Commodification of Cyber Capabilities: A Grand Cyber Arms Bazaar

November 2019 No Comments

Commodification of Cyber Capabilities: A Grand Cyber Arms Bazaar

Speakers: Henry, A. (FireEye, Inc.); Hunter, K. (FBI); Madsen, D. (CIA); Walther-Puri, M. (NYC Cyber Command)

Date: 19 November 2019

Speaker Session Preview

SMA hosted a speaker session presented by Mr. Munish Walther-Puri (NYC Cyber Command), Mr. Kyle Hunter (FBI), Mr. Aaron Henry (FireEye, Inc.), and Mr. Dana Madsen (CIA) as a part of its SMA General Speaker Series. To begin, Mr. Henry stated that the proliferation and commodification of cyber offensive capabilities through the emergence of a “grand cyber arms bazaar” is reshaping the cyber balance of power, enabling a wide variety of actors to use cyber tactics for geopolitical impact and/or economic gain. He explained that the purpose of his team’s research was to create a framework that distinguishes actors from one another and explore the current deficiency of cyber deterrence efforts, the lack of clear redlines, and the unintended consequences of cyber engagement. Mr. Henry then presented the team’s findings. They found that foreign actors have had varying levels of success in using cyber means for profit, collection, and attack. They also found that policy challenges related to deterrence, redlines, and escalation have resulted from the lack of cyber norms and challenges faced by the West in imposing consequences for malicious cyber activity and actions that fall under the threshold of war. Mr. Henry also stated that private and public sector executives need to posture their organizations for an increasing risk of surprise in cyberspace. These executives need to account for geopolitical developments in their cyber defenses, find ways to bolster operational and technical resilience, and learn to prioritize threats. Next, Mr. Hunter provided a detailed description of the the framework that his team created. In this framework, actors are labeled as established, emerging, or opportunistic based on the organizational maturity of their cyber programs. The ability of actors to quickly buy, build, or bridge sophisticated cyber capabilities and processes is also factored into the framework. Mr. Hunter explained that these tactics allow an actor to jump from a lower level of capabilities to a higher level very rapidly. Next, Mr. Madsen highlighted some of the implications of an actor’s decision to buy, build, or bridge cyber capabilities. Mr. Walther-Puri then identified areas for further work and outlined several policy challenges involving deterrence, redlines, and escalation. To conclude the session, he stated that none of this research matters unless someone does something with the results, whether it is engaging in a conversation about them or making a decision to reallocate resources.

Speaker Session Audio Recording

To access an audio recording of the session, please email Ms. Nicole Omundson (nomundson@nsiteam.com).

Download the Speakers’ Biographies, Paper, and Slides

Comments

Submit A Comment