Stepping back from the day-to-day enterprise view on cyber security we normally discuss in this column, I want to focus on the more macro impact of cyber security from a global perspective. While they teach you in law school to never ask a question that you don’t already have the definitive answer for, I’m going to go against this logic and pose the question of whether or not cyber has been the global equalizer to my fellow security experts. While I have my own opinions, I believe this is an important topic that warrants greater discussion within the industry.
What first got me thinking about this subject is the recent tension with Syria and all of the factors that the United States and its allies need to consider when committing resources abroad. And the more I thought about it, the more questions I had. How much do cyber threats influence policy, and should they? Do the cyber capabilities of foreign governments offset some of the military advantages we enjoy? Does our increasingly more modern and technology-based infrastructure and defense systems make us more vulnerable? In short, has the dependence on a networked world closed the gap of international capabilities and power?
We know the government has been hyper-focused on the issue of cyber for the past several years. From the attempts to legislate a national policy on cyber to the further investment in cyber capabilities, this is, and will remain a top priority. Here is a passage taken directly from the Whitehouse website titled The Comprehensive National Cybersecurity Initiative:
President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Shortly after taking office, the President therefore ordered a thorough review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America’s digital infrastructure.
The Executive Branch was also directed to work closely with all key players in U.S. cybersecurity, including state and local governments and the private sector, to ensure an organized and unified response to future cyber incidents; strengthen public/private partnerships to find technology solutions that ensure U.S. security and prosperity; invest in the cutting-edge research and development necessary for the innovation and discovery to meet the digital challenges of our time; and begin a campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms and begin to build the digital workforce of the 21st century.
Although the U.S government has taken steps to improve cyber capabilities, we are not alone. Sophisticated and well-funded attacks from nation states have always been and will continue to be the most serious threat. While the daily attacks on enterprises are dangerous and can prove extremely costly in terms of property and reputation, a targeted attack from a nation state adversary has the capability to be catastrophic. I truly believe that no other nation can match the capabilities of the United States military, but at the same time, matching the level of resources and investment in cyber being made by nation states such as China could prove impossible.
We have all seen how Hollywood tends to embellish cyber capabilities. In movies such as Independence Day, we see how a computer virus proves more powerful than a nuclear arsenal. Also, the rogue computer genius with the ability to take down the government seems to be increasingly popular plot these days. But despite the sensationalism, the threat of cyber-attacks and devastation of key infrastructure is very real.
So, is that threat real or legitimate enough to influence or change how we conduct affairs around the world? To suggest that cyber threats have become a primary driver of policy would be overstating the issue; however, to imply that cyber is not an integral part of planning would also be naïve. We have already seen high-profile examples of global cyber policy in action through such well-known attacks such as Stuxnet and Flame.
In my opinion, mirroring the innovations that have influenced and shifted the balance of power in warfare throughout the years, innovations such as the modern navy, jet aircraft, radar and missile systems. Cyber capabilities are a viable threat that need to be addressed and carefully considered during planning. How well we respond to and keep pace with an increasingly sophisticated adversary will go a long way in defining the issue of cyber and its influence on policy.
I’ve had my say; I’d be extremely interested in hearing the perspectives of my peers in the industry.