Modern field guide to security and privacy

The need for speed: How America's next military advantage relies on nimbler cybersecurity

Cyber attackers have speed on their side. This is how defenders can level the playing field – and get ahead.

Vern Boyle, Director of Technology for Northrop Grumman's Cyber Division at last year's "Developing America's Edge" event presented by The Truman National Security Project and the Center for National Policy and CSM Passcode.

The United States’ decades-long period of military dominance has deterred nuclear threats, defeated terrorists, and protected the homeland with a breadth and depth of advanced warfighting technology.

While there are many technologies within our military arsenal, the deployment of stealth and the use of precision guided weapons are arguably those that shifted America’s advantage to a nearly-insurmountable extent. These strategic technologies were driven by the fundamental goal of fighting and winning on a kinetic battlefield.

But the next generation of conflict will be won or lost on a digital battlefield, possibly before the first shot is ever fired.

In the future, deterrence, military power projection, and homeland security will depend on a defensible and resilient cyber infrastructure that can operate through widespread cyber-attack. This defensible and resilient cyber infrastructure will be as strategically important during large scale conflict as stealth or precision guided weapons.

Let me explain.

Today, a cyber attack could conceivably strike a combination of civilian critical infrastructure and allied military targets both simultaneously and on a scale that would make it impractical to determine the source of the attack, much less determine an appropriate response.

Today’s kinetic technology and weaponry will have a limited role in this type of fight. In fact, some of these weapon systems could be rendered useless by disabling the information or technology on which they have come to rely.

The next strategic technology for continued US military dominance will be driven by the fundamental goal of fighting and winning on a non-kinetic battlefield. This strategic technology advancement will need to be addressed with the same level of commitment as a stealth or precision guided weapons program.

Yet at present, a steady drumbeat of evidence supports the assertion that we are losing the battle in cyberspace, from broad breaches impacting millions of Americans to targeted attacks on military and critical infrastructure systems.

Why does the advantage seem to be so heavily skewed in favor of the attacker? Why does it seem like our current protection strategies are so ineffective?

Simply put, the attackers have fully automated their capability to generate attacks, allowing them to gain a temporal advantage. Millions of new malware samples are generated every year and the breach rate is increasing by double-digit percentages each year.

Contrast this with the current practice of protecting our weapons systems and our critical infrastructure. Network infrastructure is largely static or rarely changes, providing a fixed target. Defense-in-depth monitoring systems across the network are also fixed and rely heavily on prior knowledge of an attack to be effective.

When you add to this the need to make network systems more interoperable and the explosion of connected devices from the Internet of Things (expected to reach as many as 20 billion connected devices by 2020), the fundamental problem is only get bigger: we have a highly automated, machine-driven system attacking a static, human-driven system.

The attackers have essentially achieved a currently insurmountable strategic advantage as a result of speed.

A protection strategy based on speed can shift the advantage toward the defender and defeat many automated attack processes. Modern tools can be applied in new ways such that defenders can negate the temporal advantage of the attacker.

What does it mean to use speed on defense?

If defenders can restore systems to a known level of safety on a continual basis, they could dramatically reduce the amount of time an attacker is on their network. This is “Continuous Trust Restoration,” a radically different and perhaps disruptive approach that is already achievable from a technology perspective. Read the full story in my white paper here.

The time is now to initiate the rise of a new non-kinetic strategic technology that can ensure continued US military dominance. Within five to ten years, I expect us to have turned the tables on the adversary: we will be seeing them before they see us. They’ll be chasing us and we’ll be moving proactively before they’ve had a chance to gain a foothold into our customer’s systems. I expect us to be moving faster than the adversary -- and I expect our customers to have the same freedom of movement in cyberspace that they enjoy on air and land today.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.