Speaking the same language on cyber threats
The absence of a common lexicon for the cyber threat environment is creating problems.
There is no doubt that cybersecurity, cyber warfare and cyber intelligence are all highly technical subject matter areas. And, given the huge negative effects that cyber events have on an organization, most decision makers in this area are not technical. An organization's management, along with the marketing, legal, corporate risk management departments, and others outside the technology department play critical roles in cyber incident management.
I was brought in as an adviser on a cyberattack that managed to breach the security defenses of a large organization. The attacker was able to exfiltrate several pieces of sensitive data about research and development efforts that had been underway for several years. The chief information security officer and the network operations director delivered a 30-minute briefing to the company’s senior executives and legal staff members that covered the malicious event.
Related coverage:
Cyberattacks increase in Middle East
After they completed their PowerPoint presentation and answered a couple of questions, they left the meeting. Just after the door closed behind them, one company executive looked at me and asked, “Would you care to interpret for us?” That seems to be happening a lot lately. I would be willing to bet that in most cases, there is no translation that allows the nontechnical business executives to understand the important factors that led to the compromise and the plans to make sure it does not happen again.
The problem doesn't stop there. Conversations between the technical staff are an issue by itself. At this time, universally accepted definitions do not exist in the cyber threat environment. The absence of a common lexicon for that environment is creating communications problems. When you examine this problem in the international law context, it becomes even larger. Those working on these complex investigations must examine the laws in the countries involved in the cyber event to understand their contextual framing of malicious activities in cyber space.
This problem does not stop there. Now, examine this in the context of cyber warfare. As malicious acts of cyber aggression grow at a virtually uncontrollably rate, military organizations and intelligence organizations and enforcement have been called on to mitigate the growing threat. Countries around the world are attempting to deal with the challenge and trying to define exactly what constitutes an act of cyber war. That's not an easy task. This is a blurry, gray area that requires international coordination.
This effort should be a lot more coordinated than it is. Consider the confusion that might ensue when a cyberattack hits multiple countries and one or two consider that an act of war, while the others don’t. That would be a very interesting scenario for a cyber working group. Numerous attempts have been made by military leaders and subject matter experts to raise the issues that surround cyber conflict to the level necessary to drive a coordinated effort focused on this and other topics; however, at this point not much has happened.
Almost everyone agrees that nations around the world need to have a good understanding of the cyber threat domain. There is a strong demand for a cyber situation report by governments and private businesses. This would be a recurring report that describes the status of a particular cyber event in context for those for whom it is prepared and also for the overall cyber threat environment.
This is perhaps the biggest driver behind establishing a common lexicon when it comes to acts of cyber aggression. Some are calling on the United Nations to create a lexicon for cyber conflict, while others say that it is the responsibility for each country. I believe the United Nations should own this problem and deal with it in the next six months. Yes, it is that important, and I am afraid our time is running out. With every tick of the clock, one or more cyberattacks are launched that have the potential to escalate requiring international coordination and cooperation. Let’s not wait until it is too late.
NEXT STORY: Where does DOD enterprise e-mail really stand?