CyberWar in its many forms presents an unprecedented threat to major companies, smaller companies, non-profits, and the military/intelligence entities. Companies can be ruined, elections rigged, wealth stolen, and wars lost. We have seen this, and so have our adversaries. America has trained many of their best cyber practitioners, as we did their nuclear scientists, and they have attacked with a vengeance that is unrelenting and growing in sophistication.
In the early nuclear age, a so-called neutron bomb was developed. The weapon killed not by a large blast, but with a huge barrage of neutrons that would kill anyone in its path with contaminating radiation but leave buildings and other wealth intact; a lethal and deadly prospect. Today, cyberwar is the neutron bomb equivalent of the internet age – a weapon that can can destroy, rig, steal, confuse companies and countries while not destroying their physical assets.
America’s private sector has been slow to recognize the threat and to adapt. A New York Times report recently exposed Russian hacks on vital utility providers around the time of the 2016 election. While the computer systems that operate the plants were not sabotaged or shut down, security experts believe that these hackers may still be sitting on these networks waiting for their opportunity to strike. All that is missing said one security expert is “some political motivation.”
As tensions heat up between the two former Cold War adversaries in the wake of Moscow’s alleged poisoning of Sergei Skripal, this may be just the kind of “motivation” necessary for a cyber attack. It is not implausible to imagine the residents of a major American city sitting in the dark or cold, such as the fate suffered by 200,000 Ukranians in the wake of escalating hostilities with Russia in 2015-2016. While these blackouts may seem like a minor nuisance, a prolonged outage of utilities that are essential to sustaining life in cities (refrigeration for food, water/sewerage, climate control in warm and cold months etc.) could destabilize America’s population centers and result in mass refugee/mass casualty situations.
This is not to say that cybersecurity is not widely recognized as needed; billions are being spent in the private sector on such measures. But hackers are becoming so clever that almost all cybersecurity defenses can eventually be penetrated. Combatting the state actors and state backed hacker militias that are increasingly behind these attacks will require upgrading to military-grade capabilities.
Building military-grade cybersecurity into our commercial companies will require incorporating new technologies and techniques from the people most focused on the protecting the country. Network segmentation is needed to separate what is most important from what is most exposed. Insider threats will require constant training of employees, vigilance and discipline to watch who is supposed to have access to what information. Analytics are required to track and identify anomalies to uncover hidden threats. New technologies such as artificial intelligence, automation, and blockchain will also play a role. The government should help accelerate this process by setting standards for adoption, training, and organizational priorities, and cooperate with the commercial sector in all these matters.
At present cyberwar is the function of the government, but that may not always be the case. The responsibilities for cyber defense and offense need to go through some rethinking. Companies may need authorization to react with immediate “protective cyber attacks” in limited situations to ward off adversaries. While the main work of cyber offense should remain a responsibility of the government, the problem is too immense for the government to defend every company and every citizen.
Nuclear weapons, aircraft, gas stations, hospitals, banks, cars, electric production-distribution, transportation of people, products, and food are all at risk and companies need to take the necessary steps to defend themselves against cyber attacks. As the internet more fully integrates into your home though the Internet of Things, average Americans will also have an increasingly large role to play in bolstering our county’s cyber defenses.
Our very democracy, our capital markets, our productivity, our prosperity, our trust in government, our ability to defend and wage war are all at risk. During the Cold War Americans from all walks of life took an active role in our nation’s defense through a variety of civil defense programs. Much like the Cold War, this cyber war must be a “People’s War,” in that every citizen must be on the alert and knowledgeable to support our leadership in crafting technologies and solutions to be implemented.
The Honorable Tidal W. (Ty) McCoy is Vice Chairman of the Cyber, Space & Intelligence Association and the former Acting Secretary of the Air Force.
The views and opinions expressed in this commentary are those of the author and do not reflect the official position of The Daily Caller.