The use of data has been the biggest source of growth in companies and has become the biggest source of risk. When our data is compromised and held hostage, how do we get that data back? Are the negotiations similar to a “typical” hostage negotiation After 33 years with the Canadian Federal Police in the area of kidnaps and extortions, Cal Chrustie retired from the police force and transitioned to InterVentis global. He now works with a group of negotiators from around the world to provide education, consulting, and coaching on cyber terror incidents. In this episode of Negotiations Ninja, Cal shares what the cyber-terrorism negotiation process looks like. Don’t miss it!
Outline of This Episode
- [1:43] Cal’s background in negotiation
- [3:49] Cyber-terrorism negotiation and hostage negotiation
- [7:50] The nature of risk in these negotiations
- [11:30] Where Cal is seeing increases in cyber attacks
- [15:24] The rise of intelligent and educated criminals
- [25:20] Do attackers focus on one industry?
- [26:29] Planning and preparing for a cyber negotiation
- [33:36] How to connect with Cal Chrustie
Similarities between cyber terrorism negotiation and hostage negotiation
Cal points out that the main commonality—and something super important—is that both are a crime. Cyber terrorism is a crime in action just as much as a kidnapping is. Secondly, the opponent is a criminal and therefore has a different set of values and belief systems. They have different cultural perspectives, ethics, and morals that they apply to the negotiation process.
Another similarity is used in the negotiation process. With kidnappings, you look for proof of life. In the cyber world, you look for proof of capacity and willingness to decrypt. You assess the risk of engaging and or conceding something in the negotiation process. You must question the risk of future attacks. The negotiations in either case are with a criminal actor.
It’s also about negotiating with people on your team (c-suite, technical people). Those communications are equally challenging, complex, and critical in terms of a successful outcome within cyber extortion and ransomware cases.
Cyber negotiation carries continued risk
In most cases, once you’ve negotiated and hostages have been returned, the risk is removed, because they’re safe. But with Cyber negotiation, there’s still the risk of the criminal actor copying the data and coming back for more. You can’t trust criminals, so you have to prepare that they’ll come back for round two.
Cal points out another complexity: You see people in the cyber-security world measure risk based on the fact that the other party is honorable. Secondly, they go to the dark web to see if the information has been sold during the negotiation process. If you’re looking at criminal networks in the process, this may be a good way to gauge whether or not they’ve returned all data.
But Cal points out that “state actors” or “criminal proxy actors” are far more diabolical. There have been a couple of cases where health agencies were hit with cyber-attacks. They’re told nothing is on the dark web or in the intelligence banks and they’re believed “safe.” But a state actor will take that information and leverage the information for their own intelligence purposes. They’ll use it to extort other individuals or groups outside of the initial company they’re extorting.
The original negotiation was a platform or simply a place that housed the data they were really going after.
Where Cal is seeing increases in cyber attacks
The reporting from intelligence agencies identifies China, Russia, Iran, and North Korea as those most likely to engage in cyber-terrorism. Others say the West is engaging in attacks as well. Examples like the Sony attack by North Korea have been well-publicized. But state-sponsored attacks are growing. Cal notes that there is an increased focus on healthcare research and the sensitivity of data. He anticipates that geopolitically that there will be more insider threats from nation-states based on how the world is currently evolving.
Are we dealing with highly intelligent criminals associated with cartels and sovereign nations? Cal answers this question in-depth and also takes a deep dive into planning and preparing for a cyber-terrorism negotiation. Listen to the episode to learn more!
Resources & People Mentioned
Connect with Cal Chrustie
Connect With Mark
- Follow Negotiations Ninja on Twitter: @NegotiationPod
- Connect with Mark on LinkedIn
- Follow Negotiations Ninja on LinkedIn
- Connect on Instagram: @NegotiationPod
- negotiations.ninja