Cyber Defense Review

In Cyber, Time is of the Essence

By Dr. Jan Kallberg | January 28, 2016

Cyber is becoming increasing driven by automated process while humans are still operating at human speed. In my view, one of the major weaknesses in larger-scale cyber defense planning is the perception there is time to lead a cyber defense during attack. It is likely that a major attack is automated and premeditated. If it is automated, the systems will execute the attacks at computational speed. In that case no political or military leadership would be able to lead an effective defense for one simple reason – it has already happened before they react.

A premeditated attack is planned maybe years in advance, and if automated, the execution of a massive number of exploits will be limited to minutes. Therefore, future cyber defense would rely on components of artificial intelligence that can assess, act, and mitigate at computational speed. Naturally, this is a development that does not happen overnight.

In an environment where the actual digital interchange occur at computational speed, the only thing the government can do is to prepare, give guidelines, set rules of engagement, disseminate knowledge to ensure a cyber resilient society, and let the coders prepare the systems to survive in a degraded environment.

Another important factor is how these cyber defense measures can be reversed engineered and how visible they are in a pre-conflict probing wave of cyber-attacks. If the preset cyber defense measures can be “measured up” early in a probing phase of a cyber conflict it is likely  the defense measures can through reverse engineering become force multipliers for the future attacks – instead of bulwarks against the attacks. So we enter the land of “damned if you do-damned if you don’t” because if we pre-stage the conflict with artificial intelligence supported decision systems that lead the cyber defense at computational speed, we are also vulnerable to reverse engineering and the artificial intelligence becomes tangible stupidity.

We are in the early dawn of cyber conflicts, we can see the silhouettes of what is coming, but one thing becomes very clear – the time factor. Politicians and military leadership will have no factual impact on the actual events in real time with conflicts occurring at computational speed, so focus must be at the front end. The leadership is likely to have the highest impact by addressing what has to be done pre-conflict to ensure resilience and ability to operate in a degraded environment when under attack.