Pace of cyber attack demands faster reactions
Our mental models must be updated and include the condensed timeframes necessary in the cyber domain.
The use of the term “cyber war” has seen an increase in use as of late. This is primarily due to all the media coverage given to recently discovered and disclosed acts of cyber espionage against the United States and others.
It would be very difficult for those who are not security cleared and actively involved in the classified cyber threat intelligence side to really wrap their arms around some of the critical characteristics of this threat and how it continues to grow virtually unchecked. What has become all too evident is that we should not, and, more importantly, cannot address this threat way in which we are going about it. That is not just my opinion I checked with other cleared individuals working in this area and they expressed similar opinions.
For example, look at the Cyber Intelligence Sharing and Protection Act (CISPA). What most people, even those who work in cyber security, do not realize is that CISPA was first introduced back on November 30, 2011. Just consider all the reported cyber attacks since that time. Since then we have had more than 27 million new strains of malware, some with unseen-before vulnerabilities and others with new non-technical methods of attacks. Now consider all the new or updated technology that is out there that could be used as a tool in prosecuting a cyber war.
What is all too evident is that the pace with which this threat is evolving demands a different approach. Near-real-time cyber threat intelligence is what is needed. Waiting 18 months or more to get that ability to share cyber threat data is not even close to where we need to be in this environment. Our mental models must be updated and include the condensed timeframes necessary in the cyber domain.