As technology has become more sophisticated, the battlefield has increasingly shifted from the physical to the digital. With cyber war now being fought on a global scale, there is more onus on security than ever, and too many organizations (and governments) are not taking the threat as seriously as they should, especially when it comes to defending our critical infrastructure.
When it comes to cyber attacks against critical infrastructure, we aren’t just talking about accessing an organization’s sensitive data, but literally shutting down cities, financial systems or water supplies, just to name a few possibilities.
The scope of the threat is only likely to grow as we continue down the path of digitalization. It is no longer enough to defend and react if you are breached. Taking a ‘bad-guy’ approach is a massive step forward when tackling your attackers in the world of cyber espionage.
Espionage is a critical thread in the fabric of policy decisions. Every nation spies, from the global superpowers to tiny island nations. Learning what your adversaries and friends will do before they act presents a critical advantage to any society. Traditional spying evolved to meet the rapid increase in the affordability and near instant exchange of information using the Internet. Spies also needed to evolve to steal information from databases, where before they primarily recruited sources to abscond with paper secrets. As espionage evolved, spies necessarily became hackers. During this evolution, nation states realized that the near anonymity of cyber espionage launched from a virtual and border-less world made it easy to attack.
If information is the true global currency, a country like China or Russia can improve its economy by stealing trade secrets, intellectual property or pre-launch business decisions that affect global markets.
Today, cyber espionage is booming. Nation states recruit computer programmers, engineers and scientists into military and intelligence agency hacking clusters that are well-funded, provided cutting edge equipment and operate with a high degree of deniability because of the difficulty to attribute attacks. They are able to leverage traditional espionage trade craft to launch cyber attacks that compromise targets and steal information, often without the targeted group knowing for years.
As cyber espionage continues to swirl in the public’s consciousness, it is critical that our leaders take the threat of a cyber attack against our critical infrastructure seriously. To date, we’ve really only heard lip service when it comes to cyber security.
A very real fear is that cyber security will become a highly politicized issue and nothing will get done. As lawmakers battle for power in Washington, our adversaries will continue to covertly uncover secrets and, when the time is right, launch an attack that has widespread effects. If we wait until such an attack occurs to prepare, we not only risk falling behind as a global superpower but also human lives.