ArchiveCyberOODA Original

Software Ate The World: Now it is both a corporate and national security threat

In 2011 Marc Andreessen published an essay in the Wall Street Journal titled “Why Software Is Eating the World.” The words in the title brought into focus trends we had all seen, and did so in a very succinct way. The article captured the fact that broad technological shifts were underway where software companies were poised to take over large swaths of the economy.

With every sector of the economy, every element of critical infrastructure and every component of government now dependent on IT and software, clearly software has eaten the world.

But another trend developed and accelerated right along with this one.  New adversarial dynamics are underway, and these dynamics should inform decision making for leaders in any business in an open society. This post provides an overview of some adversary actions, insights into how adversary actions will increase risk to corporate America, and recommendations for actions all of us should consider in response.

Use of Software In Closed Societies

Leaders in closed societies use software to improve their ability to maintain control by monitoring and surveilling people. Software is also used to restrict access to information and/or manipulate perceptions. Some nations, like China, have built infrastructure they consider critical just to promulgate propaganda (for example, the Publicity Department of the Communist Party of China). Most all other closed societies also use software to ensure communications can be censored and also retained for further exploitation against people the state will want to target.

Adversaries have also continued trends of cyber espionage and attack. What started with a few isolated incidents in the 1990’s have grown to a constant series of unauthorized intrusions into companies, governments, non-profits and critical infrastructure. All indications are that closed nation’s will continue to seek ways to steal intellectual property and position themselves to conduct strategic attacks via commercial infrastructure.

Closed societies have also seen the power of using software to automate operations against elections. The examples which are front of mind are election interference through social media accounts, including automating the creation of millions of accounts then automating how those accounts spread messages. Closed societies have also used new software enabled tools to target citizens of open nations for recruitment and influence.

New Issues For Corporate America

The use of software by closed societies has become a national security issue. It is also a topic of concern for business leaders. If criminals supported by a nation, or the nation itself, is stealing intellectual property that cuts into future revenue and can even threaten the existence of a company. If an adversarial nation is using corporate resources as part of an attack that puts the business at risk and also degrades the ability of the company to use its own IT. Additionally, if businesses are attacked by adversary social media campaigns that can damage brand and hurt the business as well.

What Executives Should Do About New Software Enabled Threats

For the last decade, cybersecurity professionals have established methods, models and frameworks that capture best practices for raising corporate defenses. Companies that leverage best practices can mitigate many threats of breach and can prepare to respond once the inevitable surprise happens. Best practices are still important and all executives should understand that appropriate attention has to be applied to defense of your infrastructure.

But in the age of well resourced automated attacks and full spectrum information warfare, defense is not enough. Leaders need to be more proactive than ever.

Our recommendations:

  • Understand the new vulnerabilities to corporate missions and functions, including software enabled vulnerabilities to your supply chain. Proactively seek out ways to mitigate these vulnerabilities. Overwhelmed with the problem? Consider a red team or table top exercise.
  • Collaborate to meet advanced threats. No one firm can do it alone. This includes proactively building relationships with law enforcement and federal organizations who can help take action against adversary nations when required. It also means working closer than ever with partners and even competitors to mount more collective defense.
  • Educate the workforce on the nature of the new threats. All employees need to understand they have a role to play in defending the company, and all should also understand their home IT systems should be made more resilient to attack. There are things they can do to make it harder for adversaries to use home IT to attack the workforce.
  • Consider how you engage with elected officials at local, state and federal levels. This is a societal problem that will require collective action. To the degree you can inform that collective action with your expertise that action will be more effective.

We will continue our reporting on this serious strategic issue in a coming post titled: Software Has Become A National Security Vulnerability

 

Bob Gourley

Bob Gourley

Bob Gourley is the founder and Chief Technology Officer (CTO) of Crucial Point LLC, a technology research and advisory firm. He is the publisher of CTOvision.com and ThreatBrief.com and is the author of the book The Cyber Threat