This is a conversation which has been ongoing in the US for more than 20 years with little progress. During the Senate Intelligence Committee hearing on Russian interference in elections, Clint Watts correctly pointed out to the committee that in the area of cyber, a main problem is a lack of technical talent and an overall tacit disregard of the importance of hands on, technical operational skills.
It is also a fact that the US value system (for a lack of a better phrase) does not reward those who have the skills and attitude to work and engage in cyberspace.
In other words, as long as the trend is for top cyber technical talent to be referred to as “geeks” and “nerds” and other demeaning and discriminating phrases, while those less technical and more interested in social norms outside of cyberspace, are more valued, the US will continue to fall further behind in cybersecurity.
There is a reason the US is so far behind our biggest adversaries in cyber, and for over 20 years the vast majority of people have permitted cyber to fall so far behind that our entire democratic system has been undermined by simple (yet effective) phishing attacks and crude active measures in social media.
In addition, and one of the main reasons I am living on the beach far away from politics and working on cyberspace and cyber defense research and development independently is the fact that there is constant organizational conflicts about cyberspace operations.
Think about it, everyone.
The US military-industrial complex, the most powerful military-industrial complex in the world, cannot even defend US citizens against a foreign power’s active measures to undermine and destabilize the US democratic processes, after 20 years of failed policies in cyberspace.
Twenty years ago I published ground breaking cybersecurity papers, generally accepted today as some of the leading thought leadership in cyberspace situational awareness and computer network defense by leading researchers (except those who have plagiarized that work), but it seems those at the top of the military-industrial complex still do not understand.
You cannot fight and defend against what you cannot see or visualize. The big “AI” processing “pie in the sky” plan for cyber defense we all read about is not going to work “as advertised” because we cannot program machines to solve problems that we cannot solve ourselves. There is no substitute for the advancement and development of the human mind to solve complex problems. Delegating the task of “thinking” to machines is doomed to fail, and fail “big time”. It seems like humanity has, in a manner of speaking, “given up” on humans developing the intelligence to manage and defend cyberspace, so they have decided to turn it all over to machines.
It’s obvious that we have become lazy as a human society, overall. Social media seems to amplify that laziness. Selfies, sharing, liking, commenting… all for what end? What purpose? How does all this social media interaction that seems to occupy most of humanity make the world a better place?
Cyberdefense is broken and it is not getting better, it’s falling further and further behind. There is no excuse for the fact that foreign governments can destabilize the US using active cyber measures. But it has happened, it continues to happen, and it is happening now as we speak. So……
What are you doing about it?