20161005

What if we defended airspace like cyberspace?

Three years ago I had the honor of being in charge of executing a cyber exercise in a small country up close to the ice. Thousands of hours was spent planning - and as always regarding crisis management training; the learning in the planning phase is as important, or more, than the excercise itself. 

The three year anniversary made me think, and after a conversation with a General in the Norwegian Armed Forces, I learned that we should ask ourselves this: «What if we defended airspace like cyberspace?» 

I have pinpointed some challenges in cyberspace before, here What if a Red Cross was attacked - in cyber? and here, Where is the threshold for invocation of Article 5 in cyberspace

I recall the exercise in 2013 with joy. It was a great time working cross sector and cross civilian and military capasities and capabilities.
But I still have a lot of unanswered questions. Well - after talking to that General today - I actually have only one.

Looking at the world from up close to the ice it seems to me we still have not gotten very far. Let us think for a moment about a cyber attack having disruptive effect on infrastructure in more than one allied country. I guess you remember just before Christmas 2015, power went out across western Ukraine. For the fun of it; let us just call that Ukraine incident a proof of concept - a trial run - and then try to imagine the real stuff...

My guess is this: After the following cyber crisis and after the normalization - if we still were able to do cyber stuff - there would be a commission. And the commission would issue a report - to the governments involved and maybe even to The Alliance. And here comes my guess: The report would highly likely include the following paragraph:«The efforts to reduce impacts and normalize the situation were prevented by the mitigating resources not being able to communicate, not willing to share information and not able to agree on actions. Those able to communicate were hindered by bureaucracy and lack of multinational cyber legislation. This lead to lives being lost.
It seems that the established bodies supposed to handle cyber crisis are dysfunctional due to technical focus only.»


So; let us go back to The General´s question: «What if we defended airspace like cyberspace?»
And The General answered: «If we - at the time when airspace was brought into use - had decided to defend airspace like we tend to do in cyberspace today - then every airline in the world would have had a fighter squadron - or two - each.» 
My question is: What do people think they achieve placing themselves in silos like this?

The cyber domain is, has always been and will always remain, a cross global sector domain. The solution is not technology - it is policy.
Let me end this with a smart saying from a wise Lady up close to the ice: «Intelligence and security services protects our privacy. About time the privacy lobby opens both eyes.»

Thanks to these people: Kristin, my mentor, my "little sister", my father, Frank The Tank  -  and those that know I thank them.
[As always, the posts here are the author's alone. Nothing on this blog is reflective of any of the author´s employers, past or present.]

Ingen kommentarer:

Legg inn en kommentar