Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cybersecurity Concerns Seize Center Stage in Davos

If there were any lingering doubts that cybersecurity is a geopolitical issue with global implications, such opinions were cast on the rocks by discussions this past week at the 2015 World Economic Forum in Davos, Switzerland.

If there were any lingering doubts that cybersecurity is a geopolitical issue with global implications, such opinions were cast on the rocks by discussions this past week at the 2015 World Economic Forum in Davos, Switzerland.

Coincidentally – perhaps – amid the palpable unease over cybersecurity concerns coursing through formal discussions and in the hallways, two alternative views of U.S. cybersecurity strategies were receiving notice.  One was hopeful; the other doubtful.  Both geopolitical.

First the doubtful.

On January 17th, the German publication Spiegel Online strove to further capitalize on the eighteen-month old Edward Snowden security leaks to once again raise and extend the public critique of U.S. National Security Agency practices.  The viewpoint expressed characterized U.S. cyber security operations as policies seeking control of the Internet and aimed at aimed “undermining the very foundations of the rule of law around the globe.” 

The article dusted off prior examples of the National Security Agency’s offensive measures such as Tailored Access Operations and Fourth Party Collection and others, positioning them as threatening to transform the Internet into a lawless zone in which the superpowers of the world operate according to their own whims with little accountability.

Such views seemingly choose to ignore that the Internet is already a lawless zone without formal international rules and standards of conduct in which cyber crime, cyber espionage and offensive state vs. state cyber operations abound. 

Thus defense is mandatory.  Cyberspace encourages aggressive behavior by providing the advantage to the assailant, necessitating those under attack to undertake extensive efforts to control damage and recover.  The U.S. is a prime example.  In 2014, U.S. corporate, government and military organizations succumbed to unprecedented levels of damaging, expensive and in particularly in the case of Sony Pictures, destructive and embarrassing breaches of their information networks.

The Spiegel argument sidesteps the reality that, given the serious and threatening realities of today’s cyber environment, those under attack must take the measures necessary to protect themselves.  Without aggressive cyber intelligence and proactive cyber defense measures, protection is nigh-impossible, forcing the U.S. and its Western allies to live in a world centered around mitigation and catch-up.

Advertisement. Scroll to continue reading.

Alternatively, a contemporary view of U.S. cybersecurity posture reflective of today’s increasingly threatening global environment was expressed by Clint Hinote, a Military Fellow at the Council on Foreign Relations in a January Foreign Affairs article, “How to Stop the Next Hack.”

Hinote acknowledges that “establishing an impenetrable defense is practically impossible.”  He further acknowledges retaliation in cyberspace is filled with attribution issues and escalation dangers.  The focus for defense, he believes, should thus be on deterrence consisting of deliberate steps which cause the opponent to “choose action, or inaction” favorable to the initiator.

Effective deterrence, he argues, minimizes emphasis response in cyberspace and instead focuses on a combination of virtual, physical, political and economic measures.  “Moving from the virtual to the physical world allows the United States to shift competition from the cyber domain, where it suffers from a competitive disadvantage (because it has much more to defend), to the physical domain, where it enjoys considerable advantages.”

“It may only require one or two demonstrations of this seriousness,” he adds, “to establish deterrence.”

Hinote’s sense of urgency for the need of more effective cyber defense capabilities and policies resonated with similar sentiments echoing through the halls in Davos.

According to Fortune, cybersecurity fears held the prospect of stopping companies from making important investments in technology.  CISCO Systems CEO John Chambers, as head of a corporation which depends on security-driven technology spending, emphasized that “security was bad last year” and unfortunately “this  year is going to get worse.”  “You can never win,” said Robert Smith, chief executive of Vista Equity Partners, a private equity firm.  “It’s a constant battle to just to stay even.”

Other executives expressed concerns that they were expecting the volume of attacks to increase dramatically in the coming year while defenses remained largely ineffective.  Mr. Smith added that “The security breaches we had in the last 12 months are going to pale in comparison to these we’re going to have in the next 12 months.”

“However security gets done, it needs to get done” was a common sentiment of executives when referring to cyber security measures to protect their organizations and national economies.  The stakes are simply too high not to.

Whether it be through strategies of deterrence espoused by Clint Hinote or by increased preemptive measures to prevent or disrupt attacks, effective intelligence methods by the NSA and other nations’ intelligence agencies are an essential ingredient for success.  Corporate and national interests thus are fused geopolitically as one as the battle over security in cyberspace races on.

Beyond concern over economic and reputational cyber-induced risks lay executives’ concerns of vulnerability of facilities such as power supplies and communications networks.

A popular figure in Davos, cybersecurity guru and Kaspersky Labs head Eugene Kaspersky, a man who knows his way around global cyber threats, confirmed such fears, stating what most attendees perhaps didn’t want to hear: “The main threat scaring me is attacks on critical infrastructure.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.