Kevin Coleman is a senior fellow at the Technolytics Institute and former chief strategist at Netscape. (File)
Looking back a few short years ago and comparing the coverage of topics surrounding cyberwarfare, only one conclusion can be drawn: It has exploded!
There is a very good reason: The threat is there and growing. However, all the attention the major sources of cyber attacks and espionage is receiving may have distorted our views. That distortion could be extremely dangerous and very costly. If you really dive into what it would take to collect target intelligence, research and create a cyber weapon for that specific target, and attack and launch it, it is not that expensive. Most extremist and terrorist groups could easily fund such an effort. For that matter, many individuals could fund or raise the money necessary to carry out such an attack.
That fact is what has many cyber strategists and defense planners working overtime nowadays. I can recall several incidents where during the hours after an attack, the chief information security officer at the target exclaimed: “It kind of came out of nowhere and we were blindsided.”
Recently, cyber attack threat analysts have publicly warned what has become a common theme: It is not a matter of if, but when, as it relates to a successful cyber attack against the United States. Just consider the current cyber threatscape. There are hackers in organized crime entities — criminals, hacktivists, cyber terrorists and organizations within rogue nation-states — all pitted against our cyber defenders. How many critical U.S. systems are in use today that have one or more vulnerabilities that could be exploited by a cyber attacker? How many hackers are out there globally actively looking for zero-day vulnerabilities or are developing new malware? Now consider how many cyber defenders are guarding those critical U.S. systems. What do you think the attack to defender ratio is — 10-to-1, 100-to-1, 1,000-to-1 or more? No one knows the answer, but we are outnumbered to be sure.
I believe we have the best cyber defenders in the world, but with this growing ratio, it is not a matter of if, but when, cyber attackers will get the better of us in a big way.