On this episode, AMU alumnus Dr. Robert Brzenchek – an author, U.S. Navy veteran, and cybersecurity expert – discusses what the U.S. must do to protect itself from another devastating attack. According to Dr. Brzenchek, our next 9/11 situation will see our whole way of life and infrastructure damaged by a major cyberattack.
Listen to the Episode:
Read the Transcript:
Glynn Cosker: Hello, and welcome to the podcast. I’m Glynn Cosker, your host. And joining me today is Dr. Robert Brzenchek, a veteran of the United States Navy and a cybersecurity expert. Over the years, Dr. Brzenchek has worked with multiple federal and international organizations using the latest cybersecurity tools and information sharing techniques to detect various threats to our national security, particularly from foreign actors.
His book, “Transnational Organized Crime and Gangs: Intervention, Prevention, and Suppression of Cybersecurity” focuses on the mindset of today’s transnational organized crime groups. The book includes several first-person accounts, and also offers readers a ton of expert advice on cyberattack prevention and other related topics. So having said all that, how are you today, Dr. Brzenchek?
Dr. Robert Brzenchek: I’m great. And thanks for having me, Glynn. I appreciate the opportunity. Look forward to talking to you and the listeners.
Glynn Cosker: Great. Sounds good. Thank you. So how about we start with you giving our listeners a brief synopsis of your career to date, what you’ve done in the past and what you do today?
Dr. Robert Brzenchek: Well, I’ve been blessed to have a career in both public and private sectors that intersect in its goals and missions. And that’s one of the reasons why we’re talking today. I was one of the first folks that, with Michael Penders, help lead the charge from ISO 27000 from your side of the pond in England, which is a 156 different benchmarks of cybersecurity, threat analysis and vulnerability assessment that one completes. So based upon that and having a career with the Washington, D.C. Police and Navy Intelligence Specialist in the defense contractor work, I have an inside look, so to speak, within cybersecurity that provides a different, unique perspective that I offer within my toolkit that I call my book, Transnational Organized Crime and Gangs: Intervention, Prevention, and Suppression of Cybersecurity.
I’ve been able to parlay that career within the defense contractor sector, but not only that, I currently teach now at Penn State University within their cybersecurity program. So not only am I able to offer that experience that I’ve been exposed to within the Washington, D.C. area, I also now parlay that and have my Ph.D., educational or pracademic experience, so to speak, within the classroom and help the next generation tort the threats. And we’re going to talk later in the podcast about this, but the threats that they’re going to face to help defend the United States.
Glynn Cosker: What got you into cybersecurity? I know that you were in the Navy. How long were you in the Navy? When did you serve?
Dr. Robert Brzenchek: I actually signed up immediately after 9/11, immediately after that, that was a call to action in 2001 for me to sign up with the United States Navy as an intelligent specialist. And to answer your question, I was in the Navy for four years. I served honorably and I am blessed to have had that experience because it offered me a unique perspective on standby to standby, and you never know what’s going to happen and adapt and overcome, because throughout my entire career, I’ve been thrown into a barrel and been able to adapt and overcome, and handle most situations.
Glynn Cosker: I think that’s true of any branch of the armed forces, of course. You guys are always ready to take on any kind of situation that might occur. And we were talking earlier, or you were talking earlier, about the classes that you’re teaching now, and I’m sure they’re focused on cybersecurity and the risks. So what do you see right now, if you were to give our listeners a top three, what are the top three security risks facing the nation today?
Dr. Robert Brzenchek: Yeah, unfortunately we see it in the news every day and that is the whole premise of what I’m thinking our next 9/11 will be, is a cyberattack. I’ll break it down into these three. One being social engineering, phishing attacks, etc., taking folks’ identity. We saw in the 2016 election where folks from Russia and other nation state actors were able to control through Facebook our election and how that was dictated. So social engineering being one. Two being ransomware. We see that with a number of different malware that’s designed to encrypt files and basically take over a device, or a computer and make them inoperable, rendering the users basically useless. So in essence, they are taking over your computer. And they’re saying, “If you give us a million dollars-plus,” or whatever the amount might be, “you’ll get use back of your critical infrastructure, your computer.” DDS attacks, DDoS attacks. That’s a Distributed Denial of Service. Basically, traffic is disrupted through targeted servers.
I want to expand upon those three and say that third-party software we’re seeing JLog. That’s a huge issue. A number of different public and private sector entities are now going to be fined. This is a precedent that has never taken place where public and private sector entities are actually going to be fined if they do not update their systems to tort the JLog, and JLog is essentially getting into your operating system and taking it over. So for example, Microsoft. That is a huge issue here in America. And then also cloud computing. A lot of people utilize Google Chromebooks and other things that are network-based or cloud-based. As we expand these different things that we utilize in our lives that are technological, they’re a blessing and a curse.
And so the top three, again, are social engineering, ransomware, and DDoS attacks. But I offer third-party software and cloud computing also in that bunch. The expanding cyberattack surface, remote work, internet of things, and supply chain are huge issues right now. We’re looking at supply chain issues throughout America. And as we rely on technologies such as computers, folks who ever take these critical infrastructure entities render us useless. And so it is dumbfounding the amount of issues that a nation-state actor or others that can deploy upon our critical infrastructure, as our workers are more remote. We have over half, half of our workers in the United States are doing remote work. We hear a number of different issues with supply chain. This is our fourth industrial revolution. Half of our labor force works from home. 200 zettabytes stored on the cloud, private and other infrastructure and other digital transformation platforms occur daily. So this is a huge issue.
So with our internet and supply chain vulnerabilities, the goal of actors, we saw it in SolarWinds and years ago in the OPM. I was caught up in that. My information and others’ was basically hacked by the Chinese. The office of personnel management and the director of OPM did nothing for three years, so think about that. National Security directors, the director of CIA, FBI, others, that information was allocated by a nation state, the Chinese. We saw the Pipeline. The Pipeline was basically hacked by Russian gangs. And if you know anything about the intelligence world, you know that nothing comes out of Russia without Putin’s blessing. This is definitely, definitely an act war on the sovereignty of the United States, and a clear and present danger of the United States. So you look at things that are shaping up and as our environment grows on the online platform, we are more and more vulnerable to nation-state actors, hackers, and others to take over our systems.
Ransomware is a cyber weapon. It is more and more sophisticated. As we talk, there’s phishing exploits by the dozens. The estimated cost, according to Forbes in 2020, just from ransomware attacks alone, was $20 billion with a B, with a capital B. There’s attacks on our critical infrastructure. This is kind of our new normal, unfortunately.
Glynn Cosker: It is. It’s fascinating to listen to everything you’ve just said, also terrifying. What is the worst-case scenario? When you put it into terms of our national security, our infrastructure, our electrical grid system, what do you see if all of the dominoes fell and a worst-case scenario occurred for a cyber attack? What do you see happening in the United States? What would it be like?
Dr. Robert Brzenchek: Well, let’s first caveat that by saying the three sectors that are most vulnerable as we speak. Energy, healthcare, and the transportation sectors. Global threat actors include terrorist, criminals, organized crime, hackers, adversarial nation states, such as Russia, China, and Iran. We need to understand that foundation first. Energy, in my opinion, is particularly vulnerable. The Industrial Control Systems, ICS, or Incident Command Structure in FEMA, there is a number of different vulnerabilities. We saw in Florida, in the state of Florida, where there’s a number of different hacks that have occurred, some by nation states, although they disavow that, they do not take credit for that. We do know in the intelligence community that a number of these different critical infrastructure hacks have occurred sponsored by nation states. I am between Florida and Pennsylvania as we speak. And I could tell you, when I was living in South Florida, we actually had a juvenile, I think it was 16 or 17, that was sponsored by a nation state to take down the Miami-Dade Public School System with a hack.
So think about that. As we are in this state of COVID and everything is going online, what better way as a terrorist or a nation state to disrupt and dismantle our everyday way of life than our education? So it starts with that. Energy, think about that. I did some defense contract work with FEMA, and through that experience, I was able to allocate some information. And that is essentially in seven days, seven days, if there is no running water, no sewage, etc., there is absolute chaos in the streets. So for a nation state, if you are able to take down the energy sector, which is particularly vulnerable, we actually had an incident recently here in the state of Pennsylvania, where there was a drone, this is the first utilization of a drone that was able to take down a power plant sector within the United States, in the state of Pennsylvania with a drone. Essentially, the drone had two prongs on it and it basically interceded with the disruption of the electric and it blew up the transformer. This is the first known attack on an energy sector, utilizing a UAV, such as that.
So I say the energy is particularly vulnerable, and then it goes down from there. There’s different mitigation strategies. You need to utilize security by design, but moving forward, a nation state to answer your question, if a cyber 9/11 attack occurred, and that’s what I’m positing. Our next, unfortunately, 9/11, I predict, and I’m hoping it does not occur, but I predict will be a cyberattack. It’ll be by nation states, nation states combined with Russia, China, and Iran. With their efforts, their resources, their manpower, I predict, unfortunately, our next 9/11 will be this and we wouldn’t be able to stop it. And unfortunately, in my opinion, we’re not prepared. We have the National Incident Management System, NIMS, so to speak. Again, I have some experience with FEMA. It’s an all-hazards approach by FEMA, even that, combined with our National Response Framework, NRF, this is the way the nation responds to emergencies. Unfortunately, we are not prepared as a nation for a cyberattack from Russia, China, and Iran.
And I envision, and I hope again, that this does not occur, but there’s been a number of different tabletop exercises, a number of different discussions that I’ve been involved in, in both in the DMV, the metropolitan D.C. area, New York City, and Philadelphia and beyond, that we are predicting an EMP. And EMP is an electromagnetic pulse, and that will render the United States’ communications, water, transportation, and key infrastructure useless.
Glynn Cosker: And we’ve actually covered EMPs on this podcast in the past. They’re terrifying. An EMP, and correct me if I’m wrong, Dr., if a hostile actor was to detonate a nuclear device at a certain altitude, it creates an EMP, an electromagnetic pulse that could wipe out the national grid. Like you said, the electrical grid, the water, the satellite interruptions, GPS, everything today is done via the internet. It would all go and it could create an apocalyptic situation. Am I correct?
Dr. Robert Brzenchek: A hundred percent. And that’s what I’m positing. And I’m hoping that it does not occur. I definitely would hope that we would be more prepared than this. We’re starting to focus our efforts on cybersecurity. We have something initiated with the Department of Homeland Security. We have a number of different fusion center. We have intelligence collection centers. We are doing what we need to do. However, unfortunately, in my opinion, we’re coming to the dance late and you always need to go to the dance or leave with the person that you came to the dance with. And unfortunately, we have not done that as a nation. We are now playing catch up to China, Russia, and Iran, who have focused all their efforts, because they understand an asymmetrical warfare apparatus attack on the United States is not going to happen. It’s not going to be very beneficial to them. So what do they need to do? Cybersecurity. So in my envision of cybersecurity and the next 9/11, these folks have basically collaborated because they hate us. And with that, this is an apocalyptic event in my opinion and others within the sectors. Unprecedented leaps and bounds.
So yes, we do have things in mothballs. Having been in the Navy, I could tell you. We have throughout the entire country, we have mothballed cruisers, ships in the Navy, in the Air Force, we have planes in the Boneyard in Arizona. We have things that are redundant. In terms of the EMP, if something goes down, we could go back to World War II technology and utilize this apparatus to defend ourselves. However, you are relying on weaponry from almost 80 years ago. So let’s not put ourselves in that situation. Let’s put more focus on our cybersecurity apparatus. In my opinion, what I’ve seen and others, I’ve actually talked to somebody in the Air Force, who’s in the cybersecurity command. They said, “If we were attacked today, we would absolutely be taken over by China or Russia.” And that is scary. That is absolutely scary.
Glynn Cosker: Today, I’m talking to Dr. Robert Brzenchek and we’ve delved into some quite honestly terrifying cybersecurity issues, but let’s continue the conversation. So on 9/11, which we’ve talked about and compared what might happen cyber-wise to those attacks. On 9/11 and its immediate aftermath, there was a lot of miscommunication and a general lack of information sharing within the various law enforcement and public safety organizations. So my question to you, Dr., is if another 9/11-style attack occurred, and if it is a cyberattack, which you’re 100% sure it will be, how prepared are we for that compared to, say 20 years ago?
Dr. Robert Brzenchek: Yeah, that’s a great question. The playing field, so to speak, has changed from 20 years ago. And I could tell you having interned with the United States Secret Service and worked for the federal government as a defense contractor, there’s a lot of miscommunication. There’s a form for a form, there’s a meeting for a meeting, and we don’t necessarily focus on what we need to focus on. And when I interned with the United States Secret Service in ’96, there was basically a competition between the two, FBI and Secret Service. And it was not, how could we help the citizens? It’s, how basically we can get the closure rate higher than the other? And so, I think sometimes when people think about the United States, they think of their politicians going to D.C. and I’ve worked in our nation’s capital. They kind of forget us. And unfortunately, that’s essentially what’s been the playing field in the law enforcement sector on the federal level. It’s basically, how could we affect a better closure rate over the other agency? And it’s not necessarily as a band of brothers and band of sisters, as we would like.
Since 9/11 occurred, that changed the playing field also. And we didn’t necessarily connect the dots before 9/11. And after 9/11, we said, “Oh, we’re going to all break bread. We’re going to get together and we’re going to make sure that the United States never gets attacked again.” And I remember after 9/11, everybody was waving flags. Everybody was saying, “America’s great.” I have not seen that in the past 20 years, since 9/11. And people forget. People always say, “Never forget 9/11.” People have forgotten. And it’s very unfortunate. And within our law enforcement ranks and others, people collaborate better. There’s Joint Terrorism Task Force. The FBI went from just cops and robbers to terrorism. They focus on that now, too. There’s a lot more focus on terrorism among all the agencies. And I have to really tell you, having worked on the front lines as a police officer and as a defense contractor, as a Navy intelligence specialist, the best-laid plans of mice and men necessarily do not happen.
And I can tell you firsthand, a lot of people can put their foot forward and say that we’re going to do X, Y, and Z, but when it comes down to it, and this is what all the listeners need to understand, you need to talk with your politicians. You need to understand the policy makers that are making policies. Those are the folks that can act change. If they do not enact change, we are not going to see change that is relevant to America and protect the United States. And I say that for one simple reason, because sometimes people forget and we are not prepared. Law enforcement agencies, intelligence communities, were talking about forming the Department of Homeland Security in the early 2000s, making everything better. We’re going to protect the homeland. It really comes back to buy-in, policy, and is there funds available for people to enact this change? If you don’t have all three of those, you will never see a critical infrastructure protection plan of action that will be effective. We are really, really abandoning what is really key and quintessential, our frontline workers.
Having been a police officer, I am dismayed by the fact that communities are saying, “Defund the police.” I understand there’s been a number of different issues with politically motivated or racially biased actions. I can tell you, not everybody in the police force has those motivations or ideals. It starts with the community. You have to start with the community, building that trust within the community between the intelligence community and both the law enforcement community. Those are the folks who are going to protect you. And without that, you’re going to have people knocking at your door, such as Russia, China, and Iran coming down and trying to take down this great nation that we call the United States of America.
Glynn Cosker: I agree with you 100%. And you mentioned it starts with the community. Is that where you think the solution is, the cybersecurity solution? You mentioned DHS as well. Does the cybersecurity solution, if there is one, does it start at the state level? Should we be instructing the states to enact legislation that could protect their infrastructure from say, an EMP from a foreign actor? Or should it be a federal department, maybe a separate cabinet level, separate to Homeland Security, just a cybersecurity department, which puts all of the eggs into that one basket of cybersecurity? I mean, what are your thoughts on that?
Dr. Robert Brzenchek: It needs to start from the federal government and it needs to start with a clear and consistent message. “This is what you shall and will do in terms of X, Y, and Z, when it comes to cybersecurity.” Yes, as Americans, we have rights, but I understand the playing field that we’re up against.
And when it comes to national security, the federal government has the right and responsibility to give clear and consistent directives. It all needs to start at the top. And it needs to be a clear and concise message in how to roll out the cybersecurity measures. And it starts with the federal agencies. I was a poli-sci and criminal justice undergrad. I don’t believe in passing the buck. And that’s what we do. Every American president, in my opinion, has passed the buck. That’s not what we need to do in as Americans when it comes to cybersecurity. We need to have a clear, concise directive and a plan of action for the entire United States to follow, adopt, and model.
Glynn Cosker: I agree. Now, as I said in the intro, you’ve written a book, it’s called Transnational Organized Crime and Gangs: Intervention, Prevention and Suppression of Cybersecurity. So why don’t you tell our listeners a little something about that book and what prompted you to write it?
Dr. Robert Brzenchek: All right. So this book is a toolkit for the community, intelligence community and law enforcement community to understand really a unique perspective, because what I try to do is collaborate with folks that have the content and subject matter expertise and experience within the different sectors that I’m trying to convey. And that would be transnational, organized crime and cybersecurity. So within this book, I was able to actually sit down and interview over four or five different interviews. An actual Russian mafia member, who merged MS-13 and the Russian mafia. His dad was Russian mafia, his mom was MS-13. That’s a unique perspective. And that is a unique and clear and present danger to the United States, because both pose a clear and present danger to the United States. So I sat down with this individual and talked about how he got into the life, what he did and how he enacted his different depravity. And so within the chapter, he describes everything under the sun, and what’s absolutely unique in having been a United States Navy Intelligence Specialist myself, he was actually in the Coast Guard and he washed out, which is he didn’t complete successfully his academy in Cape May, New Jersey, four or five different instances.
So he went through the Coast Guard Academy to learn the techniques and tactics of the United States military through the lens of the United States Coast Guard, and bring that back to his homies in MS-13 and Russian mafia, and formed the two in a group in the early 2000s in Gaithersburg, Maryland. I can tell you categorically, that is a scary combination. Russian mafia and MS-13. So think about that for one moment. So he’s in my book, I also was able to interview a former army sniper, Cassandra Flanigan. She’s one of the very few army snipers, actually female snipers, in the military, and was able to provide the spirituality of gangs. And through her perspectives, she was able to analyze and dissect, so to speak, the spirituality of gangs, which is a key component and quintessential within a gang. And then also, I was able to collaborate with Jerry Hester. He’s a former FBI agent retired, who talked about his undercover work, to take down organized crime in both South Florida and Sicily.
His case actually delved into something where he was actually investigating, and he didn’t know at the time, was a CIA agent. And so, through that investigation in the Department of Defense, he was able to take down the Sicilian mafia that had organized crime efforts within South Florida that stretched to Sicily, so that is definitely a unique perspective. And then, I also had Colonel Josh Potter, who at the time was the head of the Transnational Organized Crime unit for the Department of Defense in Tampa, Florida. And he headed up that unit, he gave a very unique perspective on trans-nationalized crime through the lens of the military and how they investigated and prosecuted different entities throughout the world, through the military lens. And then finally, my mentor, Michael Penders, he recruited me in 2005 and has mentored me through 2005 to present, to do ISO 27000. And if anybody knows what ISO 27000 is, it’s basically a reverse investigation that was utilized from the Central Intelligence Agency. And I could say that because it’s not anything that I am doing that is proprietary or top secret. It’s out there.
So essentially, I was flown down to Houston, Texas and was basically trained for a week or two on ISO 27000 by a “retired” CIA agent. And I’m doing that since 2005 to present. And now I am part of the spectrum group in Alexandria, Virginia. And so, essentially I’m part of the cybersecurity team, and we do 156 different benchmarks where we collect, analyze and collate intelligence through the lens of ISO 27000. And I can essentially tell you this, because of Michael Penders and his background, he was able to ramp me up on the fly. Basically, what I was experiencing in the military, you have to adapt and overcome on the fly, as I talked about the top of the hour, he threw me into rooms and threw me into situations where I had to handle the situation and know what I was talking about with no information on how to do it. So I give all my credence and love to him because that’s how I’m able to do what I do right now, and able to adapt and overcome.
Glynn Cosker: Tell us about the Brzenchek Foundation. How did that get started and what’s its mission right now?
Dr. Robert Brzenchek: The Brzenchek Foundation is a nonprofit that I formed at Delaware. And I could tell you, this is born out of an idea that we are trying to serve underserved communities and demographics that have not necessarily received the resources, allocations of funds or other things to help them get essentially Maslow’s hierarchy of needs, which is food, clothing, shelter, and education. So the Brzenchek Foundation is about this. We are an encompassing entity where we are trying to help underserved communities, whether it be Hialeah, Belle Glade in Florida, Kensington in Philadelphia, South Side of Chicago, South LA, whatever it might be. What we are trying to do is help those folks understand there is another world outside of the world they live in, and to help and educate them and provide the resources for them, so they can stand up their demographics, their families, their communities, to self-sustain themselves. And that’s what we’re about. We do not want folks saying that the government is their enemy, that they’re not providing the resources. They’re not doing anything to help them sustain their way of life.
We want to bolster and empower those communities and demographics that have been underserved for years. And so, our goal and mission is to help folks understand this is how you do X, Y, and Z. And this is how you do A, B and C. And this is essentially you having rational choice to make the right choice and do the right thing by yourself, your family and community, and give you the tools and resources to do that. And to be a productive citizen of the United States and throughout the world.
Glynn Cosker: Well, that sounds like a great initiative to me. And I’d like to thank you for doing that and telling us a bit more about the Brzenchek Foundation. It sounds like a really great, important cause. Today, I’ve been talking to Dr. Robert Brzenchek. It’s been a fascinating, important discussion on cybersecurity. His book is Transnational Organized Crime and Gangs: Intervention, Prevention, and Suppression of Cybersecurity. And I encourage our listeners to pick up a copy. Dr. Brzenchek, it has been a pleasure speaking with you today, and I hope we can have you back soon.
Dr. Robert Brzenchek: I absolutely appreciate the opportunity and look forward to the next time.
Glynn Cosker: Thank you for tuning in today to the podcast and keep an eye out for our next one. Until then, everybody stay safe.