Blog archive

Is cyber-offense the answer?

gloved hands

Private-sector companies spend billions of dollars each year on cybersecurity to keep the bad guys out of their systems, but their efforts are often exercises in futility as the tools and capabilities of cyber threats continue to increase.

Verizon's 2013 Data Breach Investigations Report (DBIR) puts the increased threat in perspective, containing data on 47,000 cyber-security incidents and 621 confirmed data breaches reported by 19 worldwide partners, including the U.S. Secret Service. Twenty percent of reported private-sector breaches – 70 percent of breaches are discovered by third parties, by the way – were perpetrated by state-affiliated actors such as China, according to DBIR, and most often driven by financial motives.

And as Steven Chabinsky, senior vice president of legal affairs and chief risk officer of Crowdstrike told an audience at an FCW cybersecurity briefing Sept. 12 in Washington, D.C., the bigger that companies and federal agencies build their walls, the taller ladders these adversaries come up with to scale them.

"The bad guys don't give up," said Chabinsky, specifying that attacks are often perpetuated by the same parties. Yet strong defenses and big data analytics for situational awareness do little to curb outside threats or reduce or eliminate future threats.

Chabinsky recommended a different course of action, calling for the government to go on the offensive with diplomatic, informational, military, economic and law enforcement threat-deterrence options, in addition to private sector civil remedies.

"The government had better get a handle on threat deterrence. The private sector has had enough," Chabinsky said. "We need to shift to threat deterrence." 

Chabinsky's comments differed from those expressed at the same briefing by Thomas Rid, author of "Cyber War Will Not Take Place." Chabinsky argued that, without more credible U.S. deterrence, cyber-attacks and their consequences could indeed rise to a level of cyber-war.  

Rid, citing the "black budget" leaked by former National Security Agency contractor Edward Snowden, said the U.S. government already spends too much money on offensive cybersecurity tactics. More money, he said, should go toward defending existing networks.

Note: This story was updated on Sept. 17 to clarify Chabinsky's emphasis on threat deterrence. 

Posted by Frank Konkel on Sep 17, 2013 at 7:23 PM


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.