Cyberattacks: Too much how, not enough why

Placeholder Image for Article Template

Legislators, executive branch agencies and industry pay too much attention to the mechanics of cyberattacks and not enough to why the attacks occur, according to a report by the Intelligence and National Security Alliance.

The nonprofit, public/private INSA's March publication "Strategic Cyber Intelligence" states that national security and intelligence communities need to identify the broader goals and perspective on cyberattacks to properly allocate resources and counter assaults.

INSA seeks to recognize and promote standards in the national security and intelligence communities. Its members include current and former high-ranking intelligence, military and government leaders, analysts, and experts from industry and academia.

Tactics dominate the discussion of cybersecurity, the reports states. The tactical focus is apparent in the Cyber Intelligence Sharing and Protection Act, which defines cyber intelligence as "information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity including information pertaining to the protection of a network or system."

The focus on "system" and "network" instead of an organization's intellectual property, trade secrets, sensitive operations, and other competitive and mission-oriented data misses the larger point, according to INSA.

A broader strategic vision that looks for reasons why an attack is occurring and what the attackers are after can lead to better tactical, on-the-ground defenses.

"Many organizations do not consider themselves to be attractive targets for a cyber incident until after the threat occurs," the paper states.

INSA officials said they hope to help C-suite executives, top managers and other senior-level leaders interpret and understand the full context of cyber threats, including the bond between strategic cyber intelligence and risk management. They also want a more thorough consideration of the role of strategic cyber intelligence analysis based on the National Institute of Standards and Technology's risk assessment methods.

Among other vulnerability exercises, INSA recommends "red teaming" to understand possible attackers' motives, goals and potential targets. Vulnerability assessments that follow NIST's recommendations are also essential to any risk management plan, the report states.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Thu, Apr 17, 2014 Old Corps

The why has always mattered, it's part of understanding your adversary. It matters at both the tactical and the strategic levels. Go read “The Art of War”.

Wed, Apr 9, 2014

I come from both a law enforcement and corporate brand protection and investigations background and this issue is not unlike other types of crime, e.g. drug trafficking, money laundering, fraud etc. The why isn't really that relevant-- we can stipulate that human beings are dishonest, greedy, power seeking and have their own agendas for stealing from or harming others. The main motives are for profit and political motivation/nationalism, sometimes there is a revenge motive or simply a desire to disrupt, destroy and claim bragging rights, i.e. hubris. Knowing why they do it doesn't really inform as to how to stop them and can end up wasting time and resources. There is a tendency in our society to want to know the why and then find reasons to justify it--indicative of today's moral relativism; Snowden is a good example.

Wed, Apr 2, 2014 JB

I don't think the previous commentor understood the article, or looked at the referenced material. The point of this is getting leaders the relevant cyber intelligence information they need to make decisions. A Congressman writing laws doesn't need to know tactical-level intent. She needs to know strategic and operational information. Why is always there, and how comes afterward, to satisfy the why. Understanding why is important. BTW, no matter how many times we stop the how, there will always be someone who finds a new way to hack it.

Tue, Apr 1, 2014

I'm simply jealous I didn't get into the ISO side of IT... It seems to be a revolving door of answer looking for a problem and never actually lifting a finger. Add a cool layer of blame for the rest of the IT community and you have a career-minded ISO.

Tue, Apr 1, 2014

The premise of this article is out of touch with reality. There will always be a why for this type of activity, it will just vary with time and people. If you can stop the how, the why becomes irrelevant. As such, shifting cyber security from the how to the why will just make the problem worse - and that is not even counting the added effect of focusing on the why tends more to create an atmosphere where people are using it to justify this destructive activity.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group