We use cookies to provide some features and experiences in QOSHE

More information  .  Close
Aa Aa Aa
- A +

Promise and peril in a changing cybersecurity sphere

8 5 0

If cybersecurity concerns set your hair on fire, you should be bald by now — and lacking eyebrows and any other facial hair (perhaps even be denuded to the waist). A relentless increase in cyberattacks is prompting a reassessment of responses and an increasingly popular option is going on offense.

The list of significant cyberincidents in 2021 compiled by the Center for Strategic and International Studies includes 71 items through June. In addition to the Microsoft Exchange hack that penetrated 250,000 networks worldwide, there were the ransomware attacks on Colonial Pipeline, which shut down the U.S.’ largest fuel pipeline; the attack on the world’s largest meat processing facility, JBS; on Acer, the Taiwan computer manufacturer; as well as a North Korean attack on South Korea’s Atomic Energy Research Institute; and intrusions at water processing facilities in Norway, Israel, Florida and California. The list doesn’t include the July 4 hack by REvil, a suspected Russian government supported group of cybercriminals, that hit as many as 1,500 companies in what has been called the largest ransomware attack ever.

Security protocols aren’t working and there is a new readiness to consider offensive operations. Gen. Keith Alexander, a former head of the U.S. National Security Agency, explained the new mindset: “If we are under attack, you can’t just try to catch every arrow. You have to take care of the person shooting the arrows at you.”

That’s new thinking. Western governments have been strong opponents of offensive action. U.S. government officials physically recoiled when it was suggested in a meeting a few years ago that offensive tactics be on the table. When that same person proposed the same idea a few years later to another group of U.S. officials, they were much more receptive.

The reluctance to play offense stems from several considerations. Offensive actions are usually designed to deter — to keep an adversary from attacking. Deterrence aims to manipulate that adversary’s cost-benefit calculation of behavior so that the person or persons believe the costs will exceed expected benefits. Success requires an accurate assessment of that calculation: Can we get inside the head of the adversary, weigh factors as they do and appreciate how they interpret our signals?

In the digital space, problems multiply. Attribution is the most famous. Can........

© The Japan Times

Get it on Google Play