In a broad-ranging series of panels and keynotes, international leaders pledged everything from greater international cooperation to being nicer to each other in the office to improve global cyber posture at the 2022 Munich Cyber Security Conference.
The conference, which took place digitally Thursday, featured talks and panel appearances from the U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly, U.S. Deputy Attorney General Lisa Monaco, E.U. Commission Vice President Margaritis Schinas, (U.K.) National Cyber Security Centre CEO Lindy Cameron, Interpol Secretary General Jürgen Stock, and others.
Schinas opened the hearing pledging the commission's willingness to collaborate on workplace and training initiatives, promising to return to the 2023 hearing with details of whether or not the commission succeeded in its efforts.
"We need to take cyber out of its tech silo and put it in the core of our security. Cyber is not an issue of industry. It's an issue of society," he said.
During her keynote, Easterly said that central to efforts to improve cybersecurity would be improving workplace "culture" within CISA and beyond. Doing so, she said, meant creating an inclusive environment for cyber professionals to join and creating greater accountability and understanding of security for employees in general. Easterly added that inclusivity efforts needed to go deeper than racial and gender equity to emerging domains like neurodiversity.
The U.K.'s Cameron backed Easterly's plea for personal investment in security.
"There's a real opportunity this year to take cybersecurity out of a technical conversation and into a political and strategic conversation that says, 'Actually, this is something for everybody, but it's not something to be scared of,'" she said.
But the conference quickly moved from the workplace to the global.
Several delegates mentioned the potential for spillover from the emerging crisis in Ukraine. Monaco expressed skepticism Russia would continue its recent push to prosecute cybercrime after years of harboring cybercriminals during a conflict provoking an American response, noting that the timing of Russia's enforcement actions were suspiciously aligned with its escalating war effort.
Others, including CISA Chief of Staff Kiersten Todt and President of the German Federal Office for Information Security (BSI) Arne Schönbohm, worried that the cyberattacks initially posed against Ukraine might overflow into the rest of the world — as happened in the NotPetya case.
"We see that some conflicts outside of Europe, let's say, let's put it that way, can move towards Europe and other actors by accident," said Schönbohm.
Monaco made a flurry of announcements for the Department of Justice, including a new cryptocurrency initiative at the FBI, the first director of the cryptocurrency prosecutor unit at DoJ, and an international liaison for cybercrime (for more on that, see our separate coverage of the announcements).
Meanwhile, Interpol's Stock called for codifying greater global cooperation in cybercrime investigations, noting the cross-jurisdictional problems with investigating and prosecuting crimes outside the scope of existing mutual legal assistance treaties.
"Law enforcement can only act if there is appropriate legislation. And here again, the situation varies vastly from country to country. The pace at which the cybercriminal landscape is evolving can make it even more difficult for legislation to keep up," he said.
He noted recent efforts at the U.N. to establish global norms, and said that would be a good venue to add legal cooperation.
"Just as the crime is borderless, so we must be prepared and so must be our response," he said.
