In the recent past, our government has been concerned about Chinese hacking: The Washington Post reported that Chinese hackers had stolen information on more than two dozen U.S. weapons systems, to include the Patriot Missile system and the F35 Joint Strike fighter.
Today, it’s concerns about Russia and their possible hacking of the Democratic National Committee (DNC), and their alleged attempt to influence the U.S. presidential election, among other things.
Not only are hacks from nation states of concern, however. In the evolving world of cyber warfare, it’s not just governments that pose large threats. An NBC report quoted a “security analyst” (in their words) who said:
“…a single individual is very capable of waging cyber war at a level we previously attributed only to intelligence agencies or crime syndicates.”
Truer words have never been spoken. I.T. Wars made this point back in 2006, believe it or not. What we’re talking about here is asymmetrical threat: A single individual or small group vs. an entire country, for example. Consider this extract and treatment from the book’s last chapter:
Terror Attack: Today, possibilities of comprehensive national catastrophe (to any nation) are no longer in the realm of Science Fiction, or held in abeyance through MAD (Mutually Assured Destruction, as during the Cold War). We face extremely large harm from asymmetrical sources: Sources that are weaker than their opponents in conventional terms. They can’t compete through strength in numbers: neither by membership; number of conventional arms; or even in the numbers of their sympathizers. Their goals can be anathema to the vast majority.
But these asymmetric forces’ actions and objectives (that which they’ll do, in support of their desired outcomes, respectively) are as strong as they can possibly be. In fact, their objectives trump any concern for survival of any specific individual of their own. And, their objectives include the stated destruction of whole societies. We must realize too, that with these groups, an effective internal check-and-balance on unreasonable actions diminishes rapidly as the size of the considered group diminishes.
However, tremendous will – even infinite will – means nothing without some form of power. Today, power is moving closer – closing a divide – with this tremendous will of the relative few. Soon, if not now, weapons representing delivery of catastrophic harm will be available to the few – no matter how vile their agenda, no matter how onerous their task in procurement. Our argument here is not the specific “who” – that is not necessary in setting the awareness. For the present, we can emphasize a keen awareness that asymmetric attack forces are closing a divide: Until recently, the achievement of their objectives was denied because of the simple divide between their will to dispense widespread destruction, and their means to do it.
It is reasonable to assume that once closing a divide between will and means, a complete dedication to “business” will be paired with extraordinarily damaging “technology.” One group or another will “pull the trigger” once closing this divide, wreaking catastrophic harm – absent a plan to thwart these ambitions.
[Extract, I.T. WARS, Ch. 21 – What’s At Stake: Lessons of the Business-Technology Weave, Copyright 2006 BookSurge Publishing]
Hacking, and cyber warfare, by individuals certainly represents power and weaponry in the hands of the few.
Now, pair that extract with some of today’s realities: Hacking for sport, whereby a single individual takes down a company, or a bank, or a government agency’s ability to conduct its mission – perhaps for something as shallow as bragging rights. Also consider the Competitor Hack (CH), whereby a single individual, either rogue or with company sanction, decides to disable a competitor by hacking into their business systems and bringing them down.
Once again, I like to propose solutions, and can refer the reader to my treatment of Disaster Awareness, Preparedness, and Recovery (DAPR) – vs. standard Disaster Recovery (DR), as contained in the book.
It’s interesting to note that the general mainstream press and consciousness is catching up to warnings, concepts, and (hopefully) solutions that I debuted years ago, and again I refer interested readers to the concept of DAPR – it is a defined discipline whose time has come in achieving best cybersecurity in the face of hacks and asymmetric threats.