Kevin Coleman is a senior fellow at SilverRhino and former chief strategist at Netscape.
The recently disclosed military budget cut is an indicator of how U.S. leadership sees the current threat environment. Particularly interesting is that the budget allocation for cyber was not impacted. While cyber is only a small percentage of the overall budget, the fact it was not cut should be viewed as an indicator of the current level of threat this relatively new domain of conflict poses worldwide.
While a fair portion of the budgeted dollars will go toward offensive and defensive measures, what is unclear is how much will be spent on cyber intelligence. While no globally accepted definition currently exists, when I teach I define cyber intelligence as the identification, detection, analysis, tracking and countermeasures definition for digital threats. This includes activities to determine who was behind the attack, as well as who initiated the attack – which are not always the same.
When people think of cyber intelligence, they immediately think of malware. Twenty percent of all malware that has ever existed was created in 2013. That equates to 30 million new strains of malicious code created that year, and an average of 82,000 new strains per day!
You can get a feeling for the work and costs involved in just identifying and analyzing all that malicious code. Stop for a moment and think of the effort needed to track back and identify the source of the malware, who created it, who funded it and add that to the identification and analysis metrics above you get a general feel for the magnitude of effort to just remain current when it comes to cyber Intelligence. That is just to keep our heads above water.
Now think about getting ahead of the curve and developing proactive cyber intelligence rather than all the reactive work that goes on. You must factor in the pace of technological advancement, adoption and use globally. Consider the systems and human resources required to envision, identify, detect, analyze and plan for the efforts of numerous governments, military organizations, terrorists, activists, individuals and criminals that are in the planning stages of developing new strains of malicious code and launching cyberattacks. Another critical consideration that must be factored in is the reality that the infrastructure required to develop a new cyber weapon is extremely miniscule and that greatly diminishes much of the intelligence infrastructure that nations have spent decades and billions of dollars to put in place. Now that is a challenge!