The use of the term “cyber war” has seen an increase in use as of late. This is primarily due to all the media coverage given to recently discovered and disclosed acts of cyber espionage against the United States and others.
It would be very difficult for those who are not security cleared and actively involved in the classified cyber threat intelligence side to really wrap their arms around some of the critical characteristics of this threat and how it continues to grow virtually unchecked. What has become all too evident is that we should not, and, more importantly, cannot address this threat way in which we are going about it. That is not just my opinion I checked with other cleared individuals working in this area and they expressed similar opinions.
For example, look at the Cyber Intelligence Sharing and Protection Act (CISPA). What most people, even those who work in cyber security, do not realize is that CISPA was first introduced back on November 30, 2011. Just consider all the reported cyber attacks since that time. Since then we have had more than 27 million new strains of malware, some with unseen-before vulnerabilities and others with new non-technical methods of attacks. Now consider all the new or updated technology that is out there that could be used as a tool in prosecuting a cyber war.
What is all too evident is that the pace with which this threat is evolving demands a different approach. Near-real-time cyber threat intelligence is what is needed. Waiting 18 months or more to get that ability to share cyber threat data is not even close to where we need to be in this environment. Our mental models must be updated and include the condensed timeframes necessary in the cyber domain.
Posted on Mar 21, 2013 at 12:55 PM0 comments
The entry of companies into the cyber conflict market seems to have accelerated. Multiple factors have created this draw. In a big picture standpoint, this is welcome news for the economy and the businesses that are successful in this domain.
The first factor that explains the big attraction is the overall need. Multiple military and government officials have warned of the growing threat of cyberattack, as well as the national security implications of cyber espionage. Add to that the substantial distributed denial of service attacks that befell the financial services sector in fall 2012 and the continuous bombardment of breach reports, and you can see the reason for the attraction. U.S.-based companies are stepping up to the challenge of defending the nation’s critical infrastructure and general technology assets.
The second significant factor is market size. Recent estimates suggest the dollars to be spent on this problem set is growing. Sector analysts have released their market forecast reports that project in 2013 this global market will be about $17 billion, and other suggest a 12 percent compound annual growth rate for the next few years. In the sluggish economy these figures are attractive.
Nevertheless, there are some negative consequences of this growing market. Companies are force-fitting their products, knowledge and services into this market segment. Given all that is at stake, this is concerning. A recent research project required an analysis of available offerings. After a number of phone calls, e-mails and product literature review of a specific product set, I walked away amazed at the vendors lack of understanding of the problem space. One was not even aware of publicly reported and confirmed events that have a great influence on their products and services.
There is little doubt that we have seen better times when it comes to business. Contributing to these challenges is the recent sequestration enactment. It is a risk and there are so many unknowns that have government contractors uneasy. However, the force-fitting of products and services into this environment is dangerous given what is at stake. I guess the age old saying let the buyer beware applies here.
Posted on Mar 14, 2013 at 12:55 PM0 comments
Much attention has been written about private-sector businesses, our military and our government working together to improve our national cybersecurity. Not everyone agrees and there has been push back on this topic due to privacy concerns. There is an online campaign to stop the proposed legislation for the second time. I was involved in multiple conversations about this subject matter after I spoke at a recent gathering of intelligence professionals. What became very evident is that each side needs to better understand the issues the others, as well as the unique challenges that each entity faces.
One comment suggested that it's no big deal for a business to disclose a breach anymore. From a business perspective it is. Legal issues, compliance issues, the potential drop in the business’s stock price, as well as working with organizations (government and military) with which the business is not familiar, combine to complicate the development of a tightly coupled relationship. One organization was approached by a government entity and asked for sensitive information it deemed necessary to further their work. The business was concerned about the privacy implications of turning that data over without a subpoena. Perhaps the biggest challenge is that most general businesses do not have staff with security clearances, and that impedes government and military organizations sharing threat and investigation data with them.
We all recognize the need for better collaboration to help mitigate the risks of cyberattack. Cyber intelligence is critical if the United States is going to address this issue, but it does little good if that intelligence does not get to those that need it. One giant step forward would be to understand and respect the perspective of the other parties and work together on a mutually agreeable solution quickly. That is easier said than done.
Posted on Mar 07, 2013 at 12:55 PM0 comments
With all the recent attention to the continuously growing threats in the cyber domain, discussions about cyber doctrine have increased substantially. That should be no surprise given the fluid nature of this national security threat.
While preparing for a cyber intelligence briefing, I ran across a most interesting document on the State Department's website. The document was the remarks of Harold Hongju Koh, who is identified as a legal advisor to State Department at the U.S. Cyber Command Inter-Agency Legal Conference held at Fort Meade in September 18, 2012. The document is broken down into three sections and answers 10 commonly asked questions about cyber conflict many within the context of international law and war. In addition, the document lists three unresolved questions with some insight into the issues provided.
This is a must read. What is unclear is if this reflects the policies of the State Department or just the opinion of a legal advisor. However, either way this begins to address the true complexities of cyber operations. In a conversation about this document, one individual said, “This is beginning to look like the operational domain of our drone program.” I immediately got the drift on that comment, and it is concerning. A public account of how we operate drones included a description of a three-person team: pilot, weapons officer and lawyer, with the lawyer giving the okay to fire. Is this where we are at or are headed in cyber conflict?
Posted on Feb 28, 2013 at 12:55 PM0 comments