Why Cyberspace Will Be The Battlefield Of The Future And What That Means

Guest post by Stephen Gordon, a Director of Market Development in Microsoft’s Enterprise Strategy Consulting business. You can follow him on Twitter at @sgordonmobile.

I recently attended a private workshop on cybersecurity and net-centric warfare held at MIT Lincoln Labs. While the majority of the content from the three day conference have, shall we say, "restricted sharing rights," here I would like to provide a perspective on some of the thinking and focus areas taking place today between academic research,  industry, and government with regard to the topics of the workshop.

Many professionals working in the public sector are well aware of the ongoing cyber threats, exploits and attacks taking place on a global basis against computing infrastructure in commercial businesses, governments, and research organizations. I have heard it said that a warfighter can go days without food or water but only minutes without data. The consequence of this is that maintaining secure data on government networks is a top priority -- and the government is increasingly partnering with industry around best practices.

The patterns we have established to combat cyber threats have been well defined for years and well known to the bad guys trying who continuously develop new vectors to get through physical and virtual security. Who would have thought that in 2011 we would still be fighting off denial of service attacks, and stack buffer overflow attacks? And yet we continue to.

High-profile targets of cyber attacks like consulting firm Booz Allen, manufacturer Lockheed,and the Central Intelligence Agency make the news,and once that happens there is no time to respond -- some damage has been done, and a common response is to play harder defense against unknown adversaries by reducing our computing attack surface, deploying new service paks and security updates, locking down desktops and servers and so on. For the U.S. Government, "reducing attack surface" means in part consolidating over 15,000 data centers to maintain secure, defensible networks, as well as having stronger mission assurance strategies to support the warfighter.

If you can visualize a chart with bad guys on the far left, and PCs, servers, phones, TVs, and any other device connected to the Internet on the far right, it becomes obvious how the private sector is somewhat limited in responding to infrastructure attacks. Governments, on the other hand, can operate across this full spectrum to get to the root of cyber problems. As a result, in May 2010 U.S. Strategic Command (USSTRATCOM) was directed to, “plan, coordinate, integrate, synchronize, and conduct activities to: lead day-to-day defense and protection of DoD information networks; coordinate DoD operations providing support to military missions; direct the operations and defense of specified DoD information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations."

During the conference I heard several illustrations that paint the picture of cyberspace as what is now being called the fifth battlefield.   Systems today are challenged in that they are not fully capable of abstract thinking, or thinking in metaphors.  Each person makes decisions a little differently and a good deal of effort is going into developing cyber capabilities that are built around a shared situational awareness model –to respond to any condition with the appropriate measure.  What is great to see if the increased collaboration between academic, government, and industry to join forces on the rapidly advancing cyber threat domain.

Art from University of Maryland, Adam Selwood.