After Twenty Years of Cyber – Still Unchartered Territory Ahead

The general notion is that much of the core understanding of cyber is in place. I would like to challenge that perception. There are still vast territories of the cyber domain that need to be researched, structured and understood. I would like to use Winston Churchill’s words: “it is not the beginning of the end; it is maybe the end of the beginning.” In my opinion, the cyber journey is still in a very early stage. The cyber field has yet to mature, and the big building blocks for the future cyber environment are not yet in place. The Internet and networks that support it have increased dramatically over the last decade. Even if the growth of cyber might be stunning, the actual advances are not as impressive. In the last 20 years cyber defense and cyber as a research discipline has grown from almost nothing to a major global enterprise and the recipient of considerable resources. In the winter of 1996-1997, there were four references to cyber defense in the search engine of that day (AltaVista). Today, there are about 1.3 million references in Google. Cyber knowledge has not developed at the same rapid rate as the interest of, concern and resources for cyber. The cyber realm is still struggling with elemental challenges such as attribution. Traditional topics in political science and international relations such as deterrence, sovereignty, borders, the threshold for war and norms in cyberspace are still under and discussion. From a military standpoint, there is still a debate about what cyber deterrence would look like, what the actual terrain and maneuverability are like in cyberspace,...

In Cyber, Time is of the Essence

Cyber is becoming increasing driven by automated process while humans are still operating at human speed. In my view, one of the major weaknesses in larger-scale cyber defense planning is the perception there is time to lead a cyber defense during attack. It is likely that a major attack is automated and premeditated. If it is automated, the systems will execute the attacks at computational speed. In that case no political or military leadership would be able to lead an effective defense for one simple reason – it has already happened before they react. A premeditated attack is planned maybe years in advance, and if automated, the execution of a massive number of exploits will be limited to minutes. Therefore, future cyber defense would rely on components of artificial intelligence that can assess, act, and mitigate at computational speed. Naturally, this is a development that does not happen overnight. In an environment where the actual digital interchange occur at computational speed, the only thing the government can do is to prepare, give guidelines, set rules of engagement, disseminate knowledge to ensure a cyber resilient society, and let the coders prepare the systems to survive in a degraded environment. Another important factor is how these cyber defense measures can be reversed engineered and how visible they are in a pre-conflict probing wave of cyber-attacks. If the preset cyber defense measures can be “measured up” early in a probing phase of a cyber conflict it is likely  the defense measures can through reverse engineering become force multipliers for the future attacks – instead of bulwarks against the attacks. So we enter...

Cybercrime and State-sponsored Cyber Operations

Adversarial countries’ cybercrime and state sponsored cyber operations could easily be the same coin – just different views. The reason is very simple. Cyber criminals are specialists in luring people to disclose their secrets and open doors to user accounts to allow the perpetrator to use the access for their purposes. If a country adversarial to the US house cyber-criminal activity that targets the US -meanwhile the country itself pursued innovative ways to gather intelligence about the US it is likely that someone sees an opportunity. Most countries adversarial to the US, if not all, are flavors of totalitarian regimes. Rules, laws, and international agreements are all arbitrary as long it fits the ruling elite. Totalitarian states tend to see the state interest as the overruling interest. It is more logical for a totalitarian state to use cyber-criminal activity as a tool to acquire knowledge about social-engineering methods and use the aggregated knowledge from the criminal syndicates instead of suppressing their activity by law enforcement. As long as the cybercrime activity is not targeting the adversarial country’s own population, it is likely accepted as a “business endeavor” as long as they support the state with information. We tend to assume that other countries follow our code of ethics, legal reasoning, and separation of legal and illegal activity, but not every state complies with these standards. The usage of cybercriminal aggregated information gives not only knowledge about US account holders, but is also a major knowledge transfer from the criminal sector to the agencies that operate state-sponsored cyber operations. From totalitarian state perspective it makes sense – as long as...