in this space.
00:06:39:02 - 00:07:08:11
David Karsten
So. Nixon, what are we looking at in terms of the future of cyber warfare and cyber defence? I mean, there are some frightening emerging technologies that could really dial up the severity of these attacks.
Nickson Karie
Yeah, Yeah. I think with the emergence of AI, this is a field that can be utilised. And I think as good as it sounds, it's a double edged sword because the attackers are also using it.
00:07:08:13 - 00:07:46:15
Nickson Karie
So it's good to adapt to it and use it to develop frameworks, defensive systems and many other mitigation measures that we can think of using AI. But at the same time, it's not enough to develop without educating people. So I think beyond just a rather besides the using of AI, we also need to create an education system that just goes beyond the development and educate everyone on how to use them or how to look out for these attackers.
00:07:46:15 - 00:08:16:05
Nickson Karie
And, you know, any sign of or any indicator that could tell someone this is just not right. We need that for everyone.
David Karsten
AI is set to make that very difficult for for us to actually differentiate between what's genuine and what is what is a threat. Can you give us an example of that? Planting too many seeds out there for ideas, But how exactly would AI manifest within a cyber attack?
00:08:16:07 - 00:08:46:10
Nickson Karie
It's very difficult for a normal person to know when it's used because AI makes it very sophisticated for a normal user to detect anything, and that's why the attackers are using it. But look, the simplest thing you can do is when it's too good, think twice. When it looks too good. Think twice, because not every good thing comes easy, as they put it.
00:08:46:12 - 00:09:08:19
Nickson Karie
So sometimes they send emails that look very real and they are giving you suggestions that you probably have never heard of in your life and you think probably this is a jackpot, but that's when the problem starts. So when the deal is too good, think twice that. But then again, it boils back to the education side of it.
00:09:08:19 - 00:09:33:01
Nickson Karie
How educated is this person to think that way? It's a matter of psychologically training someone to be able to know. If they're not trained to know, then they to know. And that's how they are targeted.
David Karsten
At the 2023 annual meeting of the World Economic Forum, it was revealed that 93% of respondents believe a catastrophic cyber attack is likely in the next two years.
00:09:33:03 - 00:10:11:09
David Karsten
Firstly, what is a catastrophic cyber attack and what are your thoughts on this?
Nickson Karie
I think a catastrophic cyber attack is one that is very sophisticated and I would think of something we've never heard of. Let's say if attackers decides to take over airplanes when they are up there. So if I can be able to capture ten of them and direct all of them towards the same point, that's probably more than a bomb, right?
00:10:11:11 - 00:10:45:21
Nickson Karie
Because when they collide, you can imagine the impact of that. That's what we call catastrophic attacks. Because if you can be able to take charge of this type of infrastructure and this is not just planes, we are talking of many other things, including we have autonomous vehicles these days. You know, no driver, no, no one inside. If we can be able to take over ten or 20 or 30 of them and just move them to one direction and crash them, that's basically going to be a catastrophic attack.
00:10:45:21 - 00:11:19:15
Nickson Karie
So we are looking at something that is not doesn't look normal to us, but it's possible to happen. And that's basically what I also can, you know, bring these kind of catastrophic attacks.
David Karsten
So, yeah, this is what I think would look like a catastrophic look with 93% of respondents anticipating something like this happening in the future, it seems to suggest that there's definitely an awareness of the dangers of of a cyber attack.
00:11:19:15 - 00:11:53:18
David Karsten
But but what you're saying is education is is what really needs to be dialed up in this instance. Yeah. Yeah. Well, what security measures then, on a practical level, what security measures can countries take to to strengthen their cybersecurity defenses and to respond to these threats?
Nickson Karie
Um, I think at the moment when we talk of cyber, the cyber warfare level, we are talking of international treaties because as we talk now, not many countries are together in terms of cyber security.
00:11:53:20 - 00:12:29:00
Nickson Karie
Everybody does what they do and probably not interested in, you know, talking to the other people. So if we can come up with international treaties, global frameworks that can be used when it comes to how people conduct themselves so these are just but some of the things that can help when it comes to cyber warfare, especially also in terms of threat intelligence sharing information, when something happens here, you are willing to share with another person to be able to help them.
00:12:29:00 - 00:12:57:03
Nickson Karie
Also, you know, get ready just in case they attack the same way you are. So these are the fundamental things that probably we need to consider in creating international treaties, global standards, you know, where people can share information freely without any any problem.
David Karsten
So I think these are some of the primary things that we need to consider cyber in, in a broad sense.
00:12:57:03 - 00:13:27:16
David Karsten
But you've touched on artificial intelligence, and it's growing role in this space. Cyber space is such a nebulous concept in a way. It's a very difficult it's not a physical thing. You can grasp, right? Yeah. So how do you promote ethical use of AI in this space? Regulation and governance must be such a difficult thing to both get agreement on and then also to enforce.
00:13:27:18 - 00:14:01:20
Nickson Karie
Yeah, I think the same way nations have come together to fight other fields like climate change. I think the same concepts can be used in cyber security coming together, not fighting climate change, fighting cybercrime. So the same frameworks they are developing for climate change, they need to think about how to develop the same for cyber security. So because look, when you think of climate change, just like cyber, you might think it's not physical.
00:14:01:22 - 00:14:37:19
Nickson Karie
Like it doesn't affect me when someone tells you climate change is affecting this area. But how is something unless you understand it the same way I tell you, cybersecurity or cyber crimes are becoming a big problem here. Then someone will. How? Because I've never seen it. I've never been hacked or something. So it's basically the same way, coming together, formulating things that helps us all together and we move forward with it, you know, because there are very many treaties that have been, you know, countries have come together to form treaties based on different fields.
00:14:37:19 - 00:15:07:03
Nickson Karie
Right. So I believe the same can be done with cybersecurity. Just come together. Let's talk about it. Let's agree on what we need to do, What defensive measures do we need to put place? What standards do we need to put in place so all these can be able to enhance, you know, the defensive capabilities of different nations?
David Karsten
Are you suggesting some kind of world authority or a some sort of un of cyber perhaps?
00:15:07:05 - 00:15:31:14
Nickson Karie
Well, not necessarily a un of cyber, because I think within the UN itself there are different departments and they probably have one for cybersecurity already. So they should come up with another. You win for cyber, but just find a way to incorporate these into the already existing conflict. It would even be easier because they already have the structures.
00:15:31:14 - 00:16:03:01
Nickson Karie
Right? Is just creating a department that manages cyber security.
David Karsten
I think we're starting to solve the problem. Nixon Between you and I, Yeah, look, we talked about individual responsibility and recognising when something looks too good to be true, probably is. What about organisations on a local level? I mean, we've seen in the last year or so organisations that have a lot of client data on file being hacked.
00:16:03:03 - 00:16:39:03
What what is their responsibility to us as consumers and I guess as an organisation to, I guess, provide proper defences against these cyber security threats.
Nickson Karie
Look for organisation, they have a responsibility of protecting what we give them. And that's your data. My data. And for every other person's data, that's their responsibility, because they ask this data from us and we give them it's their responsibility to make sure that they keep it as safe as we want it.
00:16:39:05 - 00:17:03:21
Nickson Karie
But at their level, what they need to do, I think, number one is to have a cyber security strategy. You know, the problem with many companies, not many, but some companies, is that they do things without necessarily thinking about the cyber part of it. And look, it's not just a problem of the gap. It's a problem of everyone.
00:17:03:21 - 00:17:30:16
Nickson Karie
Like when new technologies come, we are all happy to embrace it without thinking about the cybersecurity side of it. It's only after some time then we realise that technology wasn't as good. But look, as an organisation, you have to think about it before you embrace it. So they have to develop cybersecurity strategies. How do we bring in something new, not just out of hype or something?
00:17:30:18 - 00:18:02:02
Nickson Karie
So that's that's one of the responsibilities They must have develop strong cybersecurity strategies. But beyond that, they have also to conduct risk assessments. Everything you do has its own risk. So you have to understand what risks are you bringing to yourself by bringing in this kind of thing. Collecting people's data is good, but what risks I care because if I know you have the data, I would want to have that data.
00:18:02:04 - 00:18:31:07
Nickson Karie
What are you putting in place to make sure that someone doesn't get this data is something they need to do. So beyond the strategy, they need to do risk assessment, but also implement strong defensive mechanism like strong access control such that not everyone can just have access to it any time they want to specific people based on their role, they should be given access to specific information.
00:18:31:09 - 00:19:01:06
Nickson Karie
And you know, if you as a user feel like you don't want your information to be there anymore, they still need to give you an option to opt out.
David Karsten
To your knowledge, is there a legal obligation or a an insurance obligation for organisation to have a cyber strategy in place?
Nickson Karie
I think there is, and that's why we have regulatory bodies to regulate on.
00:19:01:06 - 00:19:29:01
Nickson Karie
What do you do as an organisation and the regulatory bodies mostly are there to make sure that whatever you're doing is in compliance with what everyone else wants or is doing. Because if you don't follow these kind of regulations, then it means you are more vulnerable than just any other person. So I think that, yeah, it's it's there.
00:19:29:05 - 00:19:53:08
Nickson Karie
It's kind of mandated to some of these organisations. It's no longer optional. You must have it, you must do it. So that's that's basically something that's there.
David Karsten
Oh, it's good to know that there is at least some layer of obligation and protection there for us as consumers. Yeah. Look, we're just going to take a quick break, but we will be back right after this.
00:19:53:10 - 00:20:24:22
Voice Over Presenter
Do you want to expand your career prospects in science or engineering? A postgraduate course at Curtin University can help you gain Advanced technical expertise, skills and knowledge. You might collaborate on real projects with partners including BHP, CSIRO and NASA, or work on high impact research initiatives, including the Benalla space program and the Square Kilometer Array. Get started on your postgraduate journey today by visiting Curtin, you forward slash postgrad.
00:20:24:24 - 00:20:58:12
David Karsten
What about your research, Nixon? What inspired you to work in cybersecurity? Yeah, thank you once again. I would want to say that in my research I have focused mostly within the cybersecurity and digital forensic field. That's that's my major. And mostly I focus in cloud, forensic critical infrastructure, security. That's including all the transportation systems and, you know, power grids and all that.
00:20:58:12 - 00:21:27:18
Nickson Karie
I very much interested in that area. Intrusion detection and incidence handling that's basically looking at how can someone come into your computer and incidents handling is how do you handle it if you know someone has entered your environment. So that's basically what incident handling. So I'm very much interested in that as well. I do a lot of creating some of these rules or how to detect different incidents.
00:21:27:20 - 00:21:52:05
Nickson Karie
And basically they are after look at how do we handle it if we find it. So that's that's a very interesting area in my research. Look, at the end of the day, I also have IoT in that package as well. I look at some of the IoT look these days. You connect your everything in the house, right? Your fridge, your washing machine, your microwave, your everything.
00:21:52:07 - 00:22:15:19
David Karsten
And for those of us at the back of the room IoT, what does that stand for?
Nickson Karie
Internet of Things and I think can be anything, including you as a human being. We sometimes do you as a thing, but not necessarily a thing inside. But when you connect anything to that network that becomes that thing, it becomes an object of reference.
00:22:15:19 - 00:22:56:19
Nickson Karie
So we can get to eat anytime if we have to. And that's basically what happens in the medical field when they put a gadget on you and you move around and they monitor your temperature, your blood pressure, you. So that thing has entered the Internet of Things. So that's that's part of my research. So look, what what I do is I study the latest trends, what's happening, what kind of vulnerabilities are coming up, what are the attackers doing in our understanding, this kind of environment, to help us to develop proactive measures of how to defend ourselves?
00:22:56:19 - 00:23:28:17
Nickson Karie
Because, look, if you don't know anything, how do you defend yourself? And again, they say if you know, you cannot know where you're going unless you know where you're coming from. So if you can understand how they do these things, how do you move forward? It becomes a very big problem. So that's basically what I do, trying to help different people come up with response strategies, how to mitigate the risk as well and protect any sensitive digital assets in an organisation.
00:23:28:19 - 00:23:56:22
Nickson Karie
So look, my passion in cybersecurity, you know, it stems from a combination of factors, not just one. And the first one is the rapid, the digitisation of things. You know, everything is becoming digital these days. I'm not sure if our blood is going to be digital someday, but everything is being digitised. And as good as it sounds, it comes with its own risks, I guess.
00:23:56:22 - 00:24:22:13
Nickson Karie
So people look at the good side of it, but they don't look at the risk. So this usually motivates me, you know, to look at as as much as they go this way, how can we safeguard our systems against all this digitization? So once we have an understanding of the type of infrastructure they use, the different things they do, then we can come up with measures that can protect us.
00:24:22:13 - 00:25:04:14
Nickson Karie
So that's that's one side of it. The second thing is, you know, we have witness the as we said earlier, you know, the frequency and sophistication of cyber attacks. You know, it's just becoming very soft, sophisticated every day. And this also, you know, gives me off with my curiosity to desire to contribute to this field. Like as much as they do that, what can I also do to help other people in the same area so that that gives me the motivation to keep you know, researching and coming up with solutions, different strategies and measures.
00:25:04:14 - 00:25:31:05
Nickson Karie
So when these things happen, I feel compelled to act, I guess so Like I just have to do I can't just sit and watch like any other person. I feel compelled to act and, you know, come up with things that can help the whole world, not just me but everyone to feel safe, you know? And then again, the complexity and constant evolving nature of cyber security is also another thing.
00:25:31:05 - 00:25:58:16
Nickson Karie
Like it's different, you know, in in other fields. Probably things don't move as fast as in cyber. In cybersecurity, we always say even if you go to university and study cybersecurity, give yourself five years. If you don't study anything, they are after 60% of the things you studied probably don't matter anymore, so you only have 40%. So if you go ten years, you are irrelevant.
00:25:58:18 - 00:26:18:21
Nickson Karie
You know all the things that you studied in your undergrad, you are no longer needed because the dynamic nature of the field means every day something new is coming and you have to keep up with that trend. So that in itself, you know, always motivates me to dig deeper into what what something, you know, this new thing, how does it work?
00:26:18:21 - 00:26:43:24
Nickson Karie
What can we do? So these are some of the things that usually keeps me going in my research, trying to come up with different ways, different measures.
David Karsten
There's a lot to take in there, and it's been very educational. Dr. Nickson Karie, the James Bond of the cyber expert. Well, thank you so much for your time today.
Nickson Karie
Thank you for having me.
00:26:44:03 - 00:27:12:07
David Karsten
Yeah, yeah. Now it's it's a frightening set of circumstances that we seem to be heading towards yet. It's so encouraging to see that there are people like yourself in place ready with some strategy ideas and some some policy ideas to to bring us forward safely and securely. Thank you. You've been listening to the future of a podcast powered by Curtin University.
00:27:12:09 - 00:27:22:02
David Karsten
If you've enjoyed this episode, please share it. And if you want to hear more from experts, stay up to date by subscribing to us on your favourite podcast app, bye for now.