This article first appeared here.
In December 2015 I predicted that in ’16 we’d see a major cyber attack against the US on our soil perpetrated by an enemy of the state. With the Russians interfering with our most prized democratic possession, the presidential election, I unfortunately nailed this prediction. As we begin ’17, I believe we’ll see far more cyber warfare activity. Similar to the “War on Terror” declared by President Bush shortly after the September 11th attacks in 2001, we’re now ushering in the era of Global Cyber War. Just as the War on Terror continues to be waged with no end in sight, I’d expect this Global Cyber War to continue for years to come.
Russian hackers have proven the US is vulnerable, with likely more alleged and even acknowledged infiltration to come. Other natural enemies will re-double efforts, emboldened by Russia’s success. The US will be provoked to publicly respond, which is why I’ve predicted in ’17 the US’ offensive cyber warfare activities will hit mainstream attention for the first time. The Global Cyber War will be a very different war than we’re accustomed to with far reaching implications. The challenges we face are immense:
The Challenges to Fighting the Global Cyber War:
- Multiple Adversaries. Unlike conventional wars, where enemies tend to be fought one at a time, or terrorism, where smaller, organized groups aim to wreak havoc on specific foes, cyber war is multi-faceted. From the viewpoint of the US, we’re being probed, surveilled, infiltrated and attacked at all times by a range of actors including enemy states, terrorist groups, hacktivists and even countries with whom we have normalized relations (although these players are less likely to be in attack mode).
- Mission is Never Accomplished. In cyber wars, you’ll never be able to hang a banner and declare victory, nor will your adversaries sign a peace treaty. These wars are fought quietly, usually with both sides denying their malicious activities, until and if one side opts to claim a victory. In short, cyber wars never end.
- Many Motives. While conventional wars are typically fought over land or control of resources, cyber wars have many modes and goals. The modes include surveillance – spying on your adversary to understand and predict their behaviors; probing – understanding where weak spots exist for use later in the case of aggression; infiltration – accessing sensitive information with the goal of extraction for use as part of future attacks or for commercial gains; and attacks. Possible goals of cyber war include pecuniary gains, disruption of the lives and institutions of enemies, and, in the future, cyber wars are likely to be waged to induce widespread panic and death.
- Difficult to Defend. While terrorism has taught that borders, air and train travel, and local terror cells need to be monitored vigilantly, in cyber war, the surface area vulnerable to attack continues to grow as digitization and connectivity increase. Both civilians and governmental agencies are at risk. Everything from our mobile phones to our financial systems and networks to our transportation fabric to our energy and power systems are fair game. The proliferation of connected devices continues to expand opportunities for cyber adversaries.
- Where Does One Turn for Help? Presently, there’s not a federal agency openly waging cyber war, protecting citizens and girding institutions against its consequences. Certainly the NSA and other defense agencies are executing on both defensive and offensive cyber strategies, but these are designed to be clandestine, out of the public eye. People and companies have been left to generally fend for themselves against cyber criminals, but the game is changing as adversaries strengthen. While the office of the of the president has appointed a commission which has released its initial findings, the department of homeland security has brought together civilian experts and DHS folks to collaborate on response readiness, as has congress, we’ll need more coordinated action in the future.
Next Steps in the Game:
- Disclosure. Just as DHS has established a color coded risk level scheme in the War on Terror, so to must the federal government fashion a disclosure system in the Global Cyber War to help individuals and companies better predict danger levels, recognize threat types and anticipate severe risks. I’m hoping our new administration will continue on with a Federal Chief Information Security Officer (CISO) who issues recommended actions for people and companies, especially when attacks appear imminent.
- Prioritization. A formal establishment of priorities needs to be proclaimed and adhered to as our federal government wages cyber war. It would seem that citizens’ lives should be of paramount importance, but what about democratic institutions? Critical infrastructure? Financial centers? Hospitals? What gets more focus and attention when risks are greatest or remediation is necessary? I’d vote that critical infrastructure, for example equipment running power plants, grids, water and transportation systems, be given very high priority given the potential damage and societal panic a high profile attack may induce.
- Global frameworks. Mike Maples recently tweeted regarding the need for a cyber version of the Monroe Doctrine. He’s right on. The US needs to take more of a leadership role with our allies, establishing cyber rules of engagement and enforcement mechanisms to help ensure adherence. Just as the War on Terror has forced collaboration among many otherwise reluctant countries, so to must the US push for similar alliances to staunch the grave cyber risks we face.
The myriad venture backed startups in the cyber security world have a role to play as well. The government will be limited in its ability to protect, and smart good guys need to build products to counter the strategies of smart bad guys. There remain good opportunities for entrepreneurs to build products and services to help individuals and companies stay prepared and equipped to manage the risks of the Global Cyber War. At GGV, we’ve been investing in cyber security for over a decade (see below for a list of our current active cybersecurity portfolio companies), and we continue to actively invest in cybersecurity because we know the threat is real and startups will play a key role in the future.
The risk has never been greater; we need the best and brightest to found and build companies to help in the Global Cyber War.
GGV’s Cybersecurity portfolio includes:
- Nozomi Networks is focused on protecting critical infrastructure such as utilities, oil & gas and manufacturing facilities from cyber threats;
- Synack is helping government agencies and large companies identify and remedy vulnerabilities before they’re exploited by adversaries;
- AlienVault is providing mid-market and large companies with threat detection and management;
- BitSight is providing independent security ratings on businesses of all sizes;
- Hashicorp, the company behind Vault, is the leading secrets manager for both DevOps teams to protect their development and production infrastructure and security teams to centralize secrets management.