Putting the cyber threat domain into context

Things are rapidly changing in the cyber threat domain.

Things are rapidly changing in the cyber threat domain. Those who are concerned about cyber conflict FUD (fear, uncertainty and doubt) are either having their voices drowned out or have softened their objections and criticisms. Originally, many critics claimed that cyber threats were being used as a marketing campaign to drive sales of security products or as a political strategy to produce new laws or increased military funding. As cyber threats have rapidly evolved over the past two decades, individuals, organizations, governments and many other groups have publically acknowledged being attacked and disclosed the damage that resulted. Now, reports of cyberattacks and system breaches are all too common in the print media, on the web and on TV. Acknowledgement of the problem even made it into President Obama’s State of the Union address.

Cyberattacks and their economic impact are being felt in businesses of all sizes. We have begun to see the private sector conduct their own international investigations, which have led to the conclusion that militaries of foreign governments are likely responsible for many of these attacks. We have also seen the private sector retaliate with their own cyber fire after their computer systems were attacked by foreign servers.

It doesn’t matter if it is a criminal act, a terrorist act or an act of aggression from a rogue nation-state, current cyberattacks lead many to believe that this is the biggest threat to nations around the world. Although new and innovative ways to counter this growing threat are being developed, the complexity, frequency and impact of attacks have all increased and will continue to grow as new tools and techniques for conducting cyber attacks evolve at a pace much faster than our cyber defenses. This has many in government, institutions of higher learning and think tanks worldwide searching for answers.

There have even been claims of a global cyber arms race. Analysts forecast that the U.S. federal cyber security sector will grow at a compound annual growth rate of 6.2 percent during the next five years. More and more we are seeing the threats that are all too abundant in the cyber domain compared with those of the Cold War. Back to 2008 there were reports of a cyber Manhattan Project.

Without question, this comparison has some value. However, a Manhattan Project-type cyber program should not be the only tool used in determining our threat posture, intelligence demand, and defensive and offensive cyber capabilities. Given the ineffectiveness of Cold War military/arms monitoring techniques, the extremely low price of cyber weapons, and the ease with which cyber weapons can be distributed worldwide, this is a much more difficult problem to address.

Up until now the approach to cyber threat reduction has mainly been defensive. But it still takes days or weeks to respond to new threats when the threat demands a near-real-time response. The United States is the most innovative nation in the world. In fact, we are much better than what we have shown thus far in combating cyber threats. The U.S. needs the best, brightest and most creative minds in our country to come together and address this complex challenge.

The staring contest between China, Russia and the U.S. cannot go on much longer – someone has to blink. If not, then a cyber war between these superpowers is inevitable. While having discussions after speaking at an event for intelligence professionals one attendee told me, “Anyone who claims they can accurately predict the outcome is not only wrong, they are foolish, as this is a far-too-complex domain with so many unknowns that a prediction is not possible.” It is difficult to imagine having all the intelligence that would be necessary to be that sure of the outcome.

Privacy, funding, technological and political issues have combined to create a challenge for our leaders that is unprecedented. We have some hard choices to make that will directly impact our national security and the security of the systems that run our businesses and economy. Let’s all hope we make the right choices.