Why we must adjust to the rapid pace of cyber threats
Cyber intelligence efforts must be in near real-time to mitigate daily threats to government and military networks.
Much attention has been given to sharing cyber intelligence outside the military/intelligence community and providing it to government organizations -- in general -- and critical infrastructure providers in the private sector. The U.S. Cyber Command is sharing cyber threat intelligence with critical infrastructure providers and technology companies in the private sector because it is essential if we are to defend our critical systems from acts of cyber aggression.
However, mid-September events have made me realize that many organizations in the government and the private sector are operating with an outdated mindset. A process that was put in place that would delay near real-time cyber threat intelligence by up to a month. There was no sense of urgency demonstrated or concern about the delay in the discussions surrounding this new processor. For those use to operating in the fast paced cyber domain, it appeared the activity would be moving in slow motion and one cleared information operations professional called this “incredibly stupid.”
Cybersecurity practitioners in the public and private sector experience thousands of acts of cyber aggression each and every day. Using new malware release statistics from 2011 as a basis for calculation, in the past month (the delay period) there were more than 2,166,000 new strains of malware introduced into our operational environment.
Another important consideration is the cyberattack rate. A 2010 article reported that cyberattacks against Congress and other government agencies average 1.8 billion incidents a month. Now, consider that according to international intelligence executives, most cyberattacks fly under our radar and few have a real-time view of the current cyber threat situation.
Cyber intelligence and metrics (monthly cyberattacks and new strains of malware), cyber intelligence briefings, cybersecurity training and efforts to reduce these cyber threats must be near real-time to mitigate this growing risk. We are not talking about the battleground of the future – cyberattacks are the reality of today. We must change our mental models and adapt to the rapid pace in which this threat environment forces us to operate and provide near real-time cyber intelligence and training.