Cybersecurity is the Sputnik of Our Day

Simon Crosby is the chief technology officer and co-founder of Bromium.

From the U.S. election to the French and German elections, data from breached organizations, personal email and web apps is being used to sway the political debate—and to sow the seeds of an alternative narrative.  

The play: circulate “plausible” stories or allegations with scant evidence by taking advantage of a press whose business model has become reliant on clicks and sensational revelations. Gullible readers have no way to tell whether a story circulated by their friends is fact or fiction. Free distribution via social media let those seeking to manipulate public opinion do so with relative ease. Worse still, the ad-funded nature of social media gave authors of fake news a strong incentive to deliver highly inflammatory content that would be widely distributed, maximizing the authors’ revenue. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

It is perhaps worth pointing out Russia only played a part. Nonetheless, the Russian strategy worked brilliantly. From my point of view, the West can learn lessons from this unexpected direct manipulation of a pillar of the democratic system. By way of analogy, I consider these effects to be roughly equivalent to that of Sputnik in the Space Age and Cold War.                                                                                                                                                

Sputnik was the world’s first artificial satellite, launched by the Soviet Union in 1957. Sputnik itself did very little: It broadcast radio pulses that could be detected and observed by anyone, but the launch triggered a crisis of confidence in the West and in the U.S., in particular.

The resulting Space Race and subsequent Cold War ushered in profound political, military and technological advances and laid the foundation for many advantages we enjoy today. Sputnik was a shocking first volley from an adversary whose capabilities were quickly exceeded by a superior model for innovation. The Space Race was massively expensive for the Russians because the U.S. out-funded and out-innovated them at every turn.

A New Domain of International Conflict

Our society has pioneered all of the major advances of the Internet Era, and we have quickly snapped up every innovation without a thought as to the potential downsides that might result from its abuse. U.S. voters are horrified to discover the concept of freedom of expression enshrined in the Constitution could be so easily turned against them. 

The key strategic question for the West is how to respond to the “Sputnik of the Internet Era.” 

I see an opportunity to seize advantage by outmaneuvering our adversaries to quickly secure and protect our economy and our citizens in this new domain. Equally important: Bad cybersecurity imposes a significant drag on U.S. business and the economy as a whole. By contrast, making U.S. infrastructure resilient to cyberattacks would boost our competitiveness and ensure our economy and democratic society are best placed to succeed in the increasingly digital global economy.

The West is currently failing at cybersecurity—and will continue to fail—unless we make fundamental changes. Just as the Space Race laid the foundation for U.S. technological leadership, we need a cyber-race to spur innovation and ensure the digital world is a secure haven for western democratic society.

But there are substantial challenges to overcome:

• Our advancements are a vulnerability. The U.S. economy is bigger, more open and more digitized than those of Russia, China, North Korea and other cyber adversaries. That often makes the U.S. government, businesses and citizens more vulnerable than their counterparts in other countries. Asymmetry favors the attacker: We expose many easy targets to a few, highly skilled adversaries. Our ability to respond is limited by the smaller attack surface of our competitors, even though we have world-class offensive cyber capabilities.
• Innovation-created consequences. Embracing innovation and growth, U.S. companies took their businesses online as fast as tech and the internet would allow, but despite the advantages of new markets and economic growth, there is a downside. Much of today’s computing infrastructure is manually managed, but humans operating distributed IT systems just can’t keep pace. Users and admins are forgetful, don’t keep systems up to date and are easy to trick. Human defenders need to sleep. Computerized “bot” adversaries don’t.
• Legacy computing is holding us back. Our global business competitors are poised to leapfrog legacy U.S.-style computer-and-network infrastructure by adopting the latest tech (that we have even made freely available through open-source licenses). They have an opportunity to be more secure from the get-go (again. making it harder for the U.S. to gain an advantage) while continuing to blast holes in our leaky legacy installed base.
• There are no consequences. Attribution is imperfect, costly and easy to de-fang. Who know if it a state-sponsored adversary or a spotty-faced teenager out for the “lulz”? Nation-state adversaries are skilled at covering their tracks and spreading misinformation. Defenders bear the cost, and adversaries, unafraid of the consequences, shrug off “fake news.”
• The market will solve the problem badly. Facing a battle against skilled adversaries they will surely lose, U.S. enterprises will choose a sub-optimal way out—they will simply use insurance. Protecting shareholders from loss is rational, but the loss of critical intellectual property and personal information nonetheless renders the U.S. vulnerable to foreign adversaries. As U.S. enterprises are stripped of their competitive edge, we will suffer economic losses.

We need to update our infrastructure. Immediately.

There are many more reasons why we fail, but the core challenge is this: The technology upon which U.S. enterprises rely is old, leaky and in need of replacement. We urgently need to act, to build security into the computing infrastructure that powers our economy. I advocate for rapid adoption of cloud services, virtualization and software-defined network perimeters as a start, because they immediately shift the balance of power in our favor.