"I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."
- Albert Einstein
Albert Einstein’s famous quote, of course, was referencing the buildup of atomic weapons in a post WWII world. Yet, things have changed so drastically in the modern world that even Einstein could not foresee that world powers would fight an ongoing battle with keyboards and networks, rather than bullets and bombs. While the Cold War may be over, the reality is that our country is under cyber attack on a daily basis by world powers such as Russia and China. The difference being, they are invading our data centers and networks, rather than our shores.
As a country, the United States has always been very out-front in displaying its military might to act as a deterrent against potential threats. Yet, when it comes to our capabilities in the cyber arena, we have been somewhat secretive. That may be about to change.
I was intrigued to read over the past couple of weeks how four-star General James Cartwright, the recently retired vice chairman of the Joint Chiefs of Staff, has come out advocating that the United States should be more upfront about its capabilities. “You can’t have something that’s a secret be a deterrent. Because if you don’t know it’s there, it doesn’t scare you,” said the General.
Whether you are in the camp of going on the offensive or employing a strong defense as a way to defeat cyber attacks, it’s hard to argue with the logic of making sure that other countries know that if they are going to take a shot at US interests, they are going to get hit back. And hit back hard.
It would appear that the General’s comments were not based solely on personal opinion or agenda, but rather as the beginning of a coordinated message from the US military. Within the past few days another story originated from the Pentagon, indicating that the U.S. military now has a legal framework to cover offensive operations in cyberspace. "I do not believe that we need new explicit authorities to conduct offensive operations of any kind," said Air Force General Robert Kehler. This would appear to indicate that the U.S. military is hasting preparations for possible cyber warfare.
Whether these proclamations correspond to a shift in military philosophy or strategy, I don’t know. What I am fairly certain of, however, is that these threats are reaching an unacceptable level to those charged with national security. In his interview, General Cartwright offered up a couple of scary scenarios, as he estimated that it would probably take hackers two to five years before they could disable a large percentage of the banking industry or the U.S. electrical grid. But noted that even a smaller attack could undermine confidence in financial markets, he said. It would appear to me that these threats are cyberspace’s version of the Cuban missile crisis.
I often speak to security analysts and business leaders, and I explain to them that security companies who deal with these types of advanced persistent threats (APT’s) are becoming the defense contractors of the future. We have become to the cyber world what the likes of Raytheon and Lockheed-Martin were to the aerospace industry throughout the 1980’s. Alone, we can’t win the war for you. But we can equip you with the best weapons to help fight against the bad guys. And if the past is any indicator, the arms race is just beginning to heat up.