The Cyber Security Head Game

Recently, the cyber arm of Homeland Security, CISA, announced a new, North Korean sponsored ransomware attack on health care systems, and the Center for Strategic and International Studies just listed 89 major international cyberattacks in 2022 alone, including a recent China-sponsored compromise of vital telecommunication systems.

As if these incidents weren’t sobering enough, CISA also warned that Russia, in retaliation for US support of Ukraine, could compromise vital US infrastructure such as mobile networks, banks, power and energy systems, in the same way Russian hackers took down the Colonial Pipeline system last year, causing severe fuel shortages.

In sum, we find ourselves in a never-ending, low-level global cyber conflict that threatens to erupt into a major cyber war at any time… and we are not winning that conflict.

Why aren’t we winning?

As the former CTO of the US Intelligence Community and current Chairman of the Board of the US Technology Leadership Council, I can say with confidence that the problem isn’t our technology. We invented the internet and still have the deepest technical resources of any country in the world, so our cyber defenses, including access controls, anti-malware, firewalls, secure computing platforms, intrusion/data loss detection systems and AI cyber defense systems are second to none. But, as the gloomy statistics show, having an impressive array of cyber defense weapons hasn’t been enough.

General George S. Patton, way back in World War II, was eerily prescient about our current difficulties when he observed. To win battles you do not beat weapons—you beat the [soul] of the enemy man.

What Patton meant was that war is more a test of wills than a battle of weapons, so, without the right mindset, an impressive arsenal of weapons won’t save you.

Getting the right mindset

Another famous General, Sun Tsu, suggested one way out of our difficulties when he observed “All war is deception.” If you’re not a student of war, an intuitive way to understand the role of deception in conflict is to observe the successful camouflage (becoming invisible) and mimicry (looking like a scarier animal than you are) of…