“We are in the fight of our digital lives, and we are not winning.”
These were the words of The Honourable Michael McCaul, House Homeland Security Committee, speaking at RSA Conference 2017 in San Francisco today.
In his session ‘The War in Cyberspace: Why We Are Losing – and How to Fight Back’ McCaul warned that our cyber rivals are overtaking our defenses.
“Nation states are using cyber tools to steal our country’s secret and copy our intellectual property,” he added, “faceless hackers are snatching our financial data and locking down our healthcare information; terrorists are abusing encryption and social media to crowdsource the murder of innocent people. Web-based warfare is becoming incredibly personal.”
What’s more, McCaul continued, the threat is worse than just espionage—our democracy itself is also at risk, made clear by Russian hackers causing discord ahead of last year’s presidential election. “Cyber intrusions have the potential to jeopardize the very fabric of our republic.”
So why aren’t we winning the cyber battle? McCaul pointed to five key factors that are leaving the security industry in the wake of the attackers:
1. The issue of volume — the digital frontier is like the Wild West, with more cyber outlaws than cyber sheriffs.
2. High speed of high-tech gives cyber-criminals an advantage — history shows us that offensive weapons always outpace defenses.
3. Serious information sharing challenges — we have the cyber threat data, but sharing is still far too weak, we do not connect the dots and share information well enough.
4. Deterrence is difficult — if no consequences for bad behavior, then bad behavior will continue. In the cyber world we have to show that there will be consequences.
5. We face a paradox between national security and digital security — never more obvious than with the terror threat, with recruiting taking place over the internet and propaganda forced on a worldwide scale.
“We need to find a way to keep our country safe, whilst also keeping our data secure—but we’re still not there yet,” McCaul said.
So how do we get there? For McCaul, this starts with the right mindset: “In 1940 British Prime Minister responded to the Nazi invasion of Europe with a rousing speech in the House of Commons. He vowed that the British would fight on the sea, on the beaches, on the landing zones and in the streets—but never surrender. I don’t think we need a bunker mentality, but we do need to acknowledge that we are under siege.”
Another key element of turning the tide and starting to win the cyber war is fixing information sharing weaknesses. “More companies need to step up to the plate and start sharing data with each other,” he argued.
What’s more, we need a talented cyber workforce on the frontlines. “We are losing top cyber talent because morale is bad on the inside and money is better on the outside.”
Last, McCaul said that we need to be prepared for what lies ahead, and be ready for the era of quantum computing, and ensure we have the right cyber defenses in place for when it comes.
“Looking back on 2016, it was a watershed year for cyber space, and for many of the wrong reasons,” he concluded. “However, I think it made us all more realistic about the danger we face and clearer about what needs to be done. While the cyber threat landscape is bleak, we cannot let it outweigh what we already do know—we have the world’s greatest minds working to defend our networks.”