Wednesday, June 19, 2013

Politics, Human Factors and Legal Issues Thwart Deployment of U.S. Cyber Defenses

Cyberattacks are increasing in sophistication. Cyber threat information is scarce, and qualified cybersecurity specialists are hard to come by. There are legal risks to cyber counterstrikes, but meanwhile companies like Wyndham are being targeted for not doing enough to protect customer data.

And all the while, skittish shareholders are getting worried.

What’s an organization attempting to prevent cyberattacks to do?

Counterstrike strategies against attacks (or “hacking back”) was one of the primary themes of Jeffrey Carr’s excellent just-completed Suits & Spooks conference in La Jolla.

First, the positive:
  • Defensive tools to battle cyber disruptions, intellectual property theft and cyberattacks against business operations are increasing in both scope and strength of capabilities.
  • One speaker gave the U.S. a two-year window of relative safety before the attacks progress to the point of being truly dangerous (incidentally, the same time frame contained in my report, “Seven Trends Driving the Future of Cyberwarfare,” available free here in the sidebar). 
And now, the disturbing news:
  • The issues of dealing with cyber threats lie primarily with the human aspect. One presenter at Suits & Spooks felt the issues in managing cyberthreats are “90% human and only 10% technical.” This becomes more critical as technical talent becomes harder to find. Computerworld recently reported that the demand for people with cybersecurity skills is growing 3.5 times faster than for other IT-related jobs. And, as we found out with ex-NSA contractor Edward Snowden, cybersecurity specialists can be unpredictable in their actions.
  • Organizations hacking back, even to gain back their stolen data, risk an escalation of return cyberattacks, raising the risks for future damage.
  • Many organizations, particularly in the private sector, do not share cyberthreat information or defense strategies. Some of these are competitors; others act from hubris. And few sounded likely to trust government agencies with their information (especially considering Wyndham’s legal fight with the SEC).
On top of all of this, the recently leaked Presidential Directive 20, which defines the means for preemptive cyberattacks, has placed the entire topic of hacking back in play. Such a Directive complicates the cyber defense and hacking back issue for all, starting at the international political level vis-à-vis U.S./China relations.

If I were to select one word to describe the developing world of cyber threats we face, it would be that both internal and external forces are snowballing, picking up speed and destructive power with each day.

Challenging times ahead in cyberspace? You bet. We had better seriously start getting our house in order before that two-year safety period runs out on us.

Note: these comments are my conclusions alone and do not represent the opinions of presenters or attendees at the Suits & Spooks event.

("Fallen Leader" image: podpad/

No comments:

Post a Comment