Cyberwar is an unprecedented threat to our national security, our economic security our personal lives, fortunes and sacred democracy. How did it come to be this way? We developed open systems and networks including the internet with the idea that a benign world would use it for their betterment, but as with all technology advances we found that the technology that makes lives easier, more efficient, and better can be turned against us. Today, much as the arena of cyberspace has morphed into this same Heaven-Hell configuration.
The ability to defend the nation, protect our military forces, secure our infrastructure, run our companies, and even conduct free and fair elections is at risk. Recent events have shown that cyberwar is being driven by espionage motives from nation-state actors. The coordinated and pervasive grand strategy of our adversaries is a confounding and mortal danger to the United States.
The best of our military and our intelligence agencies can mostly (but not always) protect themselves. As the latest NSA leak shows, even our top intelligence agencies can be stripped naked of high value tools almost by one lone, rogue contractor. Yet hackers and nation-state military/spy agencies are engaged in a cyberwar not only against the United States Government but its commercial interests as well.
In 2012 Robert Mueller, then FBI director, said, “There are only two types of companies: those that have been hacked and those that will be.” A recent New York Times story outlining the significant advances made by North Korea’s cyberwarfare program stated that “When confronting an enemy that has internet-connected banks, trading systems, oil and water pipelines, dams, hospitals, and entire cities, the opportunities to wreak havoc are endless,” and the Hermit Kingdom is far from alone. The Chinese, Russians, Iranians, North Koreans and many others, plus their paid for hackers, probably number over a million or more high quality, hard working, smart, ruthless and/or very rich hackers/attackers
So, what are private companies who may be disemboweled by cyberwar (financial data, personnel data, strategy papers, intellectual property, supply chain, material scheduling systems, inventory management, etc.) to do?
They must become cyberwarriors in their own right, employing robust, innovative and ever improving capabilities. By building on what the government has learned and developed in securing our nation’s military communications and weapons systems, the private sector can protect information that’s just as valuable to enemy hackers. Cyberwar must be at its base level, as the ruthless killer Chinese dictator Mao-Tse Tung said about war in general, “a people’s war.” The whole nation must be on alert and our commercial institutions must be in the vanguard.
To successfully defend against cyber attacks, the private sector must have the following elements. First, leadership buy in – the Board and C-suite must make cybersecurity a priority. Second, a plan – a plan to be attacked and plan of how to respond. That plan cannot be static, like hackers evolving technology, so too must the plan and capabilities behind it be fluid. Third, organization and coordination – every department, function and employee must be considered and read into best practices. Fourth, capability and continuous evaluation – this requires investment in new systems and technologies.
Key to all this is for commercial organizations to understand and learn how to evaluate, procure, train, install, monitor, and upgrade the best military/intel cyber equipment and software that is available. Cyberwar knowledge and first-class military grade cyber equipment, when paired with deterrent counter-intelligence are critical to ensure a company’s success - it does not lose its stock market value, the CEO does not get fired, and the employees do not lose their jobs due to the company being paralyzed or destroyed due to cyberattack.
More than 85% of the internet is managed by the private sector. The Internet of Things, autonomous vehicles, social media, banking, medicine and a series of other revolutionary technologies are key facets of our lives that are all part of the .com network. Protecting this part of the internet is as vital to national security as safeguarding government and military networks. We must be ready and engaged 24/7 to protect against these threats by engaging key military capabilities to defend the commercial sector from attack and by drilling our nation’s employees on key matters as they relate to cyberwar - because it their future and the nation’s future that is at stake.
The Honorable Tidal W. (Ty) McCoy, is Chairman of IronGate Capital Advisors, a Venture Capital Fund of Funds specializing in cybersecurity investments, an officer of several associations dealing with cyber issues, and a former acting secretary and senior assistant secretary of the Air Force.