Cyber War is happening right now, and America isn’t even trying to fight. Seriously, we have our collective heads in the sand. Companies can’t say if they are secure, and the government knows it’s not secure. So what’s to be done about these cybersecurity vulnerabilities?
This blog post was inspired by an email I got this morning from a member of my unit. This is what I woke up to:
Wow! The 82nd Airborne, one of America’s premier units, is now using a free open source app to communicate. What happened to the James Bond days of the 1960s when the government was the leader in new technologies? (Note: This is public information as reported by the Military Times.)
For a little background, the military’s IT systems are beyond terrible. I fight to simply access my email, let alone any other system. Honestly, I should make a video to show how bad and cumbersome the process is. I’d like to think that’s because of the military’s high security, but it’s really because of under-investment in the basic enabling technologies. I bet the Chinese and Russians have an easier time reading my military emails than I do.
So what happens when the official systems don’t work? Human nature takes over, and we default to iMessage, WhatsApp, and the like. At least Signal isn’t officially controlled by a third-party company.
Last week I saw that the families of deployed soldiers were being harassed by menacing messages:
Two weeks ago I received a voicemail with someone shouting, “Allah Akbar!” I just deleted it, but this is real cyber warfare and psychological warfare.
Last year they announced that as formidable as a weapon that the F-35 is, it can be grounded simply by hacking its insecure maintenance system:
This reminds me of my own government laptop. As a member of the Army Reserve, I am not a full-time government employee, but I used to have a laptop to handle official business. That laptop needed to be connected to an Army network every 30 days or it turned into a brick, but I often go months without setting foot on an Army base. Guess what happened to that laptop? It never worked past the initial 30 days. But I still had to do my job, so do you want to guess how I did my business? On my own computer.
Is the government or the military doing anything about this? Are we getting ahead of this at all? Not as far as I can tell.
Cybersecurity vulnerabilities aren’t just a military concern. How long before countries, activists, and the competition starts pursuing this form of harassment against other companies? Would a Chinese company be above harassing Chinese employees of Google? Or Iran of Iranians? It’s super easy to find out who people are these days and where they work; just look at Facebook or LinkedIn.
While I am considered a cybersecurity trendsetter (because I adopted Signal two years ahead of the rest of the Army), that scares me. I simply wanted to note the strange new world we live in.
At the end of the day, I truly believe that cybersecurity is NOT an IT problem. It is a strategy challenge and a human behavior/psychological challenge. That is why I like the Certified Information Systems Security Professional certification. It is high-level and covers the overarching domains of cybersecurity without getting sucked into the specifics of any one application or technology. I wish every high-level leader studied for it or something like it – the world would be a safer place.
I hope that we as a society invest more in professional development, our technical infrastructure, and our basic strategies around fighting cybersecurity vulnerabilities.
Disclaimer: The opinions expressed in this post are solely those of the author and do not reflect the opinions of the company or any other individual or organization.