NATO, cyberdefence and death by a thousand cuts


This past week, I joined three colleagues from the ArcSight UK team to attend the 13th NATO Cyber Defense Workshop. The venue was especially interesting, as it was held in Tallinn, Estonia.

Recent history tells us that Estonia was the first nation to undergo a systematic cyber assault on its national infrastructure and services barely three years ago.

The Estonians know something about the subject of massive cyber attack, as a result, and they are playing a leading role in NATO’s effort to manage the risks in this complex and vital field.

When evaluating our effectiveness in dealing with cyber defence, we have two layers of uncertainty and risk: how effectively are we protecting critical information, and what are the adversaries actually getting and how might they use it against us, and when?

NATO gets credit for trying to address some of the fundamental manifestations that emerge in the cyber realm when complex systems collide with human expectations, psychology and behaviour. To begin with, they understand that a series of small losses can add up to an irreversible outcome, a death by a thousand cuts.

This is clear in the military domain but is not always appreciated in the information space. The fate of nations is not decided by wars alone, but by disease, technology, economics—and information, among other salient factors. Increasingly, information underlies and facilitates these other domains as never before.

The modern military is totally dependent on huge information flows for all phases of its activities—net-centric warfare is the model of the day. Our treatment of disease and public health is now built on prodigious amounts of information, not just for the understanding and treatment of the disease itself, but for all the issues concerning patient status and tracking, insurance and liabilities, etc.

Technology and economics, our ability to innovate, create, market and profit, are impossible today without detailed—and protected—information.

What is not so often appreciated is that much of this information is effective only as long as we control it and manage its use. The fact that we know it and can act on it, while our competitors and adversaries must wait until we have chosen to act, is the decisive advantage in all these domains. The time advantage from knowing something uniquely and first, conveys the space we need for leadership in all these domains.

The continued bleeding of critical information through cyber attack does not convey the impression of catastrophe that we see with the current Deepwater Horizon rig disaster, but at the end of the process, the impact to our way of life and leadership position may be even more profound.

The loss of unique control over critical information should be regarded as an unacceptable outcome at the highest levels of any organisation, and the enterprises that understand this—like NATO—are devoting significant resources to cyber risk management and response.

Prescott B. Winter is Chief Technology Officer for the Public Sector at ArcSight. Prior to joining ArcSight, Dr. Winter served as Associate Deputy Director of National Intelligence for Information Integration for the US National Security Agency.

"Recommended For You"

Cyber warfare: Should we be on the cyber offensive? Two years on, Estonia hardens its electronic defenses