Yugo Neumorni is currently the CyberSecurity Council Chairman of the European CIO Association and is also currently the President of the CIO Council in Romania. Having held multiple executive positions at top companies like the Romania chapter of ISACA, Vimetco Management, and Hidroelectrica SA, his wealth of experience makes for an invaluable resource when discussing how cyber threats are evolving in today’s landscape.
As a speaker at #CS4CA Europe, Europe’s premier platform for the discussion of cyber security and ICS threats, Yugo kindly gave up some of his time to answer some of our questions for a fascinating insight into his predictions for the future, his daily routine and the best & worse cyber security advice he’s ever heard.
Q: How do you explain your job title to someone outside the cyber security industry?
A: I am a CIO for more than two decades so my role is to transform the business from analog to digital. I am the guy who knows your business more than your C-level and who will help you to increase the shareholders’ value migrating your business into the digital world, guiding and protecting your business from the cyber traps.
Q: What are some of the key recent shifts in the cyber threat landscape that you’ve been seeing, and what do you think they mean for cyber security?
A: Since 2007, after the Estonian cyber-attack, we are living in a Cyber Cold War but the society does not seem to perceive that. Businesses become ransomware objectives for the cyber criminals while critical infrastructures became military targets for the state actors. Unfortunately, humanity is more preoccupied to jump quickly into the digital adventures with free apps, having less interest in its own privacy or the cyber risks. GDPR, NIS, Cybersecurity Act and other regulatory measures are encouraging but not enough to fight against cyber terrorism. We need a complete mind shift of the society to understand that the Internet is now a battlefield for cyber-terrorism.
After the Ukraine power grid attack in 2015, we all realize that critical infrastructures become targets for military. You can create more damage poisoning the water supply or shutting down the power grid for a big urban area in a coordinated cyber-attack, than launching some conventional missiles. While rockets could be easily identified and even destroyed, cyber-attacks could remain untraceable. Liberal democratic societies cannot accept this kind of scenario but autocratic leaders can and will use such cyber-weapons.
The U.S. Government recently announced a surprising move to secure power grids by using “retro” technologies. Meaning isolating the power grid from the Internet and using “analog devices” to control it. This is the best security measure ever taken in the last decades. Going back to analog. We either recognize that we failed to protect our critical assets in front of cyber-terrorism or that the digitization is moving too fast.
Q: Is cybercrime evolving quicker than security?
A: Stuxnet or other cyber weapons were developed in state actors’ laboratories. The Ukraine power grid attack was coordinated by government agencies and it purpose was a geopolitical message. Zero-days vulnerabilities are traded for five or six zeros on the black market where the buyers could be state actors or cyber-criminals. Bad guys are in front of us and the gap is constantly increasing until we will realize that this IT environment should be carefully regulated. But who has the interest?
Q: What do the next 5 years hold for your industry?
A: All over the world power grids are switching from conventional energy to accommodate renewable energy. The top down approach power grids model where the generation is based on large coal and nuclear facilities, and the energy flow is distributed unidirectional from generation to consumer, will be changed. The new power grid model includes millions of unpredictable power generation sources from the prosumers and renewable energy, and the energy flow will become bi-directional and it will carry on a lot of real-time data. The role of the distributors (DSOs) and the transport (TSOs) will be changed, with DSOs becoming owners of digital personal data. Energy storage technology will become commodities and this will facilitate the increase of Microgrids and Active Distribution Networks. So the power grids are in process of changing from analog systems to pure digital ones that will be run only by artificial intelligence systems.
The transformation of power grids to be based on renewable energy sources is probably one of the most challenging tasks in history of humankind. The artificial intelligence, machine learning, blockchain and other technology will help us to build a safer and secure renewable energy based power grid. However, some cyber accidents on critical infrastructures will definitely occur in between.
Q: What is the best or worst security advice you’ve ever heard?
A: I was advised to cover all the laptop cameras many years ago before Mark Zuckerberg did. Since then I understood that everything could be hacked. The worst advice was to buy a Google Nest thermostat or the newest fridge and the air-condition connected to the Internet. I don’t want my fridge to order my favorite lunch but in the next ten years this will be the standard. Someday we all will realize that we carry on our assistants and guardians in our cellphones.
Q: What’s your favorite way to stay informed about cyber security?
A: Periodic meetings with peers, security companies and authorities are very useful. I also receive daily alerts from various security companies and various other sources including the Cybersecurity and Infrastructure Security Agency (CISA). They are so useful but very depressive. The number of vulnerabilities and security bugs discovered daily suggest that we are still on the pioneer digital age, where regulation is still weak. If a company sells a car with a problem on the steering system, they will suffer financial consequences. If a company sells a hardware or software product with cyber vulnerabilities, then we call it a bug that should be patched and the responsibility belongs to the buyer. This is not normal. We will not progress in this way.
Q: What gets you up in the morning?
A: I am in a five o’clock club since many years so my internal clock is waking me up at 5AM. I have at least 90 minutes for myself, for sport or meditation and to prepare my day. I can align my body, mind and spirit in the morning and I can be prepared for the whole day.
#
Yugo is a speaker at CS4CA Europe, the annual Cyber Security for Critical Assets summit dedicated to safeguarding Europe’s critical assets from cyber threats. This year’s summit takes place in London on the 1st-2nd October 2019. To book and for more information, visit the website here.
