Cyber weapons development: Why it is problematic

The topic of cyber arms and cyber weapons has been gradually gaining popularity over the past couple of years. As many of you know, Technolytics Institute tracks cyber weapons categories and attack vectors and will be adding a forty-ninth item to its list shortly.

Over the past year, I have had organizations contact me about cyber weapons, including some venture capitalists looking to get me involved with their start-ups. My answer has always been, “No thank you,” for several obvious reasons and one fundamental one. It is no secret that cyber weapons have been under development for several years by the military, members of the intelligence community and clandestine operations in the private sector funded by the military or intelligence community. While I would not call the space crowded, there seems to be an adequate number in this space. On the opposite side of the fence, criminal organizations, terrorist groups and some educational institutions in rogue nation states also are in the race to create cyber arms and weapons. I have heard that even individuals have entered the marketplace seeking wealth. In some cases, the development is for their own use: revenge.

Cyber weapons exploit a vulnerability that can be in software, hardware or humans. The highest value vulnerabilities and exploit techniques are not publicly known as they have not been covered by researchers. Cyber weapons, unlike other traditional weapons, are not disclosed publicly. This is problematic for venture investing because the cyber weapons these startups seek to develop might already exist and like most cyber weapons are not discussed outside of the classified environment. How would the start-ups or their venture capital investors (other than intelligence firm In-Q-Tel and a few other specialty venture firms) ever know?