State-sponsored cyberattacks are now the preferred method of warfare

If you ask around the industry, nearly every cybersecurity expert believes it’s only a matter of time before U.S. infrastructure is the target of a massive cyberattack. The energy sector has already seen major threats and the next dangerous attack won’t be far behind. Why? Put simply, cyber is the new battleground for cross-state conflict. There are a few reasons that this situation has evolved to this point: growing dependence on technology, growing challenges in protecting technology, and the attractiveness of cyber warfare. These issues have existed for years, but they’re independently hitting critical mass at the same time, converging into a “perfect storm” situation.

Our society’s technology dependency has created a high-value target

First and perhaps most importantly, the level of dependence on technology has grown dramatically in the last 10 to 15 years. Almost every part of our society—defense, finance, healthcare, education, government, critical infrastructure, etc.—is almost completely dependent on technology. This is the “plight” (note the explicit quotes) of technologically advanced nations. Some functions have become so technology-driven that there is no going back to non-technology-driven methods. Many of these systems also interact, meaning that a failure of one impacts a larger ecosystem of societal functions. We’ve become so dependent on technology that it’s now a bright, shiny target for those who would seek to do us harm.

Our growing struggle to protect our technology makes it a progressively easier target

Secondly, it’s becoming increasingly difficult to protect the technology that we depend upon so heavily. As compared to 20, 10, or even five years ago, there is more technology in more places than ever—and it all needs to be protected. The technologies themselves are also more varied, meaning a broader set of security skills and operations are needed.

For example, 15 years ago there wasn’t the same level of mobile and cloud technology—these are net-new technologies with their own unique issues and protection requirements. IoT and wearables are right around the corner. And as we’ve reported on in the past, there is a frightening shortage of talent with developed cybersecurity skills and experience, and an even more frightening lack of education programs to develop the talent we need. To sum it up, there’s more technology of more varied types, and not nearly enough skilled talent to protect it all—which makes our technology dependence a weak spot.

Cyber warfare is now cheaper, faster and less gruesome than traditional warfare

The final point is that cyber warfare has become an attractive option for states or other entities attempting to inflict damage on an adversary. In the past ten years or so, the base of available cyber “weapons” (e.g. weaponized exploits) has grown to a critical mass, allowing sophisticated, coordinated attacks to be constructed and executed. A robust underground marketplace for these weaponized exploits—often zero-day—has evolved in recent years. This has created the digital analog to the arms race. Nations have also developed cyberwarfare capabilities within their militaries to a point where meaningfully impactful cyberwarfare can be executed.

Now that the “armies” and “weapons” have been amassed, full-scale cyber warfare is possible. When comparing the risks (political, economic, human risk, failure risks), costs (human, economic), speed, and scalability of traditional warfare to cyber warfare, the latter is an extremely attractive choice for those who might seek to do the U.S. harm.