Awareness must come before cyber security solutions

By Mark Danner

Consulting Manager, Homeland Security and Public Safety Practice

In themselves, computers are harmless. But with certain brains behind them, they become a devastatingly powerful tool for theft and destruction.

The media and government officials are certainly paying attention to the issue with increasing frequency, especially after the recent Google hack, and previous noteworthy exploits in 2009 that included the penetration of classified US military networks and the massive GhostNet operation against foreign embassies and other targets.  In contrast to the much-hyped threat of “cyber terrorism,” the most virulent and persistent threats coming across the internet are specifically designed by malicious operatives to be unobservable and exploitative.  A 60 Minutes piece that aired late last year puts this in excellent perspective.

Unfortunately cyber terrorism and information operations are regularly conflated and confused in the public discourse.  Cyber terrorism is a violent act carried out over IT networks by an individual, organization or state designed in function of a specific ideology with the goal to generate fear, discord and confusion in society.  As such, only the Estonian Internet take-down of 2007 comes close to qualifying.  Information Operations (IO), on the other hand, are an offensive, surreptitious and targeted effort using information and communication technologies by malicious actors to obtain material or information gain.  In contrast to the rare phenomenon of cyberterrorism, IO happens 24/7 against every public and private sector target imaginable.  

The reason such information operations are so persistent is that the malicious operatives behind these exploits have the initiative as they chase after vulnerable and lucrative targets.  They have forced the cybersecurity industry into a reactive state, chasing threats with technology solutions that only deal with known and discovered-after-the-fact malware. The only way to reverse this evolutionary cycle is for industry and government to adopt a proactive defense and creative offense that are based on awareness of the threat actors themselves and not just their technologies of exploitation.  We need to understand who is behind particular Information Operations? What are their motivations? When – in real time – are they operating?  Where are their base of operations?  Why do they select particular targets? And how do they collaborate as “communities of practice?”

It is time that we too build communities of practice that understand cyber threats holistically and not just as a function of complex technology.  But the problem is that the IT world is the home of a technical elite who speak a language that few can really understand and conceptualize. We need to expand this world and move to build a common language and understanding among non-specialists regarding cyber threats and the people and technologies behind them.  As a first step, let’s start creating a culture of awareness where the faces of cyber operatives become as well-known as fugitives on “Americas Most Wanted” and their secretive operations publicized by investigative journalists in television, print and electronic media.  It’s time to start telling real stories about real threats.

This is the first of a four-part blog series on cyber security. Up next: Why cyber terrorism is not likely.

Mark Danner, Consulting Manager with NSI, works collaboratively with the Practice Managing Directors across such verticals as Homeland Security and Public Safety, Energy and Environment and Finance, to help a wide variety clients win opportunities in government markets.  Mark has 20 years experience in providing innovative solutions to complex technology and operational risk problems for both the federal and private sectors. During a diverse career as an operations officer with the U.S. Intelligence Community, he provided key US decision makers with high-value answers to pressing national security questions related to counterterrorism, counterproliferation, deep-dive investigations and critical infrastructure protection.  A natural communicator and team leader with a passion for building holistic security into organizational culture, Mark began sharing his experience with the private sector in 2006.  He first worked on Wall Street with the Corporate Security and Business Continuity Group of Deutsche Bank where he advised internal groups on business resiliency planning and launched a program to model malicious threats against the Bank's global infrastructures. He then joined the management team of NeuralIQ, a small California-based technology firm where he helped develop the company’s business development plan for cyber intelligence services targeted to public and private sector clients and that allowed users to track the full scope of a computer network attack in real-time.  Mark received a B.A. in International Affairs from Earlham College, Richmond, Indiana, and a Master’s Degree in Middle East affairs from Georgetown University, Washington, D.C.