It has recently come to light that more than 1 billion accounts were compromised in a hack of Yahoo that occurred in 2013. This new revelation, on top of the ever-deepening story about how Russian cyber operations possibly influenced the U.S. election results, further illustrates that 2016 is ending in a way no one would have predicted.
Historical reflections on 2016 will likely be rife with words like “shocking” and “unprecedented” as so many developments this year confounded conventional wisdom, sober assessments and big data-denominated predictions. Yet, human nature compels us to wonder about the future, perhaps with even greater interest since uncertainty looms larger than ever in a world where old rules no longer seem to apply. It is with those caveats in mind that I am pleased to share the “top ten” predictions for the year ahead from A.T. Kearney’s Global Business Policy Council.
The first prediction among these top ten, that a crippling cyber attack on critical infrastructure in a major economy will occur — an attack we all won’t miss in the headlines, or forget — is the one I believe merits the most attention. It demonstrates clearly that the current power politics dynamic has shifted dramatically. In the space of the last half century, hard power has given way to soft power which has in turn now yielded increasingly to cyber power. And the challenge to leadership at every level of both the public and private sector to protect our physical, financial, institutional and ideological assets is considerable.
During the mid-20th century, “hard” military and economic might was how power was measured, with the high costs of “mutually assured destruction” acting as a deterrent against another world war. After the fall of the Berlin wall, “soft” power, the ability to shape the preferences of others “through attraction rather than coercion or payments,” became the most influential medium advancing the interests of great powers, particularly the United States with its dominance in media, entertainment, lifestyle and popular culture. This last year, however, has witnessed yet another dramatic shift in the denomination of global power, the rise of cyber power. And such power can be wielded by both state and non-state actors with minimal resources. The advent of widespread and increasingly troublesome cyber attacks, in combination with the intentional proliferation of misinformation, has equally affected private and public sector entities.
Among the logos included in the hundreds of private sector attacks clocked in 2016 are Twitter, Amazon, Netflix, PayPal, and news services around the world, bringing these giants to a virtual standstill with distributed denials-of-service (DDoS). And the United States has been only one of many casualties, which have spanned the globe from Europe to Asia and the Middle East.
Given the relative vulnerability of these critical systems to cyber-intrusion, it’s actually difficult to understand why we haven’t yet witnessed a major attack along the lines of what we predict is in store for 2017. We have seen many dress rehearsals, not only in the hacked websites of some of the most sensitive U.S. government electronic sites and countless U.S. private sector companies, but in the widespread and effective Russian use of cyber intrusion to disrupt electrical power, pipeline transmission and banking transactions in Ukraine…yielding extraordinary collateral damage on that already “hard power”-compromised economy. We know that hackers, state-backed and independent, have the power to do more damage — they’ve shown us that. What we don’t know is under what circumstances and when they will strike in a more public and concrete fashion.
While working closely with the Clinton administration in the 1990′s I was privy to a high-level discussion between senior White House and European officials responsible for cyber concerns. When challenged by the Europeans about not being sufficiently engaged in trying to combat inappropriate and dangerous web-based content, an adviser to then President Clinton explained the U.S. laissez-faire approach by proclaiming that government could never respond quickly or capably enough to counter the inventiveness and speed of nefarious cyber actors. But that was the 1990′s, and the world has changed; there is an imperative now to foster cooperation and collaboration between business and government to face a common cyber threat.
Donald Trump thus far presents a characteristically muddled perspective on these questions, following on an Obama Administration which admittedly came late to publicly acknowledge and address the challenges. The President-elect, on the one hand, in seeking to “make America great again” wants to unequivocally enhance private sector competitiveness and effectively project American power and strength globally. On the other hand, he blithely dismisses intelligence assessments regarding the nature and source of cyber threats on our public and private institutions and businesses, content to allow those who tried to undermine the U.S. stay protected behind the electronic veil.
The incoming U.S. administration must take a leading role as it works closely with its allies, first and foremost, to honestly and openly understand the nature and sources of the threat. As a start, the incoming Administration must embrace investigations into attempts to tamper with the U.S. electoral process, while broadening the focus to capture the full nature of public and private sector cyber threats. Secondly, government must act as the leader in working with industry to harness the best and brightest minds globally — countering the threat, even while wielding cyber power of our own. It is a positive development that in recent days President-elect Trump has added Elon Musk and Travis Kalanick to his President’s Strategic and Policy Forum, which previously lacked Silicon Valley representation. Perhaps with their (and other major CEOs’) cooperation, our 2017 prediction that “the first crippling cyber attack will be launched on critical infrastructure in a major economy” will be rendered yet one more failed prediction.
This article was originally posted on InMilitary.com.