Cyber warfare is a growing segment of operations globally. One that, unlike conventional warfare, our country is under-staffed and unprepared to engage with enemies in.
While our current deterrents to conventional and nuclear engagements may be effective (if potentially catastrophic) they are not nearly as effective in cyberspace, because digital attacks take time to trace and often cannot by traced with any reasonable degree of certainty. This raises the question of how we determine if an attack is state-directed or perpetrated by non-state actors and if such a person were to attack the U.S. how do we retaliate against them?
It’s also worth noting how dependent we, as a nation, are on flawed software and hardware. The vast majority of our economy, information and infrastructure are potential vectors that could be exploited by attackers. However, some of our most potent threats in cyberspace lack this dependence on digital controls for these important aspects of their well-being. We could threaten North Korea or Iran with retaliation if they perpetrated such an attack, but they have much less that’s at risk regardless of if we are successful in such a retaliatory attack.
One thing that our government has improved on lately is treating digital threats to Americans in the same way a physical attack on American infrastructure would be. The government has been reluctant to formally accuse states like Russia, Iran, China and North Korea in the not-so-distant past but seem more willing to, following the Russian hack of the Democratic National Committee and the Department of Homeland Security’s formal accusation. Another is updating systems, which is necessary for securing our digital infrastructure from attack. The U.S. Navy paying Microsoft nearly $10 million to continue supporting Windows XP, rather than designing and implementing an upgrade plan for their service’s infrastructure was a waste of money when the systems would inevitably require a real update solution. The cost associated with timely updates of hardware and software will seem negligible versus the cost of having our security systems compromised by foreign (state-backed or non-state) or domestic actors.
Other nations with the means to have been and will continue to invest in cyber warfare and cyber security, the U.S. has yet to really decide if it will and it has already put our nation behind the curve on this front. The 2017 federal budget made strengthening our cyber warfare capabilities and fortifying our digital infrastructure seemingly higher up on the government’s “to-do” list than any time in the past with $19 billion being directed into the field. This is a roughly 35% increase over what was earmarked for cyber warfare and security in 2016 but, when viewed in context of the Department of Defense’s $582 billion budget it’s a paltry amount for a field we’re already viewed as incompetent in by the rest of the world. For the world leader in defense spending, lagging behind in the future of warfare seems unforgivable.
Featured Image courtesy of U.S. Air Force/Raymond McCoy.