As a former corporate security executive, I watched the US military and the US Navy to change from being a cyber warfare team to a cyber warfare support team. For years, both the US military and the Department of Defense were primarily Cyber Command (Cyberwarfare Support) teams, supporting their local operators by letting them use our freely available (to us) commercial off-the-shelf software, and hardware to execute their offensive or defensive mission. A few decades ago this may have been okay, but now we are seeing the gradual migration of Cyber Command to Cyber Service or Cyber Intelligence (Cyber Espionage) as a separate operational function within the Department of Defense. This was always a mistake, because it degrades our ability to protect our nation and our people from these hackers and cyber-criminals who are hell-bent on destroying our economic and political stability.
Now that they’ve moved their operation out of the US, how can we protect our nation? Well, unfortunately, the answer is very difficult. Cyber warfare has evolved since the Department of Defense first learned about the attacks on US commercial interests back in the 90’s. Now there are hackers who are looking to attack utility companies, critical infrastructure, transportation systems, and even cities. In fact, some of these hackers could very well be trying to sabotage your electric power plant, your water treatment facility, or your financial institution. If you don’t know what you’re up against, you’ll be blindsided and unable to respond in a timely fashion.
As a former business operator, I quickly realized that the only way to effectively protect my company was to hire a cyber-security firm to prevent the attacks on my business. I found that the government often didn’t have a good enough strategy to protect its citizens from cyber-attacks and didn’t have a simple and inexpensive solution to stop them. Most of their solutions included buying expensive upgrades for their firewall, or purchasing more hardware to deal with the new attacks. While I appreciated their desire to protect our country, I didn’t feel that it was worth it when the attacks occurred. It wasn’t that the government wasn’t willing to do the right thing; quite the opposite.
So, now the private sector is stepping in to provide cyber security for businesses. This is done by creating a hybrid cyber-security team consisting of the private sector with some federal assistance. The hybrid team brings the best of federal and private sector technology together to help prevent cyber attacks. Recently, I was involved in bringing this capability to a small business in New Mexico. The result was a nearly tripling of the business’s budget from just last year due to a reduction in hacker activity. They were able to protect their classified information and remain under budget.
A recent study by Visa and MasterCard found that we are only beginning to see the adverse affects cyber warfare can have on our nation. According to the researchers, most of the financial data passed between international business and their clients was being compromised in some way. Of particular concern was financial information obtained from bank accounts. Even more concerning was the fact that they were able to gain access to this information even when the owners of the accounts were overseas.
Will we ever realize the full effects of cyber warfare? It is very difficult to say. The Department of Defense stated recently that cyber warfare is on the rise, and the military is working to develop the ability to shoot down incoming missiles or aircraft. However, the United States government seems to be the strongest advocate of using offensive cyber warfare tools against hackers. Will we ever meet that challenge?