Although you are probably knowledgeable on the NotPetya attack, most Americans were completely unaware of the 2017 offense that impacted tens of thousands of individuals, organizations, and businesses around the world.
NotPetya wasn't the first cyberattack, it exemplified the massive potential damage that major cyberattacks can cause. Even if attacks aren't directly intended for the US, networks are so interconnected that we will still feel the effects of it.
THE THREATS:
Every state with a modern military possesses cyber capabilities. Great powers (such as China and Russia) use cyber operations to enable their war-fighting capabilities, advance their interests, and undermine American economic strength, political will, and military might:
- China uses cyberspace to accelerate its economic rise, undermine US comparative strength, and suppress political opponents at home and abroad. China has the ability to launch cyberattacks in the US that could cause localized, temporary disrupted effects on critical infrastructure (such as disruption of a natural gas pipeline) for days to weeks.
- Russian cyber operators, left unchecked, will continue to grow in sophistication and frequency. They will target democratic institutions, military assets, and critical infrastructure in the US and its liberal democratic allies. Russian influence in the 2016 and 2018 US elections was part of a longer, larger campaign to undermine democracy and its institutions.
- Iran uses cyber operations to undermine the US deterrent posture and network of alliances in the Middle East. Iranian cyber operations focus on the commercial networks of energy and finance entities of particular importance to the economy. Unless it faces a more robust deterrent, Iran will continue to view cyber operations as a low-cost means of ensuring regime survival and achieving regional goals.
- North Korea views cyber operations as a tool of coercion and source of illicit financing via cyber criminal activities.
- Non-state cyber threats are dangerous because cyber capabilities, unlike nuclear capabilities can be built or obtained without access to national resources and power. From extremist groups to criminals and illicit businesses, new threat actors take advantage of modern connectivity to undermine the integrity of open societies.
Without a new whole-of-nation strategy and significant changes to how the US defends its networks in cyberspace, international powers will continue to threaten long-term American economic prosperity and national security.
WHERE ARE WE NOW:
Currently, the US is uncoordinated. The government still lacks clear, coordinate response mechanisms that build security into the cyber ecosystem and deter attacks of significant consequence. The public and private sectors struggle to coordinate cyber defenses, leaving gaps that decrease national resilience and create systemic risk. The biggest pitfalls as a nation are:
- Unclear Strategy
- Poorly Positioned to Lead
- Limited number of available cyber professionals
- Uncoordinated Private and Public Sectors
Due to these challenges, every American is left to independently balance risk, make investments, and take ad hoc responsibility for increasingly vulnerable networks. Public and private sector responses are left uncoordinated and the nation's critical infrastructure is left unprotected and vulnerable to adversaries who will exploit the opportunity.
AN INFLECTION POINT
The US stands at a strategic inflection point. While America looks forward to the potential of cyberspace and associated technologies to improve the quality of human life, threats continue to grow at an accelerating pace. If the United States fails to check the spread of surveillance technologies and fails to champion a new strategy to secure connectivity, democracy withers and social media will be further weaponized, distorting public discourse and deepening polarization in societies worldwide.
This new strategy must combine non-military instruments of power with defensive mechanisms to secure critical infrastructure both to shape competition beneath the level of armed conflict and to win in armed combat.
ABOUT STRATEGIC CYBER VENTURES
Cybersecurity is national security, and we're a D.C.-based venture capital firm on a mission to find cutting-edge startups that help us make an impact. We go beyond the check to help our founders win by leveraging our industry connections and experience as cybersecurity veterans to fuel their companies from inception to exit.
To learn more about our investment strategy and portfolio, explore www.scvgroup.com or connect with us on X @SCV_Cyber to be part of our mission in shaping the future of cybersecurity.