Defense Secretary Jim Mattis said on June 15, “We are witnessing a world awash in change—a world beset by the reemergence of great power competition and we define the categories of challenges as urgency, power, and political will.”
This description of the geopolitical landscape also defines the current state of Cybersecurity, and highlights its pivotal role in the massive shift in a large and diverse group of malicious, state-sponsored competitive strategies against U.S. companies.
Concurrently, this risk must be recognized as permeating all aspects of the enterprise and presents a systemic unprecedented risk.
Every company, regardless of industry or size is a target of unprecedented risk.
In my own work which focuses on addressing these threats, we define “risk” in terms of probability and consequence; we also manage it in direct and indirect terms.
If your business, your suppliers, or your customers rely on the Internet, data systems, international banking system, energy and transportation infrastructure or any other feature of the interconnected world, then your probability of being attacked is near 100 percent, and consequences may be dire if you are unprepared.
These attacks may come directly, concentrated narrowly against your company, or they may be indirect, impacting the supporting infrastructures you and your customers depend on.
Every organization, its employees, and our citizens are being methodically challenged unlike any other time in history.
If you have trade secrets, innovation, intellectual property, or sensitive data or operations, you are clearly at risk are targeted for unprecedented theft or disruption.
American companies, due to their preeminent position in the world’s economy, have been at the target of a massive competitive shift on a scale never contemplated by those who have been accustomed to the protections of international law.
When the dust of the disruption of the new era in global competition settles, there will be clear winners and losers, and potentially significant corporate extinctions.
The winners will be those Chief Information Security Officers (CISOs) and C-levels executives who took early decisive action against unprecedented risk—those who recognize that they need to urgently exercise their own power and will to protect their enterprise—today.
Unprecedented risk is risk that permanently shifts the balance of power in the market as it diminishes the competitive advantages of every targeted company.
Over time, the cumulative effect is severe, destroying individual companies while disrupting markets, damaging the economy, and weakening our national security.
The primary issue with unprecedented risk is most leaders is the concept that “they don’t know what they don’t know.”
If C-suite and board leaders are not aware that the game changed or don’t understand the details of the new competitive strategy being used against them, they cannot compete effectively by responding in time with the correct counter-strategy and tactics.
When connecting the dots, analyzing intelligence, networking with other experts, mining media reporting, and mapping the outcomes of myriad attacks, it becomes clear that adversarial nation-states (China, Russia, Iran, North Korea, among others) have driven this shift and engaged in mostly under the radar events, carefully avoiding actions that would trigger an overt response from U.S. leaders or international institutions.
The overarching strategy is to disrupt the global legal and economic system established by the United States after World War II, and replace it with a system dominated by a few corrupt, autocratic governments.
This shift creates unprecedented risk rooted in lawlessness, in the form of highly pervasive economic espionage, information warfare, economic warfare, and cyber warfare to name only a few.
Unprecedented risk encompasses an increasing exposure to all forms of risk (financial, reputation, strategic, operational, market, legal, survival) while quietly and permanently destroying future competitiveness of American organizations.
The significance of the game change is underscored recently by the director of the FBI, Christopher Wray, who said on July 19, “China is the broadest, most challenging, most significant threat we face as a country.”
Much of this shift to unprecedented risk has been instigated by cloaking unprecedented economic espionage under other, more peaceful guises like “fair trade” and “collaboration” (estimated $5 trillion each year in total value of stolen American innovation, trade secrets, and intellectual property) aimed at permanent global market domination.
Information warfare targets the weakening of political strength, popular trust in core institutions, citizen culture, and resolve.
Russia has dominated the headlines recently by enacting information warfare with election hacking and social media manipulation.
Economic warfare seeks to control and disrupt markets, distort pricing, manipulate demand, and generally undermine competition.
Cyberwarfare today is predominantly conducted by nation-states with highly efficient access, theft, and control based on plausible deniability recognizing no rules.
These methods are a few of the over one hundred utilized by our trading partner and economic adversaries against U.S. companies and are underscored in the media every day.
Allowed to continue unabated, the cumulative effect of unprecedented risk is expected to be the single most significant global event of this century.
This shift was underscored by General Keith Alexander, former NSA director and National Security Agency and commander of U.S. Cyber Command, when he said six years ago on July 9, “It is the greatest transfer of wealth in history.”
Understanding and Winning Against Unprecedented Risk
DHS Assistant Secretary for Cyber Security Jeanette Manfra said at the DEFCON cybersecurity conference on Aug. 14, “Digitization changed everything.”
Defending against unprecedented risk requires a shift in corporate strategy and cybersecurity strategy to include ongoing adversarial strategy and tactics.
From the cyber perspective, after years of increased cybersecurity spend, attacks doubled in 2017 alone with well over one-third being successful, illustrating the risk gap that must be addressed by this internal shift.
A hacker only needs to be successful once while each organization and their suppliers must be successful in protecting their assets 100 percent of the time.
Cyberwar has been correctly termed “the forever war”: we are irreversibly and increasingly dependent on cyber technologies to remain competitive; however, that dependence comes with a disproportionately large risk.
The cyber industry’s compounded failings and approach to cybersecurity necessitate an immediate paradigm shift in every organization.
Cybersecurity ceased being an information technology-only function years ago.
Today, cybersecurity is a strategic cultural and policy change that must be led by the CEO and board.
It is a strategic imperative that must be understood and managed across the enterprise: from the C-suites, board, and shareholders, to the rank and file.
Proactive senior leadership involves clearly understanding the genesis of this threat, and are engaged in building full corporate awareness, developing asymmetrical threat training, and leading execution against the asymmetrical strategies and tactics of our adversaries.
Leaders understand that any new approach must address the fact that risk (financial, reputation, strategic, operational, market, legal, survival, all risk) and modern unprecedented risk are now interconnected and must be addressed as an ecosystem; as their adversaries have done for decades.
We must recognize that we now live in an era of uneven, ruthless, state-sponsored global competition. Many executives do not understand the totality of the new forces they are forced to deal with.
An informed leadership gains the knowledge edge required to participate successfully in the modern uneven global competitive model.
All senior leaders must urgently make the shift in how they think about modern global competition and that requires recognition of the new reality, a new planning process, a new operational framework, and decisive execution.
BLACKOPS CEO Casey Fleming Contributed to this article.
Read the full report at American Security Today.