Balancing Danger and Opportunity in the New World of Cyber Domain
“The cyber domain looks like Somalia,” the former director of the CIA and NSA told a group of SAP customers, partners and employees Tuesday. “It is totally ungoverned — it has never been governed.”
|“If you have anything of value, you have been penetrated,” Michael Hayden told the SAP Retail Forum 2013 on Tuesday. (Photo by Rory Thomas O’Neill)|
And it is the most disruptive thing in human history since Europeans discovered the Western Hemisphere, Gen. Michael Hayden (USAF, Ret.) told the SAP Retail Forum 2013 (@SAP_Retail) during his keynote speech. Discovering the New World changed government, disease, language and even the way people think of humanity.
Cyber may even be the most disruptive thing since humans developed language, Hayden added, citing younger generations of digital natives. Their lifelong use of technology has changed the wiring in their brains, affecting cognition.
Brave New World
“You need to think of [cyberspace] as the New World,” Hayden said. “Don’t think of it as bandwidth or a budget line — your military thinks of it as a place.”
So much so that cyber is the fifth domain of warfare, alongside the old standards of land, sea, air and space. It has been since the Cold War.
But it was never designed to be secure, according to Hayden. Rather, the Stanford University team that created ARPA Net, which became the Internet, did so in response to a U.S. government request for something to quickly and easily transfer large amounts of data between a limited number of known and trusted nodes.
“Building security into the Internet would be like you going to your architect and saying, ‘I really need a locked door between my kitchen and my dining room,’” Hayden said. “There is nothing in the architecture of your house that suggests you need a locked door … because all of the architecture in your house is designed for you to get food from the kitchen to the dining room while it’s still hot.”
Since there’s no blocking the breakfast nook, Hayden offered an equation for companies and individuals wishing to appraise their exposure to cyber-attack:
Risk = Threat x Vulnerability x Consequence
Cyber defense has mostly been about reducing vulnerability, Hayden stated. But focus in the U.S. is shifting to managing consequence.
“If you have anything of value, you have been penetrated,” Hayden said. “You’ve got to survive while penetrated — operate while someone else is on your network, wrapping your precious data far more tightly than your other more ordinary data.”
A growing number of private-sector companies specialize in cyber threat intelligence, according to Hayden. They Web crawl, port scan and have foreign-born employees engage in overseas chat rooms so their clients can focus on the most likely threats, as well as their business.
Despite savvy ruses by bad actors around the world, such as spear phishing, the Internet is “quintessentially American,” Hayden said, given its egalitarian, ubiquitous and leveling nature, as well as its roots in the private sector.
“This may be the thing by which our civilization is most remembered, the way the Romans are remembered for roads and aqueducts,” Hayden said. “There’s tremendous opportunity, but be careful out there.”
Follow Derek on Twitter: @DKlobucher. Like this story? Sign up for the SAP Business Trends newsletter here.
Mobile and Big Data As the Dynamic Duo of Retail
SAP Retail Forum to Take Lessons from the CIA and NSA
Wow- that might have been an exceptional speech. And Derek - this is a great feature about the speech, wonderfuly crafted.
There is a lot to think about here - I like especially the formula. And I forgive the phrase that "the Internet is quintessentially American" - but everybody puts his homeland first.
What we learn from speeches like this that it is quick to say "evil" but every coin has two sides - you need to have an objective view on both sides to equal value, especialy in security.
Thank you, Holger. Hayden’s speech was indeed a memorable one, especially as an insightful reality check.
His “quintessentially American” remark was about legacy, and referred to the Internet’s creation at Stanford University at the behest of the U.S. government, as well as its inherent qualities. To your point, the Internet definitely belongs to everyone now -- and I certainly don’t drive on roads thinking that they’re “quintessentially Roman.”
From rogue nations pursuing nuclear programs to state-sponsored cyber-attacks, Hayden certainly addressed both sides of the coin. I’m glad you enjoyed the blog post!