Inside the
Cyber trenches

On the war and peace spectrum, cyberspace is often a gray zone, where a great power competition among nation states blurs the thin line between tension and open conflict. Within this competition, cyber powers assert influence, inflict damage, and stop short of provoking full-scale war. For example, malicious hackers are aggressively probing U.S. assets for weaknesses to enhance wartime prospects, steal technology and data, challenge democracy, disrupt commerce and threaten critical infrastructure.

New developments remind us constantly that no one is immune to cyber-attacks. This includes the U.S. federal government and military, which along with its status as global superpower is also one of the world’s top cyber targets. A small number of high-profile breaches might come to mind, but a detailed view of cybersecurity in the government reveals meaningful progress and resilience in spite of escalating threats. Technology is rapidly advancing, the processes governing sound practices are maturing, and the boundaries of acceptable behavior are being drawn.

The U.S. has always possessed strong cyber capabilities, but Russia and China have also established themselves as top-tier cyber powers. Both countries may now possess cyber capabilities roughly equivalent to weapons of mass destruction, and many experts see parallels to a digital Cold War with rivals escalating toward mutually assured cyber destruction. But cyber warfare is often asymmetric, upending old criteria for assessing global balances of power. While large nations are generally the most advanced, persistent and well-funded, smaller adversaries also pose significant threats. North Korea and Iran, widely regarded as malicious cyber actors, are making significant efforts to compete.

How will the U.S. respond? In September, the White House issued a national cyber strategy which prioritizes securing federal networks, protecting critical infrastructure and combating cybercrime. The Pentagon published its own strategy, which outlines a “defend forward” blueprint to disrupt malicious cyber activity at its source. Both strategies aim to outpace adversaries and deter threats to U.S. interests. The assertive posture taken by the Administration and Defense Department reflects a leading narrative in the government today: At their best, U.S. cyber capabilities are strong, but cyber is a team sport where defenses are often only as strong as their weakest link. In the face of escalating and persistent threats, modernization and collaboration must accelerate.

How? This year alone several defense and civilian agencies will award multibillion dollar contracts to private sector companies like Leidos for work in IT modernization. The success of these and other programs will hinge on the infusion of next-generation security intelligence, including automation, advanced data analytics, artificial intelligence and machine learning (AI/ML) and threat-based methodology.

Here are some other important factors that will lead America’s digital ecosystem toward greater security:

Cyber-attacks can be physically debilitating when targeted networks protect assets with moving parts. These include connected cars, aircraft, medical devices and industrial control systems—each of which share the characteristic that they can be hacked, hijacked and used to cause physical harm. As the virtual and physical worlds conflate through connectivity, the distinction fades between cybersecurity and traditional security. With billions of devices already connected, it seems to be only a matter of time until hackers attempt to seize control of U.S. assets to achieve destructive physical (or kinetic) effects. Protecting connected systems that control America’s critical infrastructure—emergency services, banking, energy, telecommunication, traffic, healthcare, etc.—from cyberattacks must be a top priority going forward.

Cybersecurity officials are in a constant race to keep up with innovation. Yet security is often an afterthought for manufacturers, whose logical ambition is to be first-to-market with new products. Practically speaking, any device that shares information through a network has some level of vulnerability. But companies that make and sell devices don’t necessarily have the expertise to predict how their products can be hacked. Even if they did, they may not have the resources to do anything about it. Likewise, the government wants modern systems with maximum affordability, speed and flexibility to share information across enclaves, a principle that sometimes goes against the need for restricting access to data. Going forward, it will be important to incentivize manufacturers and IT providers to operate not only quickly, but also safely.

If cyberspace is a series of battlefields, security operations centers, or SOCs, are command posts for coordinating cyber tactics. To remain effective, these centers of operation must be infused with the most advanced technology, including analytics engines driven by AI/ML. SOCs must become more self-sufficient through automation, enabling cyber professionals to focus on work that requires human brainpower. The smartest solutions in security intelligence don’t replace cyber analysts, but rather maximize their effectiveness.

Understanding how attackers think and act greatly enhances the ability to defend. This is no different in cyberspace. Perimeter defenses are provisional and remain useful only to the extent they can be refortified against new offenses. PACKIT™ is the Leidos cyber defense methodology based on understanding not only the adversary’s motivation, but also the steps he or she must take to achieve an objective. Understanding these steps helps determine how to take countermeasures and layer defenses against likely offensive strategies.

Cybersecurity is a team sport, and the U.S. cannot go it alone. Fortunately, America and its allies have mutual interests in cyberspace, and signs point to strong international coalitions to bolster deterrence and impose law. Equally important is coordination between private industry and the federal government, which like any organization has strains on its resources. The private sector will continue to be a major source of innovation as it takes on the risks and responsibilities of developing new technology. Both the national and Defense Department cyber strategies call for greater reliance on commercial technology, and reflect a desire to leverage innovation from Silicon Valley. Leidos, one of the largest IT systems integrators for the federal government, will play an important role in these efforts.

Technical challenges in cybersecurity demand an abundance of the brightest minds in science, technology, engineering and math (STEM). But everyone wants more cyber talent, and there isn’t enough to go around. The requisite skills needed to address these problems change constantly and are difficult to predict. This skills gap weighs heavily on the public and private sectors alike. There are no simple solutions to this deficit, but cyber workforce development is a major theme of the national and Defense Department strategies. Private sector companies can help by funding STEM programs, re-skilling the workforce and partnering with universities. Automation will allow certain work to be done with fewer personnel, but well-trained and talented people are still the most important part of successful security operations.