When Dickie George of the National Security Agency says, "This is life and death and about our freedom and our way of life," he’s not talking about the Soviet Union firing nuclear missiles at the U.S. or infiltrating our government with spies bent on subversion. He’s talking about cyber criminals hacking into personal, business or government computers, stealing information, intellectual property and/or money.
George is the Information Assurance Technical Director at the NSA and compared the threats of the current cyber cold war to the Cold War between the U.S. and Soviet Union in a webcast Wednesday hosted by RSA Conference, the network security industry convention held twice annually in the U.S. and Europe, which I cover for news about Microsoft. I found the parallels interesting and provocative.
George says fighting today’s cyber cold war depends on building the best security into computer technology, continuous monitoring of networks for threats, and the adoption of security that is transparent to the end user. "When we do this we can make the nation a much harder target," he said.
The "threat adversary model" between today’s cyber war and the Cold War that raged from the end of World War II until the collapse of the Soviet Union in 1991 share six common characteristics, George said: Capabilties; resources; intent; motivation; access; and risk aversion.
Capabilities and resources of the Cold War included the armies of each country, their nuclear stockpiles and spy networks. The intent and motivation concern each country’s efforts to beat each other to the moon or to gather intelligence on the other. Access refers to the ability to obtain the technology to build spaceships or nuclear weapons, or the opportunity to plant spies. And risk aversion refers to each country’s reluctance to actually wage a nuclear war based on the concept of mutually-assured destruction.
In the cyber cold war, the capabilities and resources of our adversaries refers to the ability of hackers to control thousands of computers to launch attacks or share code that allows them to infiltrate systems. Intent and motivation cover efforts to steal intellectual property from businesses, secrets from governments and money from everybody. Access speaks to the ability of cyber criminals to leverage the interconnectedness of the Internet for their efforts and risk aversion is, well, pretty much nonexistent.
"Back then, if the Soviets fired a missile you knew it was the government and could tell where it was fired from," George said. "Today, it’s bits and you don’t see them coming through the air."
While one country may be able to determine if a nation-state orchestrated a cyber attack, it’s still difficult to definitely attribute it to a source. And besides, it’s not just nations that launch attacks but criminal hackers, terrorists or organized crime. The attack vector also has widened from the Cold War days, he said, with individuals, government agencies and corporations being targeted. And like building missile defense systems or bomb shelters, as was done in the 1950’s, the key to defending against today’s cyber cold war threat is to "make ourselves harder targets."
"The cyber security professionals that we are creating today have to make security invisible to the end user," George said. "They have to make it inherent in the out-of-the-box product that you buy and the only way to do that is for us all to work together, industry, government and academia. We need to be partnering on this."