To end cyberterrorism, government should reach out to the private sector – TechCrunch
They say the best way to lose the next war is to keep fighting the last one. The citadels of the medieval ages were an effective defense until gunpowder and cannons changed siege warfare forever. Superiority on the battlefield based on raw troop numbers gave way to artillery and machine gun power.
During World War I, tanks were the innovation that literally overthrew fortifications built using 19th century technology. Throughout military history, innovators have profited from the spoils of war while those who took too long to adapt have been crushed and defeated.
Cyber warfare is no different, with conventional weapons giving way to technologies equally deadly to our economic and national security. Despite our military superiority and advances on the cyber front, America is still fighting a digital enemy using analog ways of thinking.
Despite our military superiority and advances on the cyber front, America is still fighting a digital enemy using analog ways of thinking.
This needs to change, and it starts with the government making tough choices about how to exercise its offensive powers against an enemy lurking in the shadows, how to partner with the private sector, and what it will take to protect the nation from hostile actors who threaten our very way of life.
Colonial Pipeline was one step forward, two steps back
The day after the ransomware attack against Colonial Pipeline, the Russian-linked hacking group known as DarkSide reportedly shut down and Federal Bureau of Investigation recovered part of the $ 4.4 million ransom that had been paid. These are positive developments and an indicator that our government is taking these types of attacks seriously. But that doesn’t change the fact that cyberterrorists, acting with impunity in a hostile foreign country using a technique known for years, managed to shut down the country’s largest pipeline and walk away with millions of dollars in ransoms. They will probably never face justice, Russia will not face real consequences, and these attacks will no doubt continue.
The reality is that while businesses can get smarter about cyber defense, and users can become more vigilant in their cybersecurity hygiene practices, only government has the power to stop this behavior.
Countries that allow cybercriminals to operate within their borders should be forced to hand them over or face crippling economic sanctions. Those found providing sanctuary or other assistance to such individuals or groups should face material support charges like anyone aiding a designated terrorist organization.
Regulators should insist that cryptocurrency exchanges and wallets help track illicit transactions and parties or be cut off from the U.S. financial system. Law enforcement, the military and the intelligence community should actively work to make the cyber terrorist operation so difficult, dangerous and unprofitable that they would dare not attempt another attack on it. US industry or critical infrastructure.
The government must facilitate cooperation with private actors
Our greatest vulnerability and missed opportunity is the inability of public and private entities to form a unified front against cyber warfare. It is essential, from both a defensive and an offensive perspective, that the government and the private sectors share information on cyber risks and incidents in real time. This is not currently the case.
Companies are too afraid that by revealing vulnerabilities, they will be pursued, investigated and further victimized by the very government that is supposed to help them defend themselves against attacks. The federal government still has no answer to the problems of information overclassification, overlapping bureaucracies, and cultural barriers that make it difficult to proactively engage with private industry to share information. and technologies.
The answer is not to force companies to come to the table and expect a one-way flow of information. Private actors should be able to come forward voluntarily and share information without having to fear legal action and regulatory action. Real-time self-disclosed cyber data should be kept confidential and used to defend and respond, not to further punish the victim. This is not the basis for a mutual partnership.
And if the federal agencies, military, or intelligence community have any intelligence on future attacks and how to prevent them, they shouldn’t dwell on it long after it will do any good. There are ways to share information with the private sector that are safe, timely and mutually beneficial.
Cooperation should also go beyond the exchange of information on cyber events. The private sector and academia are driving considerable progress in cyberspace, with total research and development spending spread roughly 90% -10% between the private and public sector over the past two decades.
Our private sector – with the best and brightest employing tech companies ranging from Silicon Valley to Austin, Texas, to the Northern Virginia Tech Corridor – has so much to offer government, but remains a vastly untapped resource. The same innovations that boost private sector profits should be used to strengthen national security.
China has figured this out already, and if we fail to find a way to leverage private sector innovation and young talent in the United States, we will fall behind. If there has ever been a call to action where the Biden administration, Democrats and Republicans in Congress can put policy aside and embrace bipartite solutions, That’s it.
Look at the industrial model of military defense
Fortunately, there is a model of public-private dynamics that works in many ways. Today, weapon systems are almost exclusively manufactured by Defense industrial base, and when deployed to the battlefield, there is constant two-way communication with combatants about vulnerabilities, threats, and opportunities to improve effectiveness. This relationship did not happen overnight and is far from perfect. But after decades of efforts, secure collaboration platforms have been developed, security clearance standards have been established, and trust has been built.
We need to do the same between federal government cyber authorities and private sector players. Financial institutions, energy companies, retailers, manufacturers and pharmaceuticals need to be able to influence government to share real-time cyber data back and forth. If the federal government learns of the existence of a threatening group or technique, it should not only go on the offensive to shut it down, but also pass that information securely and quickly to the private sector.
It is impractical for the FBI, the Department of Homeland Security, or the military to shoulder the burden of defending private networks from cyberattacks, but the government can and should be a cohesive partner in the effort. We need to embrace a relationship that recognizes that this is both a common battle and a common burden, and we don’t have years to get it right.
Call to action
When looking at the history of war, the advantage has always gone to those who innovate first. When it comes to cyber warfare, the solution does not lie only in advanced technologies like artificial intelligence, quantum computing or blockchain. The most powerful development in today’s war on cyber terrorism could be as simple as what we all learned in kindergarten: the value of sharing and cooperation.
Government, tech industry and the broader private sector must come together not only to maintain our competitive edge and embrace advancements such as cloud computing, autonomous vehicles and 5G, but also to ensure that we defend and preserve our way of life. We have been successful in establishing public and private partnerships in the past and can evolve from an analog relationship to a digital relationship. But the government must take the reins and lead the way.