What’s the equivalent to fighting a war in the 21st Century with a bow and arrow? Fighting cyber threats with the traditional rules of international engagement.
The world has changed. We not only fight wars on land, sea and in the air, but also in cyberspace. And in cyber, the battleground is different, the weapons are invisible and the enemy is often unknown.
What’s more, while propaganda may have attempted to gain hearts and minds during traditional warfare on a national basis, disinformation campaigns can now influence popular opinion across borders.
With both US and UK elections on the horizon, cyber threat have never been so significant. Unlike with enterprises, the attackers’ objectives are less likely to be financially motivated or an attempt to steal data. Instead, they seek political disruption.
The most worrying element of political disruption as an objective is that the actual attack can be relatively limited. The damage is in what it signifies about international relations, national cyber resilience and the governing bodies.
In essence: it could undermine public confidence in government, losing trust. Which arguably hampers a country’s resilience harder than any physical attack might.
When cyber meets governance
Unlike in any other field, when cyber meets governance it becomes more than just a defensive strategy. It’s a political statement. This makes securing the IT infrastructure absolutely essential to a strong government. It should not only take a layered approach to security to ensure maximum resiliency, but there should also be comprehensive training and awareness programs for employees and rigorous process checking to ensure the security posture is as protected as possible.
One element of network security that is often overlooked is the DNS. A rich source of security insight, the DNS can not only allow governments and enterprises alike to identify malicious activity such as phishing, malware and data theft, but it can also become a defensive layer where threats are proactively blocked and eliminated.
Perspective over bureaucracy
While there is no doubt that security solutions need to sit alongside each other and complement the overall security posture, they also need to be part of a broader security program. In the US, CISA – Cybersecurity and Infrastructure Security Agency – is an example of a standalone federal agency tasked with ensuring the US is secure. Operating across all levels of government, States and from both a physical and virtual perspective, it demonstrates the need for a broader overarching body that can understand the risk and protection needed to deliver true cyber defense.
While arguments may be made that more stakeholders adds bureaucracy, given the complexity and significance of national security, it is important to have these independent bodies to be able to take a step back and understand the overall security posture of a country. It also ensures that certain initiatives can be prioritized and escalated, depending on the broader contextual environment and potential consequences. With high political stakes and national security at risk, project management of cyber initiatives should never be a case of ‘who shouts the loudest’, it needs to be a carefully considered discussion about risk, resilience and reputation.
Above all, it is important to remember that cyber war is a very real concept and it goes beyond our traditional view of either international relations or cyber threat. It stands to reason, therefore, that we must also check our view of cyber security and the context – technically, politically and economically – it exists in. At election time, discussion around cyber security goes beyond the tech.