Cyberattacks: Too much how, not enough why

Placeholder Image for Article Template

Legislators, executive branch agencies and industry pay too much attention to the mechanics of cyberattacks and not enough to why the attacks occur, according to a report by the Intelligence and National Security Alliance.

The nonprofit, public/private INSA's March publication "Strategic Cyber Intelligence" states that national security and intelligence communities need to identify the broader goals and perspective on cyberattacks to properly allocate resources and counter assaults.

INSA seeks to recognize and promote standards in the national security and intelligence communities. Its members include current and former high-ranking intelligence, military and government leaders, analysts, and experts from industry and academia.

Tactics dominate the discussion of cybersecurity, the reports states. The tactical focus is apparent in the Cyber Intelligence Sharing and Protection Act, which defines cyber intelligence as "information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity including information pertaining to the protection of a network or system."

The focus on "system" and "network" instead of an organization's intellectual property, trade secrets, sensitive operations, and other competitive and mission-oriented data misses the larger point, according to INSA.

A broader strategic vision that looks for reasons why an attack is occurring and what the attackers are after can lead to better tactical, on-the-ground defenses.

"Many organizations do not consider themselves to be attractive targets for a cyber incident until after the threat occurs," the paper states.

INSA officials said they hope to help C-suite executives, top managers and other senior-level leaders interpret and understand the full context of cyber threats, including the bond between strategic cyber intelligence and risk management. They also want a more thorough consideration of the role of strategic cyber intelligence analysis based on the National Institute of Standards and Technology's risk assessment methods.

Among other vulnerability exercises, INSA recommends "red teaming" to understand possible attackers' motives, goals and potential targets. Vulnerability assessments that follow NIST's recommendations are also essential to any risk management plan, the report states.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Thu, Apr 17, 2014 Old Corps

The why has always mattered, it's part of understanding your adversary. It matters at both the tactical and the strategic levels. Go read “The Art of War”.

Wed, Apr 9, 2014

I come from both a law enforcement and corporate brand protection and investigations background and this issue is not unlike other types of crime, e.g. drug trafficking, money laundering, fraud etc. The why isn't really that relevant-- we can stipulate that human beings are dishonest, greedy, power seeking and have their own agendas for stealing from or harming others. The main motives are for profit and political motivation/nationalism, sometimes there is a revenge motive or simply a desire to disrupt, destroy and claim bragging rights, i.e. hubris. Knowing why they do it doesn't really inform as to how to stop them and can end up wasting time and resources. There is a tendency in our society to want to know the why and then find reasons to justify it--indicative of today's moral relativism; Snowden is a good example.

Wed, Apr 2, 2014 JB

I don't think the previous commentor understood the article, or looked at the referenced material. The point of this is getting leaders the relevant cyber intelligence information they need to make decisions. A Congressman writing laws doesn't need to know tactical-level intent. She needs to know strategic and operational information. Why is always there, and how comes afterward, to satisfy the why. Understanding why is important. BTW, no matter how many times we stop the how, there will always be someone who finds a new way to hack it.

Tue, Apr 1, 2014

I'm simply jealous I didn't get into the ISO side of IT... It seems to be a revolving door of answer looking for a problem and never actually lifting a finger. Add a cool layer of blame for the rest of the IT community and you have a career-minded ISO.

Tue, Apr 1, 2014

The premise of this article is out of touch with reality. There will always be a why for this type of activity, it will just vary with time and people. If you can stop the how, the why becomes irrelevant. As such, shifting cyber security from the how to the why will just make the problem worse - and that is not even counting the added effect of focusing on the why tends more to create an atmosphere where people are using it to justify this destructive activity.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group