The Cyber Threat. Deconstructing the Problem to Promote Comprehensive Dialogue and Action
It is clear to most that the Internet, and related technology advancements, provides significant benefits for individuals, enterprises and governments. However, as global connectivity has grown, so has the cyber threat. This is why Microsoft, along with the ecosystem at large, works to combat the cyber threat and help protect our customers through a variety of mechanisms, including using security-focused development practices (the Security Development Lifecycle), sharing our understanding of the threat landscape through the Security Intelligence Report and working with partners throughout the industry to tackle specific threats like botnets
For more than two decades, people have struggled to understand the cyber threat, evaluate the risks to individuals and organizations, and craft appropriate responses. Although many organizations have invested significantly in information assurance, it appears to many people that neither governments nor industry are well-positioned to respond to this highly complicated threat.
That is why in a keynote today at the East West Institute Cybersecurity Summit, I will discuss the reasons why cyber attacks often confound those responsible for crafting responses and suggest a new framework for creating effective strategies for responding to potential cyber attacks.
Specifically, I outline six distinct factors that I believe make understanding and quantifying cyber threats a challenge:
- Actors: there are many. Malicious actors include individuals, organized crime groups, terrorist groups, and nation-states.
- Motives: there are many. These motives may relate to traditional areas of criminal activity, economic espionage, military espionage or cyber warfare.
- Attacks: they often look alike. Different actors may use similar techniques, such as DDoS attacks. This means the nature of an attack may not yield reliable clues about the identity of the attacker and/or his or her motives.
- Structure: it’s shared and integrated. The Internet is a shared integrated domain between consumers, businesses and governments, where it is not easy to segregate one group from another. It is also shared between those engaging in socially protected activities and cyber attackers, thus raising concerns about security responses (e.g., network monitoring for criminal activity may result in the monitoring of civilians engaged in lawful activities).
- Consequences: they are unpredictable. The potential consequences of a response targeted at one group could have a significant and destructive effect on the whole ecosystem.
- Impact: can be dire. Worst-case scenarios are scary because of society’s increased reliance on technology.