Cyber Security in Today’s World
Cyber security is a key component of the digital era. There are many definitions and interpretations of “cyber security” but at its core, cyber security is preventing an adversary from capturing, modifying, or destroying information.
To better understand the cyberspace domain, it’s useful to think of it much like the real world. Anything that can happen in daily life – such as commerce, social interaction and crime – can occur in cyberspace. Cyber security is an effort to manage risk and prevent negative and harmful activities from taking place.
Cyber security has become increasingly important over the last decades. The Internet of Things has continued to expand as people and programs attach to it, whether that’s for advantage, convenience, or interest. Everything is connected to cyberspace – from a refrigerator to a vehicle and from satellites to launch systems – and connection to a wider internet opens them up to access by an adversary. Ultimately, any cyber capability can be comprised by someone else if they break through the security measures that are set in place.
This is why cyber security is central to the space industry. By definition, every orbital asset has some way to communicate over the radio frequency spectrum. Therefore, anything you can do to control your satellite from the ground can potentially be done to your satellite by an adversary. Cyber security is also critical to the space industry because it’s a low density and high expense field. It takes a lot of money, power, and capability to put a satellite into orbit, so the ability to protect this asset is extremely important. If a satellite is interfered with or brought down, it could be months or years before the capabilities are recovered. Since all space assets are wireless by definition, the risk is heightened, making cyber security a top concern.
From a military standpoint, there is an offensive and defensive side to cyber warfare. Cyber operations entail the defense against and prevention of harmful activities by an adversary, and the offense of capturing, modifying, or destroying the information or capability of an adversary. Today, most terrorist organizations, nation states, and countries have to think about both an offensive and defensive capability in cyberspace. Once that is understood, you have to consider what may be perpetrated against you and whether or not you are properly prepared.
If adversaries are able to breach the security measures in place, the only thing stopping them from engaging in criminal cyber activity is their good conscience, altruism, or fear of retribution. This is what makes cyber security such an important initiative. A presentation prepared by Bryce Space and Technology notes the annual cost of breaches have been estimated at $450+ billion dollars and that cyber crime extracts between 15 and 20 percent of the value created by the internet. With such high stakes, it is critical to manage cyber risk effectively.
Throughout my career I have worked with individuals, companies, and government organizations – from small to massive – to manage cyber risk. While the scale varies dramatically, all organizations need to take the same basic steps.
The first step is conducting a cyber assessment; understanding the state of the organization’s capabilities and what needs to be improved. From there, you can develop a cyber playbook establishing the right kinds of tools, techniques, and procedures. It is also important to create a cyber crisis response plan that includes how to react organizationally to a cyber crisis and how to organize the staff around a response. Questions to consider are “What capabilities does our security operation center need?” and “Why and how might our security operations center interact with the rest of our corporate leadership and workforce?” Bryce works with clients through all of these steps to address the challenges.
Cyber security should not be siloed as a chief information officer’s responsibility. It is up to the chief executive officer/agency head to focus and prioritize this issue at the same level that they prioritize the organization’s financial or mission success. As society continues to increase dependency on cyberspace, it is imperative we are all properly prepared and protected online.