cyber threat

The question of attribution has always remained a murky effort, largely because of the difficulty in proving direct links between the activity and a specific state, but it appears that over the past few years the threshold for that rigor has significantly decreased.

The current possibility of the United States walking into a trap of a kinetic war is exceptionally likely, given the conditions that will be enumerated here, and the historical pattern of the US reacting to surprise attacks with the force of a giant rudely awakened from a deep slumber is not ahistorical. The Election of 2016 was a sure indicator of one phase of election manipulation.

What is now categorized as the “cognitive domain” includes areas of influence in all sectors of society. Cognitive domain(s) should not be restricted to influence and information operations, social engineering and ‘winning hearts and minds’ approaches, but expanded to include all areas where ideological attacks are possible.

The rise of ransomware as an attack vector has continued to thrive and appears focused on those municipalities and law enforcement agencies with limited resources and unchecked system vulnerabilities. Of major concern are the evidentiary losses and reduction in consumer confidence within these governmental organizations requiring a new focus and financial expenditures to mitigate these attacks from occurring in the future.

When cyberwarfare is the top defensive policy for the Pentagon, including the protection of critical infrastructure from a catastrophic cyber-attack, the Commander-in-Chief should strategically avoid social media if at all possible.

Modern day “condottieri”, a new type of modern “soldiers of fortune”, is emerging center stage. Namely, the ascent of a new breed, one that could be best described as “digital mercenaries”. The advent of these new professionals is of no less importance than their “traditional” counterparts who provide muscle and boots on the ground in distant and difficult environments.

As cyber-attacks become more frequent and cause more damage, the US government and the vast majority of private and commercial companies dig deeper into a defensive posture. Offensive cyber operations do not happen, except for maybe a few confidential US military or government (NSA) operations that cannot be confirmed or denied. Over 90 percent of the internet, including the massive amounts of data the travel through it; belong to non-government entities that so far are unable to punch back against their attackers.

Cybersecurity’s human adversarial engagement is often lost in discussions of cybersecurity. We discuss how defenders’ focus on technology unintentionally creates vulnerabilities which can be exploited by threat actors. In particular, we discuss how the convergence of cyber awareness training and defensive technologies is exploited by threat actors with devastating consequences.

There are two competing arguments regarding the gravity of the threat that cyber-attacks pose to the nation’s security.