Governments are the biggest investors in developing offensive cyber capabilities and collecting technical exploits. Such digital arsenals are an asset but also a potential liability. Security and protection is crucial to these highly transferable and reusable resources. Strategic planning and steps must be taken to avoid or minimize unintended consequences against government services, allies, businesses, and individuals.
In a recent report, the UK Government Communications Headquarters (GCHQ) stated they “over-achieved” and delivered almost double the number of offensive capabilities they were aiming for. This has likely repeated itself across many nations who have invested billions into cyber defense/offense programs over the past several years. The result is a number of governments who now oversee growing cyber ‘zoos’ of dangerous digital beasts.
Nation states developing offensive cyber weapons is necessary in the digital landscape of our politically charged world. It would be negligent not to, just as it is unwise to allow military postures to degrade to levels of ineffectiveness. But in doing so, it is important to acknowledge such investments contribute to an overall increase to the global risks. Therefore, it is prudent to act with necessary foresight.
Here is my advice to responsible governments:
- Protect the cyber weapons and exploits you own with all vigor and diligence. Others want to use what you have spent considerable resources developing and will apply all manner of effort to obtain them. Handle them as you would any conventional, biological, genetic, or nuclear stockpile with both physical and digital controls.
- For every offensive tool created, you best develop a detection capability and antidote in parallel. Eventually, adversaries and criminals will obtain and dissect them, using components for their own purposes, turning them back on you and targeting your allies.
Regardless if exposure is due to theft or when the weapon is used, at some point adversaries will get access to your investment. Unlike traditional weapons, which are expended at the time of use, digital arsenals can be reused. The effects could be catastrophic.
Businesses, organizations, and individuals must also be concerned. Organized criminals have found favor in harvesting nation-state quality cyber tools for use in ransomware, network attacks, denial-of-service, and extortion schemes.
It is the responsibility of governments to think ahead and be prepared for the eventuality that the very weapons they create will be re-purposed and could target anyone, causing unintended damage and potentially be attributed back to the government who created them. It is the duty, as caretakers of such arsenals, to keep control of these weapons and be ready to respond if they are misused.
Proper forethought is necessary to secure and protect all weapons, including cyber.
Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit