Governments are the biggest investors in developing offensive cyber capabilities and collecting technical exploits. Such digital arsenals are an asset but also a potential liability. Security and protection is crucial to these highly transferable and reusable resources. Strategic planning and steps must be taken to avoid or minimize unintended consequences against government services, allies, businesses, and individuals.
In a recent report, the UK Government Communications Headquarters (GCHQ) stated they “over-achieved” and delivered almost double the number of offensive capabilities they were aiming for. This has likely repeated itself across many nations who have invested billions into cyber defense/offense programs over the past several years. The result is a number of governments who now oversee growing cyber ‘zoos’ of dangerous digital beasts.
Nation states developing offensive cyber weapons is necessary in the digital landscape of our politically charged world. It would be negligent not to, just as it is unwise to allow military postures to degrade to levels of ineffectiveness. But in doing so, it is important to acknowledge such investments contribute to an overall increase to the global risks. Therefore, it is prudent to act with necessary foresight.
Regardless if exposure is due to theft or when the weapon is used, at some point adversaries will get access to your investment. Unlike traditional weapons, which are expended at the time of use, digital arsenals can be reused. The effects could be catastrophic.
Businesses, organizations, and individuals must also be concerned. Organized criminals have found favor in harvesting nation-state quality cyber tools for use in ransomware, network attacks, denial-of-service, and extortion schemes.
It is the responsibility of governments to think ahead and be prepared for the eventuality that the very weapons they create will be re-purposed and could target anyone, causing unintended damage and potentially be attributed back to the government who created them. It is the duty, as caretakers of such arsenals, to keep control of these weapons and be ready to respond if they are misused.
Proper forethought is necessary to secure and protect all weapons, including cyber.
Matthew Rosenquist is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services.