Serge Christiaans: “We will never be freed from cybercriminals”


During Cybersec Europe’s local edition in The Netherlands, Utrecht (Cybersec Netherlands 2023), CISO Serge Christiaans took part in the panel discussion about OT Security. We then asked him for his views on cyber warfare, aviation security and the role of cybercriminals and ransomware in the future.

How crucial is cyber warfare during warfare nowadays? Or rather, is cyber warfare itself the (most important) war?

As a former military pilot, I’m well aware of the changes in how we fight nowadays. We refer to kinetic warfare as active warfare involving conventional and unconventional weapons in movement. Non-kinetic warfare typically includes cyber warfare, economic sanctions, and diplomacy.

The only difference between cyber criminality and cyber warfare is the motivation. Cyber warfare has been happening in different parts of the world for many years. It is largely undetected by the mainstream media and the public, mainly because it is invisible and because the damage cannot be captured in dramatic front-page images.

Combined with kinetic warfare, cyberattacks are highly efficient in ‘shaping the battlefield’, i.e., confusing and distracting the enemy, disrupting communications, gathering intelligence and espionage. I dare to say that one’s cyber warfare capability is a decisive weapon on today’s battlefields.

What role do ‘the Big 4’ play on the security world stage, and how do you think that will develop?

In cybersecurity, the Big 4 refers to the countries that host the most significant numbers of cybercriminals: China, Russia, Iran and North Korea. These countries all harbor highly sophisticated state-sponsored groups of cybercriminals, often in direct service of government agencies. They are ruled by dictators who make their own rules and can comfortably deny plausible links to these threat actors.

It is difficult to say precisely what percentage of cybercrime is attributed to threat actors residing in the Big 4, because cybercrime is often complex but not impossible to trace and attribute. However, it is clear and extensively proven that these four countries are all significant sources of cybercrime, with threat actors either working directly for the government or enjoying protection within its boundaries.

The democratic world, with its open society, is lagging in developing cyber warfare capabilities. Until we catch up, we will have a distinct disadvantage. The Big 4 will continue stealing our intellectual property and cryptocurrencies, intentionally disrupt our society, and gather intelligence for industrial and military purposes to prepare for eventual kinetic warfare.

How vulnerable is your industry, the airline industry, to hackers?

The aviation industry is extensively connected, part of the essential global transportation system, and relies on highly complex and often legacy IT systems. It is still undergoing massive digital transformations, and we have not seen the end of it yet. The aviation industry is also vital to any country’s economy, and disrupting it will have far-reaching consequences.

Threat actors will continue to find ways to disrupt air traffic control systems, passenger information systems, reservation systems and our supply chain. There is much low-hanging fruit for them with a high reward factor. A simple ransomware attack can compromise private data and render vital IT systems unusable, halting airport operations for many days. Private data of passengers has great value on the dark web.

How safe is flying today when airplanes, packed with computers, are hacked in flight?

Modern airliners are packed with hundreds of computers, although most are not connected to the internet. We have not seen successful cyberattacks on an airplane in flight or related incidents. However, GPS spoofing is becoming an increasingly annoying problem, especially along the Finnish-Russian border and around Iranian airspace. A GPS spoofing attack intentionally decreases the accuracy of satellite GPS signals used for airplanes to navigate and land at an airport.

All in all, I do not expect any hacker to be able to take over the flight controls of my airplane in flight. Still, they might be annoying when denying the availability or integrity of specific sub-systems. I am developing cybersecurity training programs for airline pilots to train them in flight simulators. Recognizing the threat and the indications of a cyberattack are the primary goals of these training sessions.

When will the world finally be rid of cybercriminals?

I’m afraid the world will never be freed from cybercriminals, or criminals in general for that matter. They will just keep showing up in different forms. Just the same as humanity has always known war. Maybe it’s a design failure in Homo Sapiens?

Many governments, but especially dictators worldwide, use their cyber capacities as cheap, almost undetectable, non-kinetic weapons. As mentioned earlier, the Big 4 are responsible for most cyberattacks worldwide, and they know we have no way to defuse their cybercriminal intentions.

The thin line between kinetic and non-kinetic warfare is blurring, which means cyber warfare is rapidly becoming an integrated and essential part of warfare. I’m afraid we must keep up with cybercrime for many years to come unless we, perhaps, achieve global peace?

And by extension, do we ever eliminate ransomware and ransomware attacks?

Ransomware is just another cybercrime, albeit a disruptive one. We will never be able to protect all our companies, civilians and governments against cybercrime. Cybersecurity is simply too complex for that. There is no such thing as 100% security. However, proactively hunting down the threat actors and neutralizing them would significantly help against the endemic rise of ransomware we still witness today.

Biography Serge Christiaans

Serge Christiaans is a Singapore-based CISO and Data Privacy Expert. He’s also a director and board member of the ISACA Singapore chapter and flies as a captain on a commercial Airbus. Before assuming his CISO roles, he obtained a business degree from the esteemed Royal Netherlands Military Academy and completed a master’s degree in cybersecurity at the University of West London.

With over 18 years of global IT and cybersecurity experience, he has served as a cybersecurity and data privacy leader for many organizations since 2005. He has accumulated extensive operational leadership experience as a decorated veteran military pilot and cybersecurity leader operating in Asia Pacific.

He is widely recognized for his inspiring, people-oriented leadership and mentoring style and comprehensive aviation experience. Christiaans enjoys discussing life, the universe and everything in between, including leadership, company cultures and, of course, aviation, preferably while enjoying an excellent cup of espresso.

Gerelateerde artikelen