English   Deutsch   Русский   中文    

Why the US Cyber Chief is wrong: It’s not a tide of Cyber Criminality – there will be no ebb tide

Mar 22, 2012 by Martin Kuppinger

Today I read an article about US investments in cyber security, with the US Department of Defense (DoD) budget requesting 3.4 billion US$ by itself. The US Cyber Chief, Army General Keith Alexander, commander of U.S. Cyber Command and director of the NSA (National Security Agency) is quoted as saying “Nation-state actors in cyberspace are riding a tide of criminality.

I believe he is wrong in one very important point: It is not about a tide, it is about a continuous rise. So it would have been better had he chosen the comparison to the (potential) long-term rise of the sea-level caused by global warming – with the important difference that the increasing cybersecurity challenge is not happening gradually over a period of dozens of years but more or less as a tsunami, almost immediately. We most likely will see some “decrease in increase” or, in other words, lower growth rates in cybercrime. But I don’t expect to see a decrease in absolute numbers within a foreseeable period of time.

And it is not only about nation-state actors in cyberspace, but about all actors in cyberspace which are causing that rise. States are affected because they are the target of other nation-state actors, but also of organizations like Anonymous or Lulz Sec, and for the classical attackers like script kiddies and other non-organized hackers. On the other hand, they are most likely not the target of that part of cybercrime which is related to organized crime. When looking at other organizations, they are more likely to become the target of all these types of attackers.

The good thing about quotes like the one mentioned is that they prove that at least some states (the U.S. probably more than many European countries) have understood the challenge they are facing. But to me it sounded somewhat too optimistic.

What we have to do is to act on this challenge, by systematically and strategically improving our IT security. That requires a holistic view on the topic. It requires a risk-based approach. We need to understand the risks and act according to these risks. We need to have plans if something happens anyway. It will cost a lot of money. But by doing it right, there is a huge potential for saving at least some of the money which otherwise is thrown out of the window with little or no impact on an improved IT security.

To learn more about Information Security, GRC, and the role IAM plays therein, visit EIC 2012, Munich, April 17th to 20th.

Google+

top
Author info

Martin Kuppinger
Founder and Principal Analyst
Profile | All posts
KuppingerCole Blog
By:
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Register now
Spotlight
Operational Technology / Industry 4.0
Industry 4.0 is the German government’s strategy to promote the computerization of the manufacturing industry. This strategy foresees that industrial production in the future will be based on highly flexible mass production processes that allow rich customization of products.
KuppingerCole Services
KuppingerCole offers clients a wide range of reports, consulting options and events enabling aimed at providing companies and organizations with a clear understanding of both technology and markets.
Links
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2015 KuppingerCole