Tuesday, October 18, 2011

Britain Has Already Lost A Future Cyberwar

Britain's Foreign Secretary William Hague decided it was a good idea to announce in The Sun that Britain 1) will strike first against an adversary planning to attack Britain and 2) doesn't have the money to adequately defend itself from a future act of cyber warfare.  He also said that he couldn't guarantee the safety of Britain's critical infrastructure "including water works, power plants, and air traffic control systems". For some reason Secretary Hague thought these pronouncements would be a good idea in light of an upcoming conference that he's hosting in London on Nov 1-2.

I haven't been invited to participate in that conference but if I were, here's the guidance that I'd provide to the Foreign Secretary - in brief:

Two Things You Don't Want To Do:
1. Don't threaten retaliation or preemption when you have no way of knowing who the attacker is. It gives away the fact that you don't have a clue about the environment which means that in any given war in that environment - you lose.
2. Don't acknowledge that you can't afford to defend your networks; even if it's true. It makes you a more attractive target and reveals a key vulnerability that's sure to be exploited.

Two Things You Do Want To Do:
1. Stop spending your limited funds on offensive cyber weapons and spend it on resilience.
2. Buy back your critical infrastructure from the foreign companies who currently own it; especially the Chinese. You can't defend what you don't own.

I have a few friends in Britian's intelligence community so I don't mean for this post to sound snarky or cruel. The fact is that you have some serious internal conflicts in your government and Ministry of Defense about how to allocate resources and identify threats in cyber-space-time. If you're seriously looking to defend Britain from a future act of cyber-war, please take my above guidance to heart.

Related:
Why the U.S. Will Lose A War In Cyberspace

No comments:

Post a Comment