Any pretense that nation states are not engaged in full-fledged cyber warfare has dropped following the defining of a new Department of Defense Cyber Strategy policy under which the U.S. government is making it clear that it will “employ offensive cyber capabilities and innovative concepts that allow for the use of cyberspace operations across the full spectrum of conflict.”
Citing cybersecurity attacks emanating from around the globe, the new policy makes it clear the U.S. Department of Defense (DoD) will “seek to preempt, defeat or deter malicious cyber activity targeting U.S. critical infrastructure that could cause a significant cyber incident regardless of whether that incident would impact DOD’s warfighting readiness or capability.” In effect, the DoD is saying that any cyberattack conducted against any asset of U.S. soil could be construed as an act of war.'Hacking into a system physically located in another country is legally no different than launching a raid that violates the sanctity of another country’s border. ' ~@mvizard Click To Tweet
Of course, technically that’s always been the case for any country. Hacking into a system physically located in another country is legally no different than launching a raid that violates the sanctity of another country’s border. Most nation-states, however, have been especially adroit at covering their cybersecurity tracks and diplomats have been reluctant to make accusations that might escalate tensions.
But most cybersecurity professionals are suffering no illusions. A recent survey of 500 cybersecurity professionals conducted at the Black Hat 2018 conference by Venafi, a provider of encryption key management software for machines, finds that 86 percent of respondents have already determined their organizations are caught up in a cyberwar. A full 40 percent of those respondents said those attacks have already led to a loss of human life.'A survey conducted at Black Hat 2018 finds that 86% of respondents have determined their organizations are caught up in a cyberwar' ~@mvizardClick To Tweet
It’s already been demonstrated that cyberattacks that can be traced back to nation states have already caused billions of dollars in economic harm. The issue is that the people developing these attacks tend to focus on a specific target without much regard for the collateral damage that might cause. The problem is that collateral damage isn’t limited to one geographic area. The cybersecurity experts launching these attacks have limited control over where and when their handiwork gets distributed around the world.
It’s only now a matter of time before other countries around the world adopt similar policies to one outlined by the DoD. Before too long a lot more finger-pointing will ensue. As is often the case, however, the left and right hand of any government do not always know what activities other agencies are engaged in. For example, in the U.S. the Central Intelligence Agency reports up through the director of national intelligence, while the DoD is overseen by chiefs of staffs from various military branches. Intelligence agencies around the world are engaged in cyber espionage activity that technically violates the sovereignty of another nation. They usually don’t inform their militaries about those activities unless absolutely required. It will not be uncommon for a country to claim it is being victimized by cybersecurity attacks from abroad while at the same time engaging in cyberespionage.
If you’re getting the sense there’s a need for a global cybersecurity treaty you’re not alone. Such a treaty might be difficult to enforce. But it would at least set up a mechanism for diffusing tensions. In the meantime, it’s worth noting scientists have for years monitoring a Doomsday Clock Countdown that serves to remind everyone just how close we all are to blowing up the planet. Right now, however, it would appear there’s a need for a Cybersecurity Doomsday clock to remind everyone just how much can go horribly wrong in few seconds in a digital society where just about everything is in one way or another interconnected with something else.'It appears there’s a need for a Cybersecurity Doomsday Clock to remind everyone how much can go wrong in few seconds in a digital society where just about everything is interconnected' ~@mvizard Click To Tweet
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.