NSI News

Awareness must come before cyber security solutions

In themselves, computers are harmless. But with certain brains behind them, they become a devastatingly powerful tool for theft and destruction.

The media and government officials are certainly paying attention to the issue with increasing frequency, especially after the recent Google hack, and previous noteworthy exploits in 2009 that included the penetration of classified US military networks and the massive GhostNet operation against foreign embassies and other targets. In contrast to the much-hyped threat of “cyber terrorism,” the most virulent and persistent threats coming across the internet are specifically designed by malicious operatives to be unobservable and exploitative. A 60 Minutes piece that aired late last year puts this in excellent perspective.

Unfortunately cyber terrorism and information operations are regularly conflated and confused in the public discourse. Cyber terrorism is a violent act carried out over IT networks by an individual, organization or state designed in function of a specific ideology with the goal to generate fear, discord and confusion in society. As such, only the Estonian Internet take-down of 2007 comes close to qualifying. Information Operations (IO), on the other hand, are an offensive, surreptitious and targeted effort using information and communication technologies by malicious actors to obtain material or information gain. In contrast to the rare phenomenon of cyberterrorism, IO happens 24/7 against every public and private sector target imaginable.

The reason such information operations are so persistent is that the malicious operatives behind these exploits have the initiative as they chase after vulnerable and lucrative targets. They have forced the cybersecurity industry into a reactive state, chasing threats with technology solutions that only deal with known and discovered-after-the-fact malware. The only way to reverse this evolutionary cycle is for industry and government to adopt a proactive defense and creative offense that are based on awareness of the threat actors themselves and not just their technologies of exploitation. We need to understand who is behind particular Information Operations? What are their motivations? When – in real time – are they operating? Where are their base of operations? Why do they select particular targets? And how do they collaborate as “communities of practice?”

It is time that we too build communities of practice that understand cyber threats holistically and not just as a function of complex technology. But the problem is that the IT world is the home of a technical elite who speak a language that few can really understand and conceptualize.We need to expand this world and move to build a common language and understanding among non-specialists regarding cyber threats and the people and technologies behind them. As a first step, let’s start creating a culture of awareness where the faces of cyber operatives become as well-known as fugitives on “Americas Most Wanted” and their secretive operations publicized by investigative journalists in television, print and electronic media. It’s time to start telling real stories about real threats.


For more information, please contact Heather Sabharwal at hsabharwal@kglobal.com or 202-349-7016.