Connect with us

Hi, what are you looking for?



Creative Disruption and Complacency Vie to Shape US Cyber Defenses

Creative disruption, where a paradigm shift in thinking replaces an existing order, may be an elusive concept but its power as a driving force of human behavior cannot be denied.

Creative disruption, where a paradigm shift in thinking replaces an existing order, may be an elusive concept but its power as a driving force of human behavior cannot be denied.

In Silicon Valley and other U.S. high-tech hubs, the race to obsolete the old and make room for the next ‘new big thing’ is a near-messianic rallying cry that fuels innovation, aggressive business practices and occasionally, even massive fortunes.

Category disrupters Amazon and Apple come easily to mind. Offering massive inventories coupled with powerful order processing and logistics systems, Amazon has radically disrupted the worldwide book publishing, marketing and distribution industries.

Cybersecurity Information Sharing Act 12-3

The release of Apple’s game-changing iPhone created a new computing category that overnight rewrote the mobile digital experience. Today, smartphones and innovative new apps proliferate, disrupting existing business models of professional recruiting, mapmaking, taxi dispatch, and many others.

Creative disruption knows few limits. Militarily, the paradigm-changing decision to deploy the intercontinental ballistic missile in the 1970’s disrupted and then replaced the country’s nuclear-armed B-52 bomber force as well as the Strategic Air Command. The ICBM decision firmly established the balance of power between the U.S. and Russia in the Cold War and ultimately ensured the future of the Free World.

New Threats Mean New Defensive Paradigms

Global terrorism and in particular the diversity, number and sophistication of cyber threats facing America today represent changing paradigms. Existing U.S. Cold War-era national defenses, although still playing a role in defense, are out of place and ill-suited to the digitally-driven destructive capabilities of cyberwarfare technology. Cyberattacks require no aircraft or missile delivery mechanisms, merely computer networks and vulnerable websites, both of which are in plentiful supply.

Advertisement. Scroll to continue reading.

Triumphing over such evolving threats involves new strategies. In a Financial Times column addressing the need for disruptive innovation, columnist John Kay offered the comment from Henry Ford that had he [Ford] consulted his customers about their transportation desires they would have asked for a faster horse.

The message from Henry Ford’s observation is as clear today as it is relevant: securing America’s national security in the digital era cannot be achieved through focus on building a faster ICBM or upgrading early warning capabilities. In today’s world it is disrupt or be disrupted.

Battlefield of the Future

The authors of the recently updated 9/11 Report state it this way: “A growing chorus of senior national security officials describes the cyber domain as the battlefield of the future.”  No wonder then that U.S. intelligence agencies have designated cyberterrorism as the number one threat to America’s national security.

Private, commercial and national defense websites are breached regularly and by attacks of increasing sophistication. Legislation to upgrade the cybersecurity practices of power generation facilities has thrice been introduced in Congress and thrice defeated. Bills to harden our power grid against electromagnetic pulse (EMP) attack languish in the House of Representatives, seemingly lacking a sense of urgency.

Lack of electrical power can be more than catastrophic, it is fatal. A recent Wall Street Journal article on the risks of extended power outage resulting from an EMP attack quoted a Congressional Commission study which concluded that “after twelve months of power outage, ninety percent of the U.S. population would be dead from starvation, disease, and societal disruption.”

The U.S. Cyber Command is responsible for defending Department of Defense systems and the Department of Homeland Security is responsible for defending civilian government agencies in any cyberattack. But that leaves a massive “cyber gap” in protecting business networks, including financial systems and the electric grid.

A salient question is how many compelling reasons need to exist to inject a sense of urgency into the debates on protecting America’s security and critical national infrastructure?  In such discussions, one can hope that a realistic view of today’s global threat environment will result in disruptive thinking dominating the discourse, rather than that of incrementalism. 

For disruptive thinking to triumph, however, a powerful counterforce identified by the authors of the updated 9/11 Report must first be dealt with: complacency.  Lack of imagination or weakness of will only deters the resolve necessary for a national cybersecurity strategy.

It is human nature for Americans to want to feel secure.  Such a feeling has a particular ease of acceptance since the country has not been the target of a major attack since 9/11.  But if complacency is allowed to flourish, someday soon there will be a price to pay for the luxury of enjoying this denial.

How much risk is America willing to take with our way of life to justify continuing the feel-good aura that accompanies the sense of perceived safety?

It took a decade and a half following the invention of the atomic bomb to develop the rules for its use, or more importantly, non-use. In cyberspace, where there are no rules, we face a similar challenge. What we do not have is the decade and a half.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.