Cyberwarfare isn’t Game of Thrones. A Wall Won't Work. With General Stanley McChrystal | Big Think
Cyber security is a unique challenge today because one, we are so utterly dependent upon our digital communications and our digital control of things. So, it's going to become ever more essential that we have the ability to provide security that we're confident in.
The challenge is, if we were against Doctor No or Mr. Big in a cave somewhere and they got a bunch of people working, you could understand the threat. You could sort of limit the threat, and the threat would have a predictable limitation in what they could do. They'd have to pick an avenue of approach, and they'd have to go at that avenue of approach because they can't do all things at all times.
The problem with cyber security is, that's not the threat. There are some entities like that; there are some state-sponsored entities that are focused on certain things. But the barrier to entry into the cyber world is very low. You can get in your basement in your boxers shorts, and you can have a computer and you can get into the game.
It's sort of the idea of 10,000 monkeys typing on 10,000 keyboards: somebody is going to create a cyber security challenge. And it's constantly morphing and adapting, whereas the cyber security requirement is to protect things. So, you essentially have to protect everything that you value all the time. The people who want to attack that can attack at their choosing wherever they want and constantly change their attacks.
Constantly, just like water goes against a dam, it just goes until it finds the weakest point. At some point, something happens—technology changes, human error, technological glitch, or whatever. There's a good likelihood that they'll get in.
So, if you think about the cyber security problem, the first thing I don't think will work is the Maginot Line. The Maginot Line was created by the French in the 1930s to prevent the Germans from doing a repeat of the First World War and invading France from Germany. People think of it now as the stupidest thing ever built, but it's not really correct because the Maginot Line actually worked.
The Germans did not invade across the German/French border. Now, the fact is, they went through Belgium. They still got into France and conquered France in the summer of 1940. So, I think the lesson to be learned is there has to be defensive things set up as best we can for cyber security, but it's going to have to be this constantly adapting, constantly morphing, defense in depth, with some offense too—going out and figuring out where the threats are arising.
And that defense in depth means that you can't have one line. The government can't put a big wall up and everybody hides behind it, nor do we want each organization, each commercial firm or government organization, to be an island unto themselves just hoping that they're not the weakest wildebeest in the herd and that the lions will get somebody else.
What we really need is all those entities to be linked so that they constantly learn from one another. If one suffers a breach, everyone has to learn from it. Right now, the challenge is people are loath to share that information. One, because commercially they might be hurt by reputation; also, they're afraid the more you share, the more you have the possibility of your little island not being completely separated.
Your moat around it has got linkages across it, and you can be opened up more. But we're going to have to get a network to defend where every time something happens, and we learn from it, the entire network learns immediately. We're going to have to have that kind of speed because there will be breaches. There will be mistakes. But the organisms have got to learn.
It's going to have to be a lot like the human immune system. The human immune system is extraordinary because about 10,000 times a day it gets attacked by something that could hurt the human body. But as it responds and it sends out antibodies to it, it does it and learns from that.
So, if it has a breach one time, it actually builds up antibodies against that challenge and has them at the ready for the next time. That's how we build up immunity to things. And I think the human immune system is the way our cyber defense is going to have to be, which means it has to be integrated.