We meet Berta Jarošová, the Czech cyber attaché in the United States, in one of the many cafes in Washington during Prime Minister Petr Fiala’s visit to the US capital. In an interview for Seznam Zprávy, the young diplomat describes what role the Czech Republic plays today in the fight against cyber threats, or the fact that the country currently finds itself in a situation where it is an attractive target for a number of potential attackers.
“As for the Czech Republic, we must realize that we are a supporter of Ukraine, a great partner of Israel and a supporter of Taiwan. This can make us a very attractive target for adversaries in cyberspace,” explains the cyber diplomat and outlines what threats people actually face in today’s world.
What are the biggest cyber threats facing people today?
There is a whole range of threats, and it always depends on who they concern. The general public will be most exposed to various types of social engineering, where we see an increase in phishing, smishing, vishing – that is, fraudulent e-mails, phone calls and SMS that target the finances of residents, which the attackers try to obtain through coercion and sophisticated procedures.
From the point of view of states and national security, state-sponsored actors are the biggest threat, whether they are groups associated with Russia, China, Iran, or North Korea. Worldwide, we are observing an increase in attacks against critical infrastructure, i.e. in the field of transport, telecommunications or energy.
But we are also observing an increase in cyberespionage against government institutions with the aim of obtaining sensitive information or against key businesses and companies, where the goal is to steal intellectual property.
And what about the Czech Republic?
As for the Czech Republic, we must realize that we are a supporter of Ukraine, a great partner of Israel and a supporter of Taiwan. This can make us a very attractive target for adversaries in cyberspace.
What does a Czech cyber attaché actually do in the USA?
The Cyber Attaché is an extended arm of the National Office for Cyber Information Security (NÚKIB), i.e. the Czech Republic, for issues of cyber security. It primarily cooperates with the US federal government, but also with the private sector or non-governmental institutions.
The Czech Republic was one of the first EU member states to establish this position in Washington almost 10 years ago, but today the community of cyber diplomats is larger. One of the specific outputs is the bilateral cyber dialogue, which took place between the USA and the Czech Republic for the first time this March and which was attended by, for example, the American FBI or the NSA.
At the meeting, the development to date was evaluated, but the strengthening of cooperation in the field of quantum technologies or artificial intelligence was also discussed. Furthermore, for example, coordination before the upcoming NATO summit in Washington was addressed, an integral part of which will be the discussion on strengthening the Alliance’s resilience and capabilities in cyberspace.
Increasingly, these are attacks through supply chains, meaning that attackers attack companies that supply technology solutions to governments, for example, and exploit flaws in their products or services to gain access to key systems. It is therefore important that we implement adequate security measures and reduce dependence on risky suppliers.
In this context, I can also mention the new law on cyber security, which we are working on and which aims to address this issue and introduce a new mechanism for vetting suppliers in the field of ICT into the strategic infrastructure of the state.
So does this mean that with the escalation in the Middle East, for example, has come another wave of cyber threats?
We must be prepared for such a scenario, because the Czech Republic not only supports Israel, but NÚKIB also concluded a memorandum on cooperation in the field of cyber security with it last year. Globally, we observe increased activity, for example, from the CyberAv3ngers group, which is pro-Iranian.
As far as the Czech Republic is concerned, we have noticed attempts at cyber espionage, for example by groups supported by China, Russia or North Korea. Similar to other NATO allies.
Is the situation in the USA different from that in the Czech Republic?
In terms of threats, I think Europe and the US as a democratic bloc face similar challenges. What differs is the intensity of the attacks, the individual actors or how everything changes depending on geopolitical developments. Right now, for example, there is a lot of talk on both sides of the Atlantic about election protection.
Berta Jarošová
- Since 2022, he has been working as a Cyber Attaché of the National Office for Cyber and Information Security at the Embassy of the Czech Republic in Washington DC.
- In 2019, she participated in the signing of a memorandum between the Czech Republic and the USA in the field of 5G security.
- She also collaborated with the special representative for cyberspace of the Ministry of Foreign Affairs and worked at the Defense Policy and Strategy Section of the Ministry of Defense, at the Permanent Mission of the Czech Republic to the United Nations in New York or at the Prague Security Studies Institute think tank.
- She studied law at the Université Paris 1 Panthéon-Sorbonne in France and at Leiden University in the Netherlands.
Photo: Berta Jarošová
Berta Jarošová.
However, the difference is also that Europe is ahead in cyber security regulation. What we have had in place for almost 10 years, the Americans are only now solving and considering how to grasp it at all. An example is the reporting of cyber incidents, which is an obligation that we have had in place in the Czech Republic since roughly 2014. Here, it is only in the beginning.
For the Americans, on the other hand, the main starting point is strategic competition with China, which is their priority. As a result, they approach technological security in a much more holistic way and, for example, have national security much more closely linked with economic security. The US is more assertive towards China and openly warns against related cyber threats.
So can it be said that the Czech Republic is a bit of an example here?
We are trying. As part of the consultations, we also share some of our experience with the Americans in the area of implementing regulation or various national policies.
And how do they perceive the Czech Republic otherwise?
Prime Minister Fiala’s visit showed that the USA perceives the Czech Republic as a reliable, trustworthy, but also proactive partner, which also applies in cyberspace. I think the proof of this is not only the fact that the first cyber dialogue between the Czech Republic and the USA took place in March at the Ministry of Foreign Affairs in Prague, but also the fact that, as part of the program, the Prime Minister met with Anne Neuberger, President Biden’s chief advisor for cyber security and groundbreaking technology.
Is the attention given to cyber threats enough today?
It’s getting better, but it’s a never-ending process. I think awareness campaigns, more availability of educational courses and the realization that cyber security is not just a matter for the technical community, it affects all of us, can help with this among the general public.
The situation could improve, for example, in connection with investments in cyber security. In order to be able to continue to face the growing cyber threats, state institutions must have enough financial resources to develop and reward experts who are dedicated to this topic. We should be more competitive with the private sector.
However, the shortage of professionals is being addressed worldwide.
How can we be successful in the fight against cyber threats? Is international cooperation the answer?
It is not possible in any field without international cooperation. However, it is even more important in the cyber sector, as information is gathered from many places. This is precisely one of the reasons why we have now created a new position of cyber attaché for the Indo-Pacific. However, it is not just about bilateral cooperation, from the point of view of the Czech Republic, that within the framework of the EU and NATO is also important.
Cyber security as a man’s world?
According to Jarošová, in the Czech Republic, in general, the area of national security is an environment where mainly men move. However, the situation is changing and, for example, at her home office (NÚKIB) a number of female colleagues work in leading positions. Regardless of the fact that several Czechs work in the field of cyber security, for example in the EU, NATO or the UN.
“Their support from both women and men is important. Greater diversity can help us all, and not only the gender one, but also the generational one,” explained the Czech cyber attaché in the USA, adding that the work culture in the USA is diametrically different from that in the Czech Republic, which is evidenced by the fact that many of her counterparts there are women across the ocean.
In a world where she herself has encountered prejudice because of being a woman, she says helping younger colleagues is essential. It is for this reason that she and her colleagues founded the Czech branch of the Women4Cyber initiative, the aim of which is to raise the visibility of women who are already active in the field of cyber security, to motivate women who are not yet involved in this field, and to connect Czech professionals with foreign ones.
As for the next steps, I think that, in addition to the already mentioned investments, from the state’s point of view, it is a secure infrastructure that NÚKIB is working on with other institutions, cooperation with private technology companies, which in my view remains one of the biggest challenges, and the use of various tools when response to cyber incidents.
When there was a major cyber incident in the past, who was behind it was revealed and that kind of ended it. But now, for example, in the USA, we are watching the whole process, where the Ministry of Justice indicts specific perpetrators, the Ministry of Finance imposes sanctions, and the intelligence services, which have the appropriate powers, disrupt the activities and infrastructure of the attackers. We also have these tools in Europe, which we must be able to use.
Tags: Czech Republic attractive target adversaries warns cyber diplomat
-
