Governments are the biggest investors in developing offensive cyber capabilities and collecting technical exploits. Such digital arsenals are an asset but also a potential liability. Security and protection is crucial to these highly transferable and reusable resources. Strategic planning and steps must be taken to avoid or minimize unintended consequences against government services, allies, businesses, and individuals.
In a recent report, the UK Government Communications Headquarters (GCHQ) stated they “over-achieved” and delivered almost double the number of offensive capabilities they were aiming for. This has likely repeated itself across many nations who have invested billions into cyber defense/offense programs over the past several years. The result is a number of governments who now oversee growing cyber ‘zoos’ of dangerous digital beasts.
Nation states developing offensive cyber weapons is necessary in the digital landscape of our politically charged world. It would be negligent not to, just as it is unwise to allow military postures to degrade to levels of ineffectiveness. But in doing so, it is important to acknowledge such investments contribute to an overall increase to the global risks. Therefore, it is prudent to act with necessary foresight.
Here is my advice to responsible governments:
- Protect the cyber weapons and exploits you own with all vigor and diligence. Others want to use what you have spent considerable resources developing and will apply all manner of effort to obtain them. Handle them as you would any conventional, biological, genetic, or nuclear stockpile with both physical and digital controls.
- For every offensive tool created, you best develop a detection capability and antidote in parallel. Eventually, adversaries and criminals will obtain and dissect them, using components for their own purposes, turning them back on you and targeting your allies.
Regardless if exposure is due to theft or when the weapon is used, at some point adversaries will get access to your investment. Unlike traditional weapons, which are expended at the time of use, digital arsenals can be reused. The effects could be catastrophic.
Businesses, organizations, and individuals must also be concerned. Organized criminals have found favor in harvesting nation-state quality cyber tools for use in ransomware, network attacks, denial-of-service, and extortion schemes.
It is the responsibility of governments to think ahead and be prepared for the eventuality that the very weapons they create will be re-purposed and could target anyone, causing unintended damage and potentially be attributed back to the government who created them. It is the duty, as caretakers of such arsenals, to keep control of these weapons and be ready to respond if they are misused.
Proper forethought is necessary to secure and protect all weapons, including cyber.
Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit
As I read this, I realized how much humans have evolved. We went from spears and rocks to cyber attacks.
These people don't create antidote objects for the defensive tools they create, yet, it seems like common sense to me which makes me wonder.
Unfortunately there is lack of control now with standard weapons. It appears that Cyber attacks come in all shapes/forms, I believe that the possibilities to cause harm/damage are endless. This frightens me!
At the end of the day, offensive weapons put us all at risk. Unlike conventional munitions, these can be turned against everyday users and computers. Cybercriminals will harvest, dissect, and then use pieces for their own malware. Cybersecurity must get better for everyone.
"Responsible Governments" is an oxymoron!
This is a very good advice, in developing cyber weapons for security and protection aid
The next world war will be a cyber war. All Govts need to be prpepared for it.
Not just governments, but individuals and businesses too.
Yes very true. Create your own wallet ;)