When it comes to cyber threats, the United States has been “thinking and looking in the wrong direction,” according to one expert at the recent Cambridge Cyber Summit. ThreatPost reports:
The nature of cyberattacks is changing and increasingly leveraging social media as they take aim at new targets. That’s the consensus of cybersecurity experts discussing the evolving nature of threats from nation states to hackers for hire.
That’s not to say ransomware isn’t going anywhere or that attacks on critical infrastructure are less of a threat today. Those threats are real and growing. But, panelists at the The Cambridge Cyber Summit, say an emerging new threat landscape is beginning to take shape.
“We think of the recent U.S. election hacks as a cyber Pearl Harbor. But, what happened there? We were thinking and looking in the wrong direction,†said John Carlin, chairman of the Cybersecurity and Technology Program at The Aspen Institute and former assistant attorney general for National Security at the U.S. Department of Justice.
[…]
New to the threat landscape experts said are not just breaches, ransomware and IP theft, but a threat to a way of life. The prime example, Carlin and others gave, is the use of social media to attempt to influence votes or drive division within a nation via Twitter and targeted Facebook advertising campaigns.
“We’ve been missing all the early warnings. More specifically threat actors acting on the behalf of nation states using technology in ways we wouldn’t have anticipated,†said Monika Bicker, head of global policy management for Facebook.
Of course, I tend to agree that we have been distracted. In particular, we have been distracted by fantasies of cyber doom instead of focusing on the more mundane cyber threats we face on a daily basis.
I do have some quibbles with the ideas expressed in the quote above, however. First, it is not necessarily the case that the threats are changing. “Looking in the wrong direction” implies that the threats were already there, but we missed them because we were distracted.
So, second, by what were we distracted? The kinds of cyber doom fantasies often expressed by analogies like the “cyber Pearl Harbor.” Most often, this analogy is used to warn of potential catastrophic cyber attack on critical infrastructure. This fear has been a fixation of cyber security experts for at least 25 years. It still hasn’t happened. But the analogy won’t die, even though many experts now acknowledge that it is no longer apt, if it ever was. One way that the this zombie analogy keeps going is by applying it to new cyber threats that in no way approximate the kinds of impacts typically contemplated in its use. Describing use of social media to spread fake news as “cyber Pearl Harbor” would a classic example. Sure, what we saw during the election was bad. But it was not the kind of “cyber attack” usually designated by “cyber Pearl Harbor,” the kind of attack that was precisely what had us “thinking and looking in the wrong direction.”
So yes, we’ve been distracted. Let’s not continue to be distracted by turning the cyber events around the 2016 election into something they were not.
