Security Experts:

Creative Disruption and Complacency Vie to Shape US Cyber Defenses

Creative disruption, where a paradigm shift in thinking replaces an existing order, may be an elusive concept but its power as a driving force of human behavior cannot be denied.

In Silicon Valley and other U.S. high-tech hubs, the race to obsolete the old and make room for the next ‘new big thing’ is a near-messianic rallying cry that fuels innovation, aggressive business practices and occasionally, even massive fortunes.

Category disrupters Amazon and Apple come easily to mind. Offering massive inventories coupled with powerful order processing and logistics systems, Amazon has radically disrupted the worldwide book publishing, marketing and distribution industries.

Cybersecurity Information Sharing Act 12-3

The release of Apple’s game-changing iPhone created a new computing category that overnight rewrote the mobile digital experience. Today, smartphones and innovative new apps proliferate, disrupting existing business models of professional recruiting, mapmaking, taxi dispatch, and many others.

Creative disruption knows few limits. Militarily, the paradigm-changing decision to deploy the intercontinental ballistic missile in the 1970’s disrupted and then replaced the country’s nuclear-armed B-52 bomber force as well as the Strategic Air Command. The ICBM decision firmly established the balance of power between the U.S. and Russia in the Cold War and ultimately ensured the future of the Free World.

New Threats Mean New Defensive Paradigms

Global terrorism and in particular the diversity, number and sophistication of cyber threats facing America today represent changing paradigms. Existing U.S. Cold War-era national defenses, although still playing a role in defense, are out of place and ill-suited to the digitally-driven destructive capabilities of cyberwarfare technology. Cyberattacks require no aircraft or missile delivery mechanisms, merely computer networks and vulnerable websites, both of which are in plentiful supply.

Triumphing over such evolving threats involves new strategies. In a Financial Times column addressing the need for disruptive innovation, columnist John Kay offered the comment from Henry Ford that had he [Ford] consulted his customers about their transportation desires they would have asked for a faster horse.

The message from Henry Ford’s observation is as clear today as it is relevant: securing America’s national security in the digital era cannot be achieved through focus on building a faster ICBM or upgrading early warning capabilities. In today’s world it is disrupt or be disrupted.

Battlefield of the Future

The authors of the recently updated 9/11 Report state it this way: “A growing chorus of senior national security officials describes the cyber domain as the battlefield of the future.”  No wonder then that U.S. intelligence agencies have designated cyberterrorism as the number one threat to America’s national security.

Private, commercial and national defense websites are breached regularly and by attacks of increasing sophistication. Legislation to upgrade the cybersecurity practices of power generation facilities has thrice been introduced in Congress and thrice defeated. Bills to harden our power grid against electromagnetic pulse (EMP) attack languish in the House of Representatives, seemingly lacking a sense of urgency.

Lack of electrical power can be more than catastrophic, it is fatal. A recent Wall Street Journal article on the risks of extended power outage resulting from an EMP attack quoted a Congressional Commission study which concluded that “after twelve months of power outage, ninety percent of the U.S. population would be dead from starvation, disease, and societal disruption.”

The U.S. Cyber Command is responsible for defending Department of Defense systems and the Department of Homeland Security is responsible for defending civilian government agencies in any cyberattack. But that leaves a massive “cyber gap” in protecting business networks, including financial systems and the electric grid.

A salient question is how many compelling reasons need to exist to inject a sense of urgency into the debates on protecting America’s security and critical national infrastructure?  In such discussions, one can hope that a realistic view of today’s global threat environment will result in disruptive thinking dominating the discourse, rather than that of incrementalism. 

For disruptive thinking to triumph, however, a powerful counterforce identified by the authors of the updated 9/11 Report must first be dealt with: complacency.  Lack of imagination or weakness of will only deters the resolve necessary for a national cybersecurity strategy.

It is human nature for Americans to want to feel secure.  Such a feeling has a particular ease of acceptance since the country has not been the target of a major attack since 9/11.  But if complacency is allowed to flourish, someday soon there will be a price to pay for the luxury of enjoying this denial.

How much risk is America willing to take with our way of life to justify continuing the feel-good aura that accompanies the sense of perceived safety?

It took a decade and a half following the invention of the atomic bomb to develop the rules for its use, or more importantly, non-use. In cyberspace, where there are no rules, we face a similar challenge. What we do not have is the decade and a half.

view counter
James McFarlin is a former high-tech CEO, noted author and international speaker on cyber security. (Twitter: @jimmcfarlin). The second edition of his cyberthriller “Aftershock: A Novel” was released in March of 2014.