Are we at war?
“Those who fail to learn from history are doomed to repeat it”…
George Santayana, The Life of Reason -- the Phases of Human Progress, 1905
Although the causes of World War I and II have been and remain subject to debate, it is unquestioned that they spanned political, territorial and economic factors. Competing ideologies positioned polarized nations on a course where conflict was arguably unavoidable. The desire by one or more nations – or their allies – to expand territorial boundaries (and diminish those of their adversary), was in some cases to address a perceived imbalance of power. And then there is always “the money”. For nations which lack certain indigenous natural resources, often the most direct and expeditious route to fill that gap are to take those resources from those who often cannot or will not defend themselves.
Is today’s cyber battle space any different? On every front, you need only look as far as the daily news to see these factors in place – and escalating, quickly.
Politically, Iran and North Korea are at odds with most, if not all, of Western civilization. In late 2014, North Korea targeted Sony in a well-publicized attack to avoid the release of a movie critical of North Korea leadership. While North Korea denied the attack, U.S. intelligence officials and the president knew otherwise. Similarly, Iran’s growing capabilities have greatly improved and are now viewed as a significant threat to America’s computer network and critical infrastructure. Whether it’s a response to the attacks which spun down the nuclear centrifuges at Natanz, or simply another bargaining chip in the ongoing negotiation over economic sanctions, it is irrelevant if you are the company being hacked.
Bold leadership has been and will continue to be critical to success or failure in this battle
In July, House Committee on Small Business Chairman Steve Chabot referenced a Verizon cyber threat report that described the increasing cyber threat to businesses who employ less than 100 people. That report found that 70 percent of all companies who were attacked fit that category, and were targeted because of the work they did for critical government programs. Much as a common burglar avoids breaking into houses with alarm systems, there is no need to attack the mega-defense firms who are better-funded and positioned to withstand those attacks if you can take their suppliers offline.
Economically, the direct effects of cyberattacks are quantifiable and staggering. But what if you could raise your economic position within the world simply by lowering the currency valuation of your greatest adversary? Rather than attack the top 10 companies, or the top 70 percent of small businesses, what if you took down the foundation of their government, democratic elections? No, I’m not talking about the attacks attributed to Russia on the Democratic National Party, and voter registration databases in at least two states, but reports last week by FireEye that a China-based group attacked two Hong Kong government agencies in August, in the precursor to their parliamentary elections. The tension between Beijing and Hong Kong, among social, economic and political boundaries has reached new levels.
Are we at war? Are these the pre-conditions to war? If so, then to be forewarned is to be forearmed. What steps should we take?
Smarten Up: In 2016, we face a deficit of approximately 650K computer scientists. In a cyber battle, that’s thousands of potential cyber warriors. Our adversaries are certainly investing heavily in STEM training; we must match or exceed their efforts to win the war.
Listen Up: We must increase awareness that cybersecurity is not simply a technical issue allocated to the CIO team, but a core business imperative. Attacks can come from anywhere, to include actions central to our core business (email, collaboration, cloud-based services). This means that everyone must be vigilant, much like the “see something, say something” mantra that we live in, in a post 9/11 world.
Stand Up: Prior to World War I, not understanding the enemy’s intention created a situation where war was inevitable. This gap was only exacerbated by the lengthy diplomatic process that is in many respects, a parallel to the staid corporate business processes we rely on today. Leadership is required. Timely leadership is required even more. Bold leadership has been and will continue to be critical to success or failure in this battle.
Churchill’s quote after the Stresa Conference in 1935 eerily parallels the situation we find ourselves in today. “When the situation was manageable it was neglected, and now that it is thoroughly out of hand we apply too late the remedies which then might have effected a cure. There is nothing new in the story. It is as old as the sibylline books. It falls into that long, dismal catalogue of the fruitlessness of experience and the confirmed unteachability of mankind. Want of foresight, unwillingness to act when action would be simple and effective, lack of clear thinking, confusion of counsel until the emergency comes, until self-preservation strikes its jarring gong–these are the features which constitute the endless repetition of history.”
Let it not be said of us that we didn’t have the foresight or willingness to act in the face of a clear and present danger.