Saturday, December 07, 2013

Red Sky Weekly (12/7/13): Are we entering a Cyber Arms Race?

It's been a crazy busy week. We processed three new Red Sky membership requests this week, updated a fusion report originally published in May, and posted three new pieces of analysis. On top of that, the Lab inked a deal to handle Cyber Threat Analysis and Intelligence for one of the major ISACs. My week wrapped last night with a Christmas party in DC. I'll take today for a breather, then back at it tomorrow.

One of the things that struck me at the party last night, sitting at a table with a bunch of folks like me, who either do work for the government or have worked for the government were two themes that came up over the really nice salmon -one spoken, and one not.

The spoken? "The (cyber) arms race"

The unspoken? "Disintermidiation"

The "arms race" discussion was not the long-term topic of the evening, but definitely one that stuck with me. The idea is that every country in the world today seems to be running hard to build, at minimum, defensive cyber capabilities. Many are also building offensive capabilities --either organic or outsourced. Regardless, the race is on. Red Sky analysts are tracking the growth of these capabilities for our membership. We have a feeling it's going to become important very soon.

Disintermediation? This is one of my favorite words. I first heard this word in a cyber context when Dave Aucsmith took the stage at the AFCEA conference in Colorado last spring. Disintermediation is an economic term that describes 'cutting out the middleman' in a supply chain. In a cyber context, the idea was that in the era of cyber, attackers will attack victims without the assistance of a military, essentially cutting out the middleman. An October Gartner report offered an assumption that "By 2020 25% of global enterprises will engage the services of a "cyberwar mercenary" organization." (Source: How to Select a Security Threat Intelligence Service, 16 October 2013, Rob McMillan, Kelly M. Kavanagh)

So I think a lot about these two ideas (forces?)... an arms race, plus cyber disintermediation. Wow. Imagine the future. Indicators are aligning and I'm not sure any of us are going to like it:

  • Red Sky is busy, as are apparently other threat intelligence organizations. Companies are beginning to understand that intelligence is important stuff. 
  • Several companies have sprung up in the last couple of years who chase 0-days, touting offensive capabilities. 
  • There are countries in the world that seem to not mind being viewed as the location of choice for launching points of these capabilities. Motivations to do so are economic, political, activist, or any number of other reasons.
  • Many countries around the world are posturing for offensive cyber operations, and I believe the number of countries staging these capabilities will grow significantly over the next few years.
  • At the same time, the labor pool is short, meaning outsourcing will become mainstream in the future, potentially laying credence to McMillan's assumption. 
Here's my concern, and one we talked a lot about last night... my concern is that outside of those who've worked with the government over the last few years know why they have cyber pain today. Those who have not, don't. I've heard those in-the-know referred to as the "one percenters" and those not in-the-know as the "99 percenters".  Beyond the one percenters, the messaging doesn't seem to resonate outside of the Washington circles. This is important stuff... not one person connected to the internet by cell, computer, pad, wristwatch, appliance, or what's being called the "Internet of Everything" will be able to sit out the storms that are coming. The ability to reek havoc has outpaced the ability to defend against it and it's only going to get worse as we move through the stratas of criminal, to espionage, to planned and unplanned offensive cyber.

Interestingly enough, cyber is still viewed by many as a weapon in and of itself.. cyber is only a means of carrying out something more. It's cheaper (and carries a hell of a lot less risk) to hack a computer than it is implant humans to steal information or sabotage. Information is pouring onto the the Internet in massive buckets from devices you've probably never thought about before, but those information poured onto the internet by nearly any of these devices offer a smart analyst real information.. or a smart operator a real opportunity.  

So, 
  • People in DC are talking about the idea of a 'cyber arms race'. So whether it's real today or not, because people are talking about it over dinner in DC means it's probably coming.
  • The world is becoming even more wired through "Internet of Everything". Are you going to be ready when the coffee pot in your office break room is used to listen in on conversations or become an attack relay into other machines in your company?
  • Analysts are assuming cyber mercenaries in the very near future. Just like the DC comments, it's in writing. For me, this is the second indicator that people are talking about it... and for every comment, the likelihood of it becoming true grows.
  • And, the unspoken, disintermediation, in a cyber context is very real. 
Yes, we are in an arms race. And yes, the landscape and rules of engagement of warfare in the future are going to change significantly. 

Wow. That was a real buzz kill. 

So what are companies doing about it? Threat Intelligence is one of the hottest topics in cyber today. Knowing, or at least having an idea of what's coming allows the smart, informed CISO to make good risk-based decisions about what to fix today, tomorrow, and at least have a plan for next year and the year after that. These roadmaps will likely change. They always do, but the idea is this.. talk with others. Compare notes. Make an informed decision about where all of this is going, and base, your long term strategy on good data, not noise.

That's where Red Sky Alliance comes in. Tactical intelligence is published routinely.. a couple of times every week. They come in the form of Priority Intelligence Reports and Fusion Reports. Strategic information comes in the form of Intelligence Analysis Reporting and GEOPOL studies of the world's offensive growth curve. 

Not comfortable participating in the portal? Call the lab. We'll do it for you. 

Drop us a note. We'll be happy to show you what we do.

Until next time,
Have a great week!
Jeff