Armenian IT Security and Readiness During Wartime - With Ruben Muradyan (Ep #46) - 01/31/2021 [EP46]

Posted on Sunday, Jan 31, 2021 | Series: COG

Armenian IT Security and Readiness During Wartime - with Ruben Muradyan - Jan. 31, 2021

Experience being called up and participating in the war

Ethics of a security professional. What to do when a government member asks you to conduct greyhat (potentially unlawful or unethical) security?

On the 2nd day of the war Ruben was called up to the army as part of an infantry company.

  • Can you describe your experience?
  • How were you drafted? And where did you serve?
  • What specialty did you have in the army?
  • What can you tell us about what you saw?
  • Why did we lose the war?

Cyber Incidents During Artsakh War

All modern wars are accompanied by cyber-activities. Can we talk about what this looked like during the 44-day war?

Some major potential security incidents during the war:

  • Gov.am and Primeminister.am defacement
  • MFA compromise (or maybe it’s part of a larger thing)
  • Metsamor NPP compromise

Out of tens of incidents registered by security experts, only a few were publicly acknowledged by the Armenian government and the results of such incidents were not published. Incidents varied and included defacement, denial of service attacks, leaks of personal information, as well as leaks of potentially sensitive data apparently from government agencies such as the foreign ministry and national security service.

What was the potential for offensive cyber-security operations by Azerbaijan to be leveraged to achieve results directly on the battlefield? How about radio-electronic warfare itself? Is the lack of public response due to secrecy or is there a deeper issue such as being able to analyze incidents fully and understand their full impact?

Lessons Learned

Given Armeniaโ€™s need to restore military readiness especially in the areas of cyber-security, what are some key lessons for the Armenian side?

  • Institutionalized CERT that is independent from government.
  • Cyber-security divisions in all government institutions.
  • Acceptance and implementation of widely accepted NIST standards
  • Prioritize the most easy-to-implement steps first.

Guests

  • ๐‘๐ฎ๐›๐ž๐ง ๐Œ๐ฎ๐ซ๐š๐๐ฒ๐š๐ง

Your Hosts:

  • ๐€๐ฌ๐›๐ž๐ ๐๐ž๐๐ซ๐จ๐ฌ๐ฌ๐ข๐š๐ง
  • ๐‡๐จ๐ฏ๐ข๐ค ๐Œ๐š๐ง๐ฎ๐œ๐ก๐š๐ซ๐ฒ๐š๐ง

Website: https://groong.org/podcasts/CoG-20210131.html Episode 46 | Recorded on January 19, 2021

Show Notes

Show Notes

Guests

Ruben Muradyan

Ruben Muradyan

Ruben Muradyan is a Yerevan-based cybersecurity analyst. Heโ€™s an independent researcher, and a frequent speaker on cybersecurity topics on ArmSec, BarCamp.

comments powered by Disqus