The cyber landscape is drastically changing and the threats of today will pale in comparison to those our nation will face tomorrow. With the development of the internet of things (IOT) and faster connectivity through the advancement of 5G, cyber attacks will increase in volume and severity as we see an expansion in the vulnerability surface area and complexity of cyberspace. To position the country for this new reality, the exchange of information among U.S. stakeholders needs to mature so organizations can quickly and accurately respond to cyber threats and prevent isolated attacks from becoming a pandemic.
Communication among stakeholders is now critical because the U.S. has not operated in a conflict environment where the activities of citizens, the private sector and nation states are so intertwined. As we saw through the unprecedented collaboration between federal, state and local government with the private sector to secure the 2018 elections, communication and coordination across organizations yields tangible results. Despite these pockets of communication, largely facilitated through the Department of Homeland Security (DHS), for the majority of stakeholder organizations, the risks associated with attribution weigh heavier on the minds of leaders than the implications of massive cyber vulnerabilities. With mobile carriers expecting to implement 5G by 2020, time is running out for this imbalance in priorities to continue.
Although forecasted IOT technical developments do provide more prescriptions in the cyber defender’s medicine cabinet, with every benefit comes a new vulnerability that can only be nullified by human interactions outside of cyberspace. These remedies and their side effects include:
- Through more conveniently connected products come additional hack-able wireless internet connections and satellites that circle the Earth collecting the data.
- With the promise of better implementing defenses through artificial intelligence, machine learning and other rapidly developing technologies are tools for adversaries to launch more stealthy attacks.
- As cyber defenders use predictive analytics to anticipate attacks then cyber adversaries will use the same tools to predict exploitable vulnerabilities.
For every technological advancement created with good intentions, there is a bad actor waiting in the wings to repurpose the capability. Even if an organization is prepared and develops a cyber playbook, there is the risk that the organization could fall victim to data exfiltration and those playbooks could be used against them. Communication can be the antidote to these unintended side effects of progress. While it may be impossible to protect one organization from becoming patient zero, sharing threat indicators and intelligence can help to isolate the attack and prevent the damage from spreading throughout the U.S. economy.
We recently witnessed the power of communication in preventing cross-sector contamination in 2018, when Russian hackers targeted and gained access to control the U.S. power grid. Initial indicators revealed hackers were primarily focused on the energy sector, but understanding the cyber adversary and patterns, sharing information across sectors allowed other industries to become wary of potential infiltration. As a result, that intrusion campaign also targeted, but failed to compromise, nuclear, commercial facilities, water, aviation, critical manufacturing and transportation industries, largely because of the inter-sector communication.
Towards the end of the WCR’s December roundtable event on boundary security, attendees and speakers shared the idea that today boundary security is nearly impossible because borders no longer exist in cyberspace. While borders are easy to secure through defense-in-depth strategies the challenges lie in protecting all actors along the supply chain. Neither the private nor public sector can only be concerned with protecting their own boundaries, but must consider how their networks interact with other environments and what controls are in place further down the supply chain.
In the increasingly globalized environment this means organizations not only need to worry about their own expanded networks, but those of the organizations they interact with by a third and fourth degree. According to the National Intelligence Assessment, many VPN services are owned by corporations outside the U.S.—meaning data could pass through providers’ servers unencrypted and be vulnerable.
Collectively embracing the idea that companies and sectors no longer exist in siloed architectures will be a major step forward in facilitating an environment where intersecting strategies can emerge that transform this weakness into a strength. The first step organizations can take is to join in the current dialogue within the community through DHS’ Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs).
As the volume and variety of conversations increase among stakeholders, we will see a natural maturation in the cyber topics discussed. These conversations will establish trust between actors and ultimately, nurture a strong communication network that enables U.S. organizations to coordinate in a crisis and quarantine the threat. While there may not be a cure for every future cyber attack, together U.S. stakeholders can use communication to begin strengthening our immune system and identifying treatments for when we need to heal.