Director of the Center for 21st Century Security and Intelligence at the Brookings Institution Peter Singer spoke at The Fletcher School yesterday about the evolving threat of cyber warfare and how business and government leaders need to rethink their security strategies.
Admiral James Stavridis, dean of The Fletcher School, introduced Singer by describing him as "the Meryl Streep of defense," due to Singer's wide knowledge on many international issues including child soldiers, corporate security, drone use and cyber warfare.
"When I think of Meryl Streep, I think about an actress who has incredible range, who can lose herself in any role, and every time you see her it's different and it's fresh," he said. "Peter ... has one of the best minds looking at security, defense, technology and their intersection."
Singer briefly outlined the changing nature of computers and the internet. He explained that as computers have become more complex and the internet has developed, both have a tremendous impact on everyday life.
"Since then, three decades later, computers have taken a central role in my life, and I would argue all of our lives," he said. "The first website was made in 1991 ... and we now live in a world where there are more than 30 trillion individual websites. Moreover, the internet is no longer about compiling or sharing information online; it's also starting to shake the real world with the emerging internet of things."
Over the next five years, Cisco Systems, Inc. estimates that over 50 billion internet-enabled devices will come online, including smart cars, smart refrigerators and smart thermostats, according to Singer.
"When you think about those numbers — you're talking about 50 billion — it means we're no longer the people behind the devices using them to have conversations," he said. "There [are] too many of the devices — they are having the conversations without us, making decisions without us ... What's playing out is that domains range from communication to commerce to critical infrastructure to conflict ... all of these domains are dependent on the space. We truly are entering what the chairman of Google calls a 'new digital age.'"
With the uses of the internet constantly expanding, Singer said cyber-attacks are also growing and becoming more complicated.
"With this incredibly important but arguably very short history, I would argue that we're reaching a turning point," he said. "Just as the upside of the cyber domain has rippled out with all sorts of wonderful and unexpected consequences, so too has the risk side. You can illustrate this again through lots of different ways, one would be through the numbers. Every single second nine new pieces of malware are discovered. From the business side, 97 percent of Fortune 500 countries have admitted that they have been hacked."
As a result of these cyber-attacks, Singer explained that governments and businesses have invested resources into beefing up their internet security. According to Singer, more than 100 governments have created some type of cyber military command, and the private cyber security industry is on pace to double over the next 20 years. Despite this increase, he expressed concern over group's abilities to respond to cyber security threats.
"Seventy percent of business executives have made a cybersecurity decision for their company, not seventy percent of CTOs or CIOs, but executives in general, despite the fact that no major MBA program teaches it as part of your management responsibility," he said. "The same thing [is true] at the schools that teach our lawyers, journalists, et cetera."
Singer stressed that cyber-attacks come in many forms, however, and that people must be focused on smaller attacks, not just the possibility of a "cyber 9/11" or an attack on the nation's energy infrastructure.
"Our inability to have a proper discussion about this space doesn't just lead to distortion of threats and how we talk about them, but more importantly [leads to] a misallocation of resources, a misallocation of mental, financial, organizational resources," he said. "Thirty-one thousand three hundred. That's the number of academic journal and major media articles that have focused on the phenomena of 'cyber terrorism.' Zero. That's the number of people who have actually been hurt or killed by an incident that meets the FBI definition of cyber-terrorism."
In order to more effectively combat the cyber threats, Singer argued that people must first become aware of the threats.
"The first theme is knowledge matters. It's absolutely vital that we demystify this realm if we ever want to get anything done about security," he said. "We have to move past the situation we're in right now where, for example, the president received a briefing on cyber issues, and then had to ask for it repeated back, 'this time in English.' That's not a knock on President Obama. That same thing would happen at pretty much every major corporation to private company to think tank, that kind of sense of 'I don't understand it, this is not for me.'"
Singer also spoke of other ways to improve cyber security, including through improving financial incentives to be safe, understanding history's application to the present and in changing the mentality of the nation.
"We have to change our emphasis from one of defense or offense to one of resilience," he said. "This is not an area where you can just build a higher wall or deter the bad guy away. That kind of thinking won't work in this space ... Rather, we have to accept that as long as we're online, there will be threats, and ... some of those threats will get inside your network or they might already be inside your network."
Despite his concerns, Singer expressed optimism that the internet and computers will continue to be as helpful as they were in the past, connecting strangers and answering questions with the click of a button.
"My hope is that the way it has been in the past will be the way it is in the future," he said. "We have to accept and manage the risks of this world, whether it's the online world or the real world."
Read the original piece
--Reprinted from Tufts Daily