Editors Note: Recently, Blue Coat Systems announced the acquisition of Solera Networks. This acquisition brings a great deal of talent and expertise to our Blue Coat team, including Brian Contos, chief security officer at forensics firm Solera Networks. In this piece, Brian discusses the disruptiveness of cyberwarfare.
Want to learn more? Brian will be a feature presenter at our Federal User Conference in July.
History has taught us how technology can shift advantage. Steel gave the Romans advantage over the iron weapons possessed by Greeks. Infantries armed with muskets gave the Ottoman Empire advantage over forces dependent on longbows, swords and armor. In the 20th century, Germany rose to military strength with emphasis on armored warfare: tanks.
The Germans didn’t invent the tank. The British and French had fielded more tanks during WW II. But it was the Germans who understood the advantage that the mastery of armored warfare would provide and were highly successful in a number of tank battles.
Today, information warfare, also called cyberwarfare, while still in its infancy, is equally disruptive.
Cyberattacks can include stealing valuable corporate research, intercepting military communications and the destruction of computer systems. These attacks can be used to augment traditional, kinetic attacks – those using troops and guns, or to destroy physical assets such as power generation facilities or systems used to control emergency services.
Cyberattacks present a great risk to industrialized nations, which are highly connected and extremely dependent on computers from the electric grid and financial services to transportation and national defense. Developing nations, such as emerging and frontier countries throughout parts of Latin America, Europe, Africa and Asia are less dependent on computers. As a result, they have a lower cyber risk profile.
Many developing nations see cyber as an equalizer – a mechanism to shift advantage in the face of superior technology and numbers. As a result, these countries are making investments to develop talent, techniques and technology related to information warfare. For example, it’s difficult to get empirical evidence about North Korea, but it has been sited that in North Korea approximately 500 “cyber warriors” graduate every year.
Many developing nations are also emphasizing STEM – science, technology, engineering and math – and offering scholarships and job placement for students pursuing these studies. Government and quasi-government organizations are being formed to focus on this new warfare domain rather than traditional military might. With this expanding global attack surface, new strategies related to policy and deterrence are needed.
Information warfare is an attractive domain for developing nations because unlike land, sea, air and space, it’s asynchronous. The amount of resources and effort that a country must employ to launch a cyber attack is significantly lower than fielding tanks, launching satellites, developing a clandestine agency or refining uranium. The barriers to entry are so low that nation-states no longer have a monopoly on war and minor actors such as organized crime groups, hacktivists and terrorist can also engage independently or at the behest of nation-states.
Deterrence is difficult with cyber warfare. Unlike nuclear missiles, there is no mutually assured destruction as in the Cold War. Denying a country access to nuclear material and/or establishing punishments is possible but this concept does not work in the cyber domain. What is possible is the establishment of international partnerships fostering coordinated, rapid threat detection and response.
We must build our security strategies with the understanding that despite having strong or weak security, given the proper resources, time and motivation, compromise is virtually imminent. Public and private sector organizations have been focused too long on incident prevention without adequate controls for incident detection and response.