El Diario del CISO Volumen 2 2018 - Page 5

named as responsible for the Stuxnet attack on the Iranian nuclear enrichment facilities discovered in 2010. And in the last two years, we have seen significant influence operations enabled by cyber intrusions launched against Western elections. What can be done to stop this out-of-control escalation? Effective solutions require action from both governments and the private sector to stem further conflict. Governments must begin work on holding cyber adversaries to account. In the absence of effective deterrence in this field, governments are in effect encouraging more innovation and boldness on the part of our enemies. The good news is that attribution – identifying who is responsible - is now largely a solved problem. Capabilities of both governments and private sector have improved; both are now competent at the swift identification of perpetrators of most intrusions, as evidenced by the fact that nearly every significant cyber attack in recent years has been attributed. Now, however, we need to move to the second critical part of the solution, which is to establish reliable punitive measures against identified threat actors to make it clear that such behavior is not acceptable and will have serious consequences. Punishment, however, should not be limited to cyber retaliation – in fact, cyber retaliation will often be the least productive response. Instead, all toolkits of national power – from law enforcement, diplomacy, economic sanctions, and military solutions should be on the table to pressure rogue regimes into compliance with acceptable norms of cyber behavior. On the private sector side, companies and individuals need to evolve their security strategies to be commensurate with the threat they face. A primary point of departure is the acknowledgment that it is an impossibility to stop every attacker from being able to enter target networks. Numerous vulnerabilities that can be exploited shall always exist alongside users who will err by clicking on nefarious links and emails. Instead of focusing solely on total perimeter rejection, our security model needs to change to that of speed and agility to react within networks, that is, hunting for attackers on our networks and discovering and ejecting them quickly before they can do any harm. Technologies such as cloud and artificial intelligence are revolutionary to making this approach efficient and effective. It is imperative that governments and companies start taking on these important actions before we find ourselves in the fourth generation of cyber conflict, which history tells us is unlikely to make the world any safer. A version of this article appeared on The CipherBrief earlier today: https://www.thecipherbrief.com/column/cyber- advisor/stopping-next-cyber-conflict This article was taken from here 5