With new technology, come new problems. Oft times, with the increasing demand for the latest and greatest tech, security is more of an after thought. What has been a consistent theme is developing the next best technology, and then figuring out how to protect it. Before the tests are run to find the gaps, a hacker already knows how to exploit the tech in every way possible.
Richard Stiennon’s There Will Be Cyberwar: How The Move to Network-Centric War Fighting Has Set The Stage For Cyberwar highlights the disparity of the speed at which technology emerges with the speed at which security for the technology is developed. Stiennon highlights that the rush of the U.S. military into network-centric warfare has led to the dilemma of playing “catch up” with security to protect the latest technology. What if military technology turns friends into foes, navigation leads pilots and captains astray, or missiles, guns and weapons do not fire when employed. Stiennon brings to light what the future will hold for warfare and the warfighter.
A reoccurring metaphor used throughout Stiennon’s book is cyber Pearl harbor–a defeat in battle caused by cyber attack. When the war in Iraq was fought, cellphone data was instrumental in locating insurgents. Today, the playing field is leveling, where our enemies and we are advancing technologically. Cyber attacks have already been made, the question becomes: what is next? “There Will Be Cyberwar” is a great insight into what is inevitably to come.
I was able to ask Stiennon a few questions, prompted from his book. We discussed his view of the next cyber attack, the latest and greatest technology and what we can do to prepare for the inevitable and imminent cyber attack.
Q: In light of recent events, what do you see coming for the next cyber attack?
Richard Stiennon: Cyber attacks appear random and happen everywhere. Tampering with control sensors, precision targeting, or technology to discern who is a friend and who is a foe, would greatly impact the outcome of a military engagement. I believe that the “Cyber 9/11” would hit the U.S. critical infrastructure: hitting the power grid and oil. There have been no attacks, yet, but the malware is in the systems for espionage purposes. The intention behind these attacks would be to disrupt the economy. The hope is to acknowledge that it would be a cyber attack, not just to report the attack as a glitch.
Q: What are some preventative steps to take?
RS: The preventative steps are part of a “thought experiment”: think of the attack and plan backwards, eventually, these steps will be taken.
1. Continuous monitoring of traffic
2. Explore the systems that connect to the internet
3. Find the vulnerabilities in the systems and replace them before the breach
Q: Who do you think is the biggest target commercial of government?
RS: Attacks on the commercial side are worse. The government does not have any critical assets; attacks serve only to embarrass the government agencies (so far). The commercial side is much better defended, but highly targeted.
Q: What is the most exciting technology you are seeing in the marketplace?
RS: Machine learning applied to cyber security. Two organizations to be on the lookout for are:
1. TrustPipe (in which I have a minor investment)
2. Cylance
There is a move to the cloud to protect security solutions that appears to be the “path forward”. To run computer resources in the cloud is more secure than physically maintaining them yourself.
Q: What gaps are you seeing in technology?
RS: The biggest gap is developing between threat intelligence sources and the application of threat intelligence to internal data to hunt down attackers. That is also one of the fastest growing segments in cybersecurity.
Find more information on There Will Be Cyberwar: How The Move To Network-Centric War Fighting Has Set The Stage For Cyberwar here.
Other recommended reading:
Want to learn about the coming Internet of Things? Read about the Victorian Internet
A Proposal Regarding High Tech Immigrants to the US
My Opinion: NYT wants cyber security to be a divisive issue.
Cloud Computing vs. SOA: Look for a cross-over in hype
Quantum Encryption: Some economic and national security implications