Cyberattacks: Too much how, not enough why


Legislators, executive branch agencies and industry pay too much attention to the mechanics of cyberattacks and not enough to why the attacks occur, according to a report by the Intelligence and National Security Alliance.
The nonprofit, public/private INSA's March publication "Strategic Cyber Intelligence" states that national security and intelligence communities need to identify the broader goals and perspective on cyberattacks to properly allocate resources and counter assaults.
INSA seeks to recognize and promote standards in the national security and intelligence communities. Its members include current and former high-ranking intelligence, military and government leaders, analysts, and experts from industry and academia.
Tactics dominate the discussion of cybersecurity, the reports states. The tactical focus is apparent in the Cyber Intelligence Sharing and Protection Act, which defines cyber intelligence as "information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity including information pertaining to the protection of a network or system."
The focus on "system" and "network" instead of an organization's intellectual property, trade secrets, sensitive operations, and other competitive and mission-oriented data misses the larger point, according to INSA.
A broader strategic vision that looks for reasons why an attack is occurring and what the attackers are after can lead to better tactical, on-the-ground defenses.
"Many organizations do not consider themselves to be attractive targets for a cyber incident until after the threat occurs," the paper states.
INSA officials said they hope to help C-suite executives, top managers and other senior-level leaders interpret and understand the full context of cyber threats, including the bond between strategic cyber intelligence and risk management. They also want a more thorough consideration of the role of strategic cyber intelligence analysis based on the National Institute of Standards and Technology's risk assessment methods.
Among other vulnerability exercises, INSA recommends "red teaming" to understand possible attackers' motives, goals and potential targets. Vulnerability assessments that follow NIST's recommendations are also essential to any risk management plan, the report states.