Defense issues expert Peter Singer warned this week that cybersecurity deterrence strategies put in place over the past decade are collapsing, and that the government’s response to security strategies needs to be rethought.
Delivering the keynote address at MeriTalk’s Tenable GovEdge 2018 event on May 3, Singer explained, “Over the last decade plus, when it came to our grand strategy in the space… the goal was to gain a mix of national capabilities and global norms that would guide behavior by nation-states and lower levels of threat actors away from large scale attacks.”
“The problem is that this strategy is not just challenged right now; it’s in utter collapse,” said Singer, who is a senior fellow at the New America Foundation and the author of numerous books on cybersecurity and other defense issues.
He said that the Russian government’s campaign to interfere with the U.S. 2016 presidential election and to similarly disrupt democratic functions of U.S. allies have generated notable successes, and thus changed the calculus to incentivize large-scale attacks.
“Every other threat actor is looking at this collapse of deterrence,” he said.
Mr. Singer also warned that antagonistic state actors and cyber criminals are increasingly working in concert to create hybrid threats, citing Russia’s alleged backing of cyber criminals to hack political targets, and North Korea’s attacks on financial institutions.
“Hybridization allows these threat actors to gain the best of both worlds,” said Singer. “They’re able to get deniability but also bring in state assets.”
And he said private sector companies inadvertently are aiding some state and criminal actors by allowing the Russian and Chinese governments access to some of their data in order to maintain access to markets in those countries. “Sometimes it’s customer data, but it’s also all the way down to source code and the like,” Singer stated.
He sounded similar notes of concern regarding deployment of Internet of Things technologies, saying there is little regulation to guide security, and that devices often lack security measures.
“When it comes to the IoT, we are replicating all the old mistakes that we made with the original internet,” Singer said. He also predicted that IoT attacks will ramp up pressure on cybersecurity professionals and “lead to much quicker calls for new lawsuits and new laws.”
“We have to reimagine risk and rethink trust” to address security challenges in the current environment, Singer said, and in that vein suggested that government look to address emerging risks instead of fixing on past risks.
He also urged government and industry to rethink their current processes both within organizations and in collaborative situations. “The way I set things up ten years ago for who does what and where may not be the best way moving forward,” he said.