The Department of Defense released the 2018 Cyber Security Strategy Summary on Wednesday, September 19 (http://bit.ly/2OCPH3a). This is the latest update to DOD cyber security strategy since 2015, though the DHS updated its cyber strategy in May 2018. While much of the language in the updated strategy is similar to the 2015 report (i.e. collaborating with domestic and international parties to promote safe cyber conduct, being prepared for cyber attacks, etc.), there has been a shift towards proactively defending the United States on all fronts, both public and private through “active defense”.
The newly-released cyber security strategy has a strong focus on aggressive cyber actors such as China and Russia who have recently threatened the United States with election meddling as well as attacks on national defense and infrastructure. The updated strategy also lists US military and their capability to fight in the cyber realm as the first priority, and the second priority being to defend against infrastructure attacks in order to prevent “major incidents.”
However, since 2015 threats have been evolving at a break-neck pace. Since 2015 there has been a large shift away from .exe file-based attacks and a movement towards malware and fileless attacks. According to the Ponemon Institute, up to 3/4 of all attacks are now malware based as malware can hide in the background for long periods of time going completely unnoticed, all while extracting valuable information.
Also, as the world increasingly closes the once-dividing gap in technology, many state and even non-state actors are now able to operate at similar levels of sophistication to those of major States such as the U.S. The cyber threat is further exacerbated by an increase in the connectivity of technology (Internet of Things) and a resulting increased number of opportunities for hacks. The U.S. can no longer have an “if” stance, but a “when” stance, as seen in this week’s released strategy. Instead of “[planning] to use [cyber options]” the United States must take a proactive stance as outlined in the 2018 strategy and “defend forward.”
The 2015 strategy to “be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence” has now turned into the mission to become a “more lethal force.” The U.S. needs quicker innovation and the ability to develop faster than our adversaries. This will, among other things, require making employees “cyber fluent” and making cyber security a priority across all levels.
One question raised by the updated strategy if the money put forth will actually make the United States more prepared. Is there a dollar-for-dollar increment that we will see in the security of the nation? It is hard to know. While the FY Reported budget landed at $8.497 Billion, up $340 Million from FY 2018, the costs for proper defense against cyber attacks are also on the rise. This is an issue that many companies face as they struggle to grow and remain cyber secure. One thing is for sure—the United States cannot afford stand defenseless in this cyber Wild Wild West.
This is why Praescient Analytics wholeheartedly believes in our cyber-fluent workforce. Our analysts pride themselves on their knowledge of current and emerging cyber threats and mitigation strategies. Praescient Analytics stands ready to serve the United States as we adapt a forward leaning cyber defense posture.
Praescient Analytics’ Cyber initiatives: http://praescientanalytics.com/solutions/#security