When you advocate for cooperation and then act unilaterally, does that make future overtures more or less likely to resonate?

WASHINGTON — The United States said on Wednesday that it had secretly removed malware from computer networks around the world in recent weeks, a step to pre-empt Russian cyberattacks and send a message to President Vladimir V. Putin of Russia.

A big ‘win’ right?

For as long as I can remember, and I’ve been doing this a long time, the government has been preaching the importance of “public-private” partnerships and “information sharing.” Those are two things that have basically been in every national strategy or policy document dealing with cybersecurity since we started making them. But this latest action really makes one wonder what the point of establishing a supposedly mutually beneficial relationship with the government actually is, if they’re just going to do whatever they want, regardless of your considerations.

The government accessing private systems without system owner knowledge to take action is not new. It is of course perfectly legal, but then so is asset forfeiture, but that doesn’t always make such actions right or just. The government has no earthly idea what your IT infrastructure looks like, operates, or supports. They have no idea if their actions could cause problems. Problems they’re not going to have to deal with. And should the people responsible for these systems find themselves called on the carpet for the actions of a third party who just happens to work for the Department of Justice, the number of SACs or AUSAs who show up to advocate on their behalf is likely to be zero.

It is not as though there isn’t a public-private threat-response model with a track record that could have been used instead. Somehow the courts, cops, and industry all managed to work together – confidentially and leak-free – to thwart the actions of bad actors. It’s been going on for years. In fact, the government could have gotten a two-fer if it had gone down this path: The rapid elimination of a threat, and proof positive that collaboration has value.

Instead, we have industry adding “Rule 41” to their incident response playbooks, and deleting InfraGard meetings from their calendars.

Working with public information, at this early date, we don’t really know the full impact of these actions. Digital exigent circumstances used to be half a joke in the early days, but speed could very well have been of the essence and the risks justified. I think any fair critic would be happy to change tack were that proven true. And having been in government I know the level of effort a (flaming) hoop jumping that had to take place for this action to become reality.

But no one who has spent any length of time in this business can look at these developments and not think that there are other models we need to consider beyond martial and enforcement. Just because the modern industry’s roots can be traced there doesn’t mean that’s where its future lies. Maybe that’s civil defense, maybe that’s public health, maybe it’s something else. But if we don’t start exploring them in earnest, the only thing I know we can look forward to is more of this.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community