RSA 2017: Five Reasons Why We’re Losing The Cyber Battle

4. Deterrence is difficult

In the grand scheme of things the digital battlefield is still a relatively new one and developing the appropriate means of punishment for cyber crime has proved to be easier said than done.

“If there are not consequences for bad behaviour, then bad behaviour will continue. In the cyber realm we have to show that there will be consequences and that intruders will be brought to justice,” said McCaul. 

“Unfortunately we still do not have clear, proportionate response policies for striking back against nation states, cyber criminals and others who invade our systems and we certainly don’t have the manpower, appropriate legal structure and global cooperation to take down suspects as fast as we need to.

“Our ability to win the war in cyber space depends on our ability to deliver consequences by striking back when appropriate. This will require strong leadership from the top, a willingness to track down rogue hackers and a determination to hold hostile countries accountable for bad behaviour.”

This will also require cooperation between governments, giving extra emphasis to Microsoft President Brad Smith’s rallying cry for world government’s to join forces in the cyber battle.

5. Digital vs national

McCaul described the relationship between digital security and national security as “a real paradox”, in that the improved security of digital networks and systems is helping terrorists stay hidden.

“Gone are the days of Osama Bin Laden when extremists plotted using caves and hideouts. Now we have a new generation of terrorists who are recruiting over the internet and using virtual safe havens to escape detection and force their propaganda on a global scale,” he said. 

“As a result we are seeing an unprecedented spike in terror plotting against the West. We had the brutal attacks on Paris and Brussels as tragic examples and reminders of how terrorists stay under the radar using end to end encryption on their phones to cover their tracks.”

This point brought up reminders of Apple’s very public fight with the FBI last year when it refused to give the FBI backdoor access into an iPhone belonging to a terrorist involved in the San Bernardino attack. At the time, Tim Cook said the FBI’s demand set “a dangerous precedent” and that implementing a backdoor would create ‘a software equivalent of cancer’.

In a statement that brought cheers from the audience McCaul said: “We must resist the temptation to go after encryption with knee jerk responses. I believe that creating backdoors into secure platforms would be a huge mistake. It would put our personal data at risk and leave our companies vulnerable to intrusion.”

“At the same time, we can’t allow groups like ISIS to remote control terrorist attacks using the darkness of the web. We need to find a way to keep our country safe while also keeping our data secure.”

Also at RSA Conference 2017, Silicon heard about the need for business-driven security, the political implications of cyber crime and why the smart home and data weaponisation are the new threat vectors for 2017 and beyond.

Quiz: The constant battle that is cyber security