Digital Tug of War: Unraveling the Cyber Battle Between Ukraine and Russia
10-17, 11:00–11:30 (Europe/Luxembourg), Salle Europe

In this presentation, we will delve into the interesting Ukraine-Russia conflict over the past year and uncover the emerging challenges in cyber threat intelligence and its critical importance to detection engineering, validation, and organizational resilience. Explore the impact of cyber warfare on global security dynamics and gain valuable insights into the intersection of geopolitics and cybersecurity. Join us for a brief but enlightening journey through this evolving landscape.

Embark on a fascinating journey to uncover the multifaceted narrative of the protracted conflict between Ukraine and Russia that has captivated the world for over a year. This presentation aims to provide a comprehensive summary of the significant events, key moments and complex dynamics that have shaped this ongoing geopolitical saga.

Amidst this turbulent backdrop, the realm of cyber threat intelligence has become a critical battleground, adding an unprecedented layer of complexity to an already volatile situation. We will delve into the myriad challenges that have emerged in the context of cyber threat intelligence and explore how they have shaped the course of the conflict and influenced the dynamics of global security.

One of the main objectives of our discussion will be the intrinsic value and indispensability of threat intelligence in current conflict scenarios. Threat Intelligence serves as a beacon of foresight, equipping organizations and nations with the knowledge and tools necessary to proactively defend against cyber threats. By analyzing evolving tactics, techniques, and procedures used by adversaries, threat intelligence enables the identification of potential vulnerabilities, allowing stakeholders to strengthen their defenses and increase overall resilience.

In addition, we will explore the complex interplay between threat intelligence and critical organizational processes. Detection engineering, the art of developing robust systems and mechanisms to identify and neutralize cyber threats, increasingly relies on timely and accurate threat intelligence. The synergy between detection engineering and threat intelligence supports the creation of sophisticated and proactive defense strategies that provide a more secure digital environment for organizations of all sizes.

Validation, another key aspect in cyber threat intelligence, is becoming increasingly important in the context of the Ukraine-Russia conflict. Validating the authenticity and reliability of threat data is essential to distinguish real threats from false alarms. By implementing robust verification procedures, organizations can distinguish between genuine cyber threats and misleading or deceptive information, thereby optimizing resource allocation and response efforts.

Finally, our presentation will underscore the importance of organizational resilience in the face of persistent cyber threats. Threat intelligence acts as a critical foundation upon which resilience strategies are built. By leveraging threat intelligence, organizations can develop comprehensive response plans, identify potential attack vectors, and implement proactive measures to mitigate risks and minimize the impact of cyber incidents.

Join us as we embark on this thought-provoking exploration of the Ukraine-Russia conflict, where the convergence of geopolitical tensions and cyber threat intelligence makes for a compelling narrative. Prepare to gain invaluable insights into the complex interplay between these domains and emerge equipped with a deeper understanding of the evolving landscape of contemporary warfare.

Ondrej Nekovar (Th30ne) currently works as a CISO at some state company, where he and his team provides cyber security for the national data centre and eGovernment cloud (critical information infrastructure). His other role is Chief Deception Officer, where he is responsible for the strategic development of active measures elements and adversary engagement and its use. He also specializes in cybersecurity legislation and Active Cyber Defense (ACD) issues like its use by private organizations.

With his esteemed colleague and co-speaker Jan, They created a modernized Active Cyber Defense Gray Zone and its taxonomy, a few MISP addons for ACD, ACD loop, custom Alerting and Detection Strategy with ACD use and Adversary emulation Lab. They set up a DEF CON GROUP for the Czech Republic (DCG420) which organizes meetups of cyber and ACD enthusiasts, custom R&D (open methodologies, addons, tools) and trips with kids. They are a frequent speakers at conferences such as BlackHat, Qubit and others.