With the indictments by Special Counsel Mueller against 13 Russians and 3 companies for criminal interference in the United States, it is timely to point to something I wrote in 2012:
Is a Communist or Totalitarian System Preferable in the Internet Age?
Back then, I was questioning whether anyone in government – and society writ large – was seeing how the openness and connectivity of the Internet was becoming a strategic vulnerability to democracy. That hackers, with ties to Russia and the former Eastern Bloc, were destabilizing the international equilibrium. Seeing the assertive action of the US Department of Justice in bringing these indictments on Friday, I am happy to answer my own question back then with this answer today:
The Democratic institutions of America have joined the fight!
Yet, it is not enough to applaud the awakening of government institutions to the asymmetric and pernicious threats coming from the forces engaged in hijacking the goodness of the Internet. These bad actors can continue to leverage asymmetric tactics, and by being nimble our adversaries can maintain their strategic advantage. This was my very point in 2012: Our adversaries have learned that the Internet naturally favors those who crowdsource!
A Straight Line: A. Avoiding a Reverse Soviet Collapse —> B. Community Cyber
What was observed back in 2012 bears repeating: “We all need exquisite security in the modern Internet Era, but few can afford it.” Another 2012 piece offered: “The approach the Nation takes in response to this critical threat landscape must start with internal resilience. Situational awareness must be improved at local levels so that the cyber-hygiene level rises …”
Enter Community Cyber!
The counter-strategy to fight our adversaries must center on combating what they are weaponizing: Internet asymmetry and openness. The method for achieving a new strategy must include crowdsourcing. The fight against cyber threats, in the Internet Age, is no longer government’s alone. We’re all in this together. Therefore, the role of government in this is to help mobilize society into the formation of cyber resilience centers.
Improving cyber resilience also cannot be solely government funded centers. That was the other point in the 2012 article: that the Soviets couldn’t compete with market forces. Today, criminal elements are aggressively monetizing their illegal efforts through black markets, money laundering, and other fraudulent – though profitable! – enterprises. Fighting a profit center with a cost center is destined to fail. Hence, a new strategy must also bring market forces into the fight.
To achieve this strategy, the citizenry must first come to understand their presence on the front lines. Second, the citizenry must further understand that they have a role in the fight. To develop appreciation of this paradigm shift, a movement is needed. Public service announcements must take up the message, and the media – including modern media like social media platforms – must also help change the national consciousness. And the soundbite for this effort, one which captures the notion that localities must take responsibility for improving their community’s resilience is “Community Cyber”.
The Awakening that’s Afoot
There is more good news beyond just the indictments. All “Five Eyes” countries, in the last few days, have now attributed to Russia the aggressive NotPetya malware attack of last year. This joint effort appears to signal resolve to confront Russia for its destabilizing attacks through cyberspace.
These are government efforts. At state levels in the US, information sharing mechanisms and institutions are also being established. And, information sharing is occurring at private levels, including formation of information sharing communities – being formed as information sharing and analysis organizations (ISAO). The ISAO effort follows on the well-established, and government-promoted sector model – information sharing and analysis centers (ISAC). Thus, efforts and organizations exist, whereby government efforts to aid the further institutionalizing of these efforts into crowdsourcing components of national strategy looks like an attainable and necessary objective.
Good Start, But What’s Next?
For the national security establishment, The What and The Why about the risks posed by Internet-based threats has been acknowledged. A new approach by government appears to be underway. However, it is not yet evident that government appreciates the need to incorporate crowdsourcing in the fight, so The How in this new approach is not yet apparent. And, The When is pivotal for all of us: when does the national security establishment recognize that funding a resilience build in every community is not affordable, and that a market-based, locality-centric model is the only way we can win this fight?
Most importantly, The Who must be solved. It is We! It is both that the government must involve the private sector in this counter-threat strategy; and, the citizenry must be active in Community Cyber.
Top-down, and bottom-up must come together in a public-private mash-up.
By: Doug DePeppe, Founder
Cyber Resilience Institute
On: February 17, 2018