By Kevin Coleman — Defense Tech Cyberwarfare Correspondent
Perhaps the most frequent question I get regarding cyber attack is about the future. Not 20 years out, nor even 10 years out. People are interested in what is likely to take place in the next three to five years. Most seek this insight so that they may develop or update their strategic and operational plans. So here is my cyber related forecast for the next five years.
- Cyber attacks against businesses accelerate to a point where organizations forecast and budget for losses that they incur due to successful cyber attacks.
- The blur between cyber attacks launched by criminal organizations, terrorists and rogue nation states drive the development and institution of an international accord that supports rapid response to cyber events and cooperation attribution efforts.
- The software industry and the cyber security industry will join together and establish an oversight and advisory group that will work with the government and private sector critical infrastructure organizations to reduce software/systems’ vulnerabilities throughout the development lifecycle.
- A cyber attack on a country’s critical infrastructure prompts a physical military response thus driving the United Nations to become heavily engaged in policies governing retaliatory actions for cyber attacks.
- NATO is called upon to address the issue of non-NATO countries inclusion and participation into their cyber event investigation and cyber peace keeping efforts.
No one knows exactly what the future holds and those who dare to predict based on their experience open themselves up to criticism. However, we cannot continue to be heavily reliant on response and reaction rather than being proactive.
{ 13 comments… read them below or add one }
Sounds more like a dream or fantasy, than a reliable prediction!
More likely, everyone continues to point fingers at everyone else, shouting "Do Something!", while avoiding spending any money, making any changes or actually doing anything that improves or fixes the situation.
Idiots still continue to click on links from someone they've never heard of before, people still refuse to update their antivirus because 'it costs too much', and
Cyberterrorism becomes our only remaining growth industry…
A "reliable prediction", that's an oxymoron my friend, and why he called his estimation a "forecast". We'll no doubt continue to see an escalation and evolution of cyber threats, as you point out. And that's exactly WHY I think Kevin's on point in his estimation — govt, business and NATO are being forced to evolve and his projections are logical next-steps for these institutions to mitigate the threats.
Thanks Nathan
My biggest concern is if govt, business and NATO can evolve at a fast enough pace? I am leaning toward NO and that is troubling.
Beg pardon sir, but the United States is the sole cyber superpower on this rock and I fail to see a serious threat. Yeah, my card might get hacked once in a while but who developed stuxnet? I think we have smarter people, I think we have the best hardware, the best software, the best of everything. And we are going too far. Based on the logic that cyber attacks can equal to kinetic attacks, Iran already has the casus belli to start burning tankers in the hormuz. We have no need to start this kind of thing. We are already so far ahead in technology and human assets as to make serious comparison moot. To get all angry if another country hacks us when we already so totally dominate is to bully children.
It's this type of thinking that led to us now playing catch up in the cyber defense realm. Unfortunately, the US has plenty of exposure to international threats and there are MANY nations (not to mention non-state-actors) capable of, and currently attempting to, access gov't networks with malicious intent. We can have the "best" everything and catch 99% of all incoming attacks — but that 1% could still inflict major pain on US interests and infrastructure.
As you so clearly point out, you can do as much damage with a well coordinated cyber attack as you can with well aimed ordinance. Regardless of the US role in Stuxnet, it goes to show you that even our "enemies" have access to some of the best US technologies (Microsoft in this instance), and even those technologies have vulnerabilities.
Disagree, we are not playing catchup. We have lapped the field several times. I allow we are not invulnerable, I say the opposition is far, far more vulnerable. I allow that others can hurt us, I point out that we can hurt them way, way worse. As I'm sure you know, Stuxnet could not have been created with open source intel. It took more than just Windows hacks to reach into centrifuge cascade rotor control code at Natanz. Stuxnet developers had very specific and detailed knowledge that could only have been acquired by a very large and sophisticated intelligence organization. The list of actors capable of engaging such an enterprise in a similar way against the US is small and does not include your favorite non-state boogeymen.
All this aside, there still applies the fundemental power of deterrence now that we have equated network warfare to kinetic warfare, the grander geopolitical strategy we already have fills right in. It still applies to this small list of actors, and I believe the US still stands quite favorably in the balance.
number four happened last week yalls
do tell – care to elaborate?
Think he speaking towards the DoD's new policy regarding cyber attacks as acts of war and use of kinetic retaliatory response as an option. No so much "happened", as writing on the wall…
I thought he might have a scoop on covert ops after the US Defense Industry was attacked.
Given the recent N Korea and S Korea cyber exchange, I was thinking ignacio genzon was talking about that had was taken to the next step
These sorts of bobus predictions are made by consultants shilling all the time. The give away is 3 to 5 years.
"A cyber attack on a country’s critical infrastructure prompts a physical military response thus driving the United Nations to become heavily engaged in policies governing retaliatory actions for cyber attacks."
UN can't even "engage in policy governing retaliatory action" for regular attacks. Resolutions, binding and non-binding. Squabbling in the GA before deploying hand-tied peacekeepers to get shot to bits.
And you want the UN running cyberwarfare policy?