Playing Defense

In cases like HBO, any company is playing from behind.  Defense, which is what I did for the better part of 40 years, never wins.  We are increasingly facing government-sponsored attacks by well-financed operations, that have unlimited time and focused attention.  This is like the Russian-US wars of the 70's and 80's, except that they are not stealing information, as much as embarrassing institutions that compete economically with them.  Eventually, the offense wins, and in this kind of case, the offense wins every time.

What question this brings to mind is What do we do about this?  We can do what the banks did and get their industry together to start securing its infrastructure, doing oversight, and putting sanctions on those who don't cooperate.  That takes about 5-7 years to do, and while we do it, the enemies get better at what they are doing.  Banks are taking acceptable losses, at least to hear them talk, but I always say, "Acceptable to whom?"  Acceptable to the Fed?  Acceptable to the Board?

We need a deterrence to stop this kind of behavior and there is only one good one, attack.  I was asked a question related to this when I testified at the US-China Economic and Security Review Committsion, because the person who asked it thought I would say we need to strike back.  I said what was true - we are not ready for that.  Since then, the Director of National Intelligence and Director of the National Security Agency have both said we are not ready to engage in this kind of war.  This basically means we have allowed ourselves to get to the point where we are fighting a losing battle every day, but can't put enough emphasis on our offensive capabilities to get them ready to fight this kind of war.  Any of you that have ever played war games, know how that always comes out.  There is a need, as Sony and HBO will tell you, but there is not a will to shift resources away from the military toys and put them into cyber.  Unitl we do, we are going to be fighting the losing game of defense.