Memo To US Startups: China Wants Your IP (and There Are Ways To Stop Them)
EXPERT INTERVIEW — The race between China and the U.S. for tech supremacy gets fiercer by the day. In the latest salvo, the U.S. this […] More
The cyber landscape is drastically changing and the threats of today will pale in comparison to those our nation will face tomorrow. With the development of the internet of things (IOT) and faster connectivity through the advancement of 5G, cyber attacks will increase in volume and severity as we see an expansion in the vulnerability surface area and complexity of cyberspace. To position the country for this new reality, the exchange of information among U.S. stakeholders needs to mature so organizations can quickly and accurately respond to cyber threats and prevent isolated attacks from becoming a pandemic.
Communication among stakeholders is now critical because the U.S. has not operated in a conflict environment where the activities of citizens, the private sector and nation states are so intertwined. As we saw through the unprecedented collaboration between federal, state and local government with the private sector to secure the 2018 elections, communication and coordination across organizations yields tangible results. Despite these pockets of communication, largely facilitated through the Department of Homeland Security (DHS), for the majority of stakeholder organizations, the risks associated with attribution weigh heavier on the minds of leaders than the implications of massive cyber vulnerabilities. With mobile carriers expecting to implement 5G by 2020, time is running out for this imbalance in priorities to continue.
Although forecasted IOT technical developments do provide more prescriptions in the cyber defender’s medicine cabinet, with every benefit comes a new vulnerability that can only be nullified by human interactions outside of cyberspace. These remedies and their side effects include:
For every technological advancement created with good intentions, there is a bad actor waiting in the wings to repurpose the capability. Even if an organization is prepared and develops a cyber playbook, there is the risk that the organization could fall victim to data exfiltration and those playbooks could be used against them. Communication can be the antidote to these unintended side effects of progress. While it may be impossible to protect one organization from becoming patient zero, sharing threat indicators and intelligence can help to isolate the attack and prevent the damage from spreading throughout the U.S. economy.
We recently witnessed the power of communication in preventing cross-sector contamination in 2018, when Russian hackers targeted and gained access to control the U.S. power grid. Initial indicators revealed hackers were primarily focused on the energy sector, but understanding the cyber adversary and patterns, sharing information across sectors allowed other industries to become wary of potential infiltration. As a result, that intrusion campaign also targeted, but failed to compromise, nuclear, commercial facilities, water, aviation, critical manufacturing and transportation industries, largely because of the inter-sector communication.
Towards the end of the WCR’s December roundtable event on boundary security, attendees and speakers shared the idea that today boundary security is nearly impossible because borders no longer exist in cyberspace. While borders are easy to secure through defense-in-depth strategies the challenges lie in protecting all actors along the supply chain. Neither the private nor public sector can only be concerned with protecting their own boundaries, but must consider how their networks interact with other environments and what controls are in place further down the supply chain.
In the increasingly globalized environment this means organizations not only need to worry about their own expanded networks, but those of the organizations they interact with by a third and fourth degree. According to the National Intelligence Assessment, many VPN services are owned by corporations outside the U.S.—meaning data could pass through providers’ servers unencrypted and be vulnerable.
Collectively embracing the idea that companies and sectors no longer exist in siloed architectures will be a major step forward in facilitating an environment where intersecting strategies can emerge that transform this weakness into a strength. The first step organizations can take is to join in the current dialogue within the community through DHS’ Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs).
As the volume and variety of conversations increase among stakeholders, we will see a natural maturation in the cyber topics discussed. These conversations will establish trust between actors and ultimately, nurture a strong communication network that enables U.S. organizations to coordinate in a crisis and quarantine the threat. While there may not be a cure for every future cyber attack, together U.S. stakeholders can use communication to begin strengthening our immune system and identifying treatments for when we need to heal.
Related Articles
EXPERT INTERVIEW — The race between China and the U.S. for tech supremacy gets fiercer by the day. In the latest salvo, the U.S. this […] More
EXPERT INTERVIEW — The U.S. starts the new year with a daunting set of challenges in the national security space – from global conflicts to terrorism […] More
EXPERT INTERVIEW — The U.S. Treasury Department closed 2024 with the announcement that state-sponsored hackers from China had breached its systems in a “major incident.” The hackers […] More
SPECIAL REPORT — In 2025, technological advances will continue to reshape industries, transform national security strategies, and fuel global competition. Artificial Intelligence (AI) will expand its […] More
EXPERT VIEW — 2024 has brought multiple reminders of the threats – real and potential – posed by the People’s Republic of China (PRC). Over the […] More
EXPERT INTERVIEW — Of the many potential threats posed by artificial intelligence (AI), few are more alarming than the possibility that AI would be used to […] More
Search