The Cybersecurity Wake Up Call and the Snooze Button

AdamElkus December 9, 2011

While Alex has dealt rather masterfully with the consequences of the trumped-up Russian SCADA hacking incident, I’d like to point to a different aspect of it: the cybersecurity “wake up call.” The Springfield incident was immediately called a “wake up call” for cybersecurity practitioners. Of course, we now know that it was not a cyber attack. But suppose , for the sake of argument, that it really was the work of nefarious Russians. That would be a real cause for concern, wouldn’t it?

As Bob Gourley tweeted, we’re now in our 4th decade of “cyber wake up calls.” The only thing more played-out in the cybersecurity field is the phrase “digital pearl harbor.” So why does the phrase continue to predominate? Some of our panelists at the FedCyber Government-Industry conference talked about problems with the private sector’s lack of attention and budgetary emphasis on security and lack of recognition from policymakers of the evolved nature of the threat. While these are worthy explanations, perhaps something else is at play: the cyber snooze button that we perpetually hit whenever we are “woken up.”

Cybersecurity obviously is a huge concern to policymakers and analysts. The private sector is also taking note. But the problem, as Bob has said in the past, is that on a day-to-day basis security is simply not a priority. It is seen as a technical matter rather than policy issue that demands the attention of CIOs, and is based on a reactive model rooted in point defense of all access points rather than defense in depth, does not tackle enterprise management as a whole, and is rooted in the fallacious assumption that the PC as the only point of vulnerability within an organization. Moreover, as Martin Libicki points out in his book Conquest in Cyberspace, there is no such thing as forced entry in cyberspace. The vast majority of successful attacks are the result of simple weaknesses that were not proactively addressed.

To be more simple, the cyber snooze button is continuously hit because many simply do not want to wake up to the reality that cybersecurity is no longer an exotic subfield limited to a small cadre of technical experts. It is a basic element of living in a hyperconnected world that will only grow more so as more and more elements of our lives become networked. Trusting your toaster will be the least of your concerns. But for whatever reason, we cannot accept this reality and make prudent–if sometimes painful–adjustments.

Rather, cyber is cast in terms of an exotic and unstoppable threat akin to megaterrorism or nuclear warfare. The problem with this is that it tends to encourage outlandish and unworkable solutions, lead to scares akin to the one that Alex has analyzed, and casts cyber as a strategic matter to be dealt with by politicians rather than an problem with multiple dimensions. There is the nation-state based cyber threat, certainly, but many firm and agencies deal day to day with opportunistic criminals–not Stuxnet or a crack team of elite PLA infowarriors.

Until we can learn to see cyber in less dramatic terms, we will continue to have multiple wake up calls, and a few scares like the Illinois water pump incident. Unfortunately, some organizations and individuals will have hit the snooze button one too many times, and will face threats—although certainly less severe than Vladimir Putin’s colleagues wiping out critical infrastructure–with the potential for serious fiscal, personal, or public relations damage.

About AdamElkus

Adam Elkus is a PhD student in Computational Social Science at George Mason University. He writes on national security, technology, and strategy at oodaloop.com for OODA, War on the Rocks, and his own blog Rethinking Security. His work has been published in The Atlantic, Journal of Military Operations Foreign Policy, West Point Counterterrorism Center Sentinel, and other publications.

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

Give Your Career A Boost By Learning From Experienced Decision Makers

Our video and audio podcast, the OODAcast, provides content that can help accelerate your career and improve your decision making. The series is based on interviews of some of the greatest most accomplished enterprise technologists we can find. We ask questions designed to pull out lessons applicable to accelerating the career of any professional. We […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Please help spread the word: USNI and NIP Essay Contest: This year’s challenge area a key one for the nation

Please help share the content at this link to any thinker/writer you know: 2020 Information Warfare Essay Contest This contest is open to all contributors, active-duty, military, reservists, veterans, and civilians. Generally the winners have had a solid understanding of the nature of modern conflict, but really any thinkers/writers should look over the contest and […]

Centripetal wins historic $2.6-$3.2 Bil vs. Cisco Systems; largest US patent infringement award to date

Editor’s note: I am proud to say I have a history with Centripetal Networks serving on their board and then later as an advisor. It was horrible to learn that a Tech Titan like Cisco was infringing on their patents. It is good now to see when the facts were reviewed justice was done. -bg […]

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

All Enterprise Techies Should Watch HBO’s SciFi Epic Westworld: It will help us dialog over shared experiences on what we will not be creating

Westworld season one was a great mix of science fiction and drama and action and it was done in a way that should help people think through many tech ethics questions, like how do we want to treat our robots? Does treating robots with violence change our nature? Can robots become sentient? HBO has a […]

Related