The Changing Landscape of Cybersecurity
Through extensive research and technological development, the guidelines for trustworthy cybersecurity operations have evolved. Secure systems are becoming advanced, providing capabilities, functions, services, and operations to prevent a wide range of disruptions and other hazards. Simultaneously, hacking techniques and tools are progressing as well. And from all the breaches that keep occurring it is obvious that cyber offense is still one step ahead of the defense. Here are some key factors about the changing landscape of cybersecurity.
Most industrialized nations have experienced explosive growth in information technology. This technological advancement gives the world computing and communication tools that mankind could never foresee coming. As a result, the majority of the world’s population is becoming more and more dependent on using IT in their personal and professional lives.
Today, we are spending more on cybersecurity than ever before. At the same time, we are witnessing an increasing number of successful cyber attacks by nation states, terrorists, and hacktivists who are stealing our intellectual property, national secrets, and private data. Unless we make a radical change to the way we think about our own security and fight these attacks, they are going to have an increasingly debilitating and potentially disastrous effect on the U.S. economy and national security interests.
The problem is simple
We can sum up our fundamental cybersecurity problem in two words: “too complex.” There’s simply too much software, firmware, and hardware components that we rely on to run our critical infrastructure, business, and industrial systems. Increasing complexity translates to a bigger attack surface, providing adversaries a limitless opportunity to exploit vulnerabilities resulting from inherent weaknesses and deficiencies in the components of the underlying systems. While we are making significant improvements in our reactive security measures, including intrusion detection and response capabilities, those measures fail to address the fundamental weaknesses in system architecture and design. These weaknesses can only be addressed by a holistic approach based on sound systems security engineering techniques and security design principles. This holistic approach will make our systems more penetration-resistant and capable of limiting the damage from disruptions, hazards, and threats.
Today, the cybersecurity threats to our government, businesses, critical infrastructure, industrial base, and citizens are as severe as terrorism threats. Overcoming these threats will require a significant investment of resources and involvement of government, industry, and the academic community. It will take a concerted effort on a level we haven’t seen since President Kennedy dared us to do the impossible and put a man on the moon over a half century ago. We can do it again, but the clock is ticking and the time is short.
Creating more trustworthy, secure systems require a holistic view of the challenges, the application of concepts, principles, and best practices of science and engineering to solve those problems. The leadership has to be focused to do the right thing — even when such actions may not be popular. Only working together as a nation will we be able to decrease the number of successful cybersecurity attacks.