Saturday, October 19, 2013

Are America’s Cyber Defenses On the Brink?

By Jim McFarlin

Cyberspace is a harsh and cruel world, a digital realm rife with unpleasant axioms.

One axiom is that attacks on the United States have increased in sophistication, intent, and frequency over the past several years. And it isn’t just hackivists who delight in defacing and defaming anymore – serious players are joining the fray.

The most recent interlopers include the cyber militias – mercenaries for hire around the globe who carry out attacks of the funders’ bidding. They are difficult to defend against as these mercenaries operate without predictable motives or methods.

A second axiom is that American institutions (private, government, military or otherwise) are widely ineffective in deploying cyber defenses. There are a host of excuses for this incapability, ranging from valid to self-inflicted.

These axioms point toward America’s declining security against cyberattacks. There are a few explanations, but few of these offer any meaningful hope.

Is there a way forward?

Let’s start by addressing a much-raised question: As the world’s leading technology superpower, why can’t the U.S. defend itself?

A recent study by cybersecurity firm CounterTack reported that 84% of surveyed executives feel their organizations are vulnerable to persistent cyberattacks. Major reasons given were disparate systems that do not talk to one another and an inability to gather attack intelligence in real-time to enable response.

Not good news. Worse yet: technology is but one piece of the puzzle. With perfect technology, America would still be vulnerable to cyberattack.

But why?

Human Element Trumps Cyber Technology
Looking at technology alone ignores human factors, as addressed in my June 19 post. Today’s large organizations have thousands of user endpoints in their computer networks. It takes just one individual to violate the organization’s cybersecurity guidelines for the gates to open to intruders.

TCB Also Trumps Cyber Technology
Business goes where management leads, as discussed in “Will 2013 Be the Year Cybersecurity Crashes the Party in the Boardroom?” So far, management has given Taking Care of Business – more profits, more market share, higher market value – its undivided attention. In addition, sharing information with competitors regarding cyberthreats in the name of protecting common interests, while improving, is still too rare.

Are there too many variables in this cyber-centric puzzle to ensure security?

Perhaps not.

A Way Forward
Several parts of the puzzle are already in motion. First, the corporate landscape may be changing as enterprise-level attacks inflict more damage more often. Many companies will find themselves vulnerable to customer loss, unpredictable stock price gyrations, and federal lawsuits for inadequate cybersecurity controls.

This could lead to a shift in motivation. When organizations begin to promote their cyber defense capabilities as a competitive strength, we will know we have turned the corner.

A second piece of the puzzle is the increasing prowess of the National Security Agency to prevent attacks before they happen. Some of these methods have been recently revealed via the Edward Snowden leaks. The stronger such capabilities become, the fewer attacks we will see.

Until American cyber defenses become more sophisticated, with (1) the ability to instantly adapt to differing types of attacks, and (2) increased automation to limit human-imposed risks, our salvation clearly lies in attack prevention.

The only piece of this puzzle that seems to be delivering prevention is the intelligence-gathering and analysis capabilities of the NSA. We must stop the sniping and let this agency do its work.

Perhaps then we will begin to see some positive axioms emerge in our increasingly threatening cyberworld.

(Featured image: Jan Jacobsen/Wikimedia Commons)

No comments:

Post a Comment