Language used to describe cyber-attacks, cyber-breaches, and cyber-warfare today…have litterally blown past earlier language applied to mere computer – IT system security which I and colleagues used in university courses in the mid-1990’s.
- the realities, i.e., damage, and global cascading effects of cyber-attacks, cyber-warfare, and cyber-breaches that destroy confidence and functionality of national infrastructure institutions are receiving much warranted study and attention...
What has traditionally been characterized within the computer-IT security arena…as largely defensive actions which system administrators can apply, i.e., products, services, etc., to prevent, mitigate, and/or alert users to vulnerabilities and breaches.
Of course, there is more clarity now insofar as who – what – where the perpetrators are…i.e., (a.) variations of state sponsored entities, (b.) countless of ‘legacy free’ players – hackers, and (c.) economic-competitive advantage adversaries. Each has undergone substantial transition in recent years and now can be correctly distinguished as (being more) persistent, targeted, and stealthy incursions on a system-wide basis with the criticality becoming utterly devastating!
These adversaries and the adversarial circumstances they create…are often variously organized, aligned, legacy free, and predatorial by design. Many operate in, what I refer to as the economic, competitive advantage, and information brokering arenas, a percentage of which have become receptive – pressured into state sponsorship.
The amounts-levels of information and data being sought…by economic and competitive advantage adversaries, has, in numerous instances, been unnecessarily vulnerable because it had been stored in semi-open source conditions. The sloppiness exhibited by entities that elected to not effectively safeguard their data-information (intangible assets), often manifest as the proverbial ‘target rich environment’ which could be readily infiltrated 24/7/365 .
The global business community and accompanying national security infrastructures…are now confronting a third generation-iteration of variously independent predators – brokers of economic-competitive advantage information and data.
All can be assured, the current (successive) generation(s) of information-data predators and brokers, are well versed in the…
- economic fact – business reality that 80+% of most company’s value, sources of revenue, and competitive advantage derive from intangible assets, i.e., primarily intellectual, relationship, and structural capital.
Resonate, sound familiar, probably, however, the language – terminology…i.e., cyber-security, cyber-attacks, cyber-warfare, etc., are now common, some perceive as interchangeable, components to the discourse. They may well be distinctions without much of a difference.
Obviously, there can be disagreement…especially, given the gravity, consequence, scope, at will execution, stealth, and asymmetric features of today’s cyber-predator’s.
After all, many possess, or can readily form relationships, acquire resources, upgrade their technologies, and find the necessary skill sets to…destroy data, deploy various types of malware, or siphon (extract) specifically targeted data-information.
Their motivations, rationales, and objectives have become…variously more menacing, disturbing, and threatening, e.g., to undermine – bring into question the validity and soundness of long held – assumed intangible assets, integral to a company, organization, agency, and/or any one of the various pillars to the U.S. national infrastructure.
What troubles me most about terms such as cyber-warfare and cyber-attacks…is the inference that ‘all things evil’ have come to originate in adversarial – malicious use of computer – IT system(s). What’s more, they can originate from afar, be largely anonymous, state sponsored, or merely the product of growing numbers of organized and sophisticated actors acting in complicity with economic-geo-political-ideological adversaries to the U.S.
The warranted alarms…variously being sounded regarding, what many suspect is, the inevitability of a cyber-attack on any of the nine (conventional) institutions that comprise ‘a countries’ national infrastructure. Such alarms are certainly worthy of being routine what if action items on the agendas of every c-suite globally.
I seek not to dispute nor diminish the significance which…that descriptive language poses. After all, the cascading havoc to any nation’s infrastructure created by a single offensive cyber strike-attack, we must recognize, could be incalculably cataclysmic and potentially border on irreversibility, absent equally strong counters in the form of organizational redundancy and resilience.
To be sure, discussions, debates, and task forces are on-going…throughout public and private sectors globally, among other things, the most effective expenditures, strategies, and practices to (a.) mitigate, and (b.) become more resilient to cyber risks.
I hold the view that the notion of actually-preventing a cyber-attack...of infra-structure scale have largely been superseded. Instead, time should resources to (a.) mitigating adverse cascading affects, and (b.) becoming more (product, service) organizationally resilient…
- respectfully, only the uninformed and unfamiliar would assume prevention remains an option or viable course of action.
Insofar as the conventional pillars comprising a countries infrastructure are concerned, we, as a nation, are obliged to recognize that the U.S. is distinctive from many other countries, that is, many of the pillars to its national infrastructure, i.e., finance, healthcare, transportation, etc., are privately held and thus, operate unlike other countries.
So, decisions about safeguarding, mitigating risks, and achieving more resilience for organizations-companies’ intangible assets lies with the… leadership of those entities whom we trust are operationally familiar with the universal economic fact that today, and for the foreseeable future…
- 80+% of most company’s – institution’s value, sources of revenue, competitive advantage, and sustainability lie in – emerge directly from intangible assets, primarily, intellectual, structural, and relationship capital.
So today, I believe it is substantially more effective to encourage… companies and organizations to focus on increasingly stronger and sophisticated defensive modes consisting of…
- monitoring, mitigating, containing, repelling, and resilience.
Of course, such a multi-dimensional strategy encourages companies to…recognize the various types, levels, and criticality of risk before they materialize which presumably…
- can manifest as relevant deterrents, and not be a precursor to (risk) escalation.
- otherwise, it will surely cause CSO’s (chief security officers), CISO’s (chief information security officers), CIPO’s (chief intellectual property officers) and certainly legal counsel to routinely lose sleep.
Michael D. Moberly July 25, 2017 [email protected], the ‘Business Intangible Asset Blog’, since May 2006, 650+ published blog posts, read in 137+ countries, ‘where one’s attention span, businesses intangible assets and solutions converge’.
Readers are invited to explore other published posts, video, books, and position papers at https://kpstrat.com/blog