In 2008, I wrote and essay entitled “The Year of Living Cyberdangerously” in which I noted that I couldn’t “help but think that 2009 will be a precipice year in the cybersecurity domain.”

My gut instinct was right, in that 2009 brought us the Aurora attacks and the popularization of Colonel Greg Rattray’s Advanced Persistent Threat (APT) descriptor in the media and security industry to characterize a specific set of capable threat actors engaging against U.S. targets. It was also the year that North Korea potentially dipped their toe into the cyber attack waters with a series of attacks against U.S. and South Korean interests. The year 2009 kicked off a decade of brazen cyber attacks by a plethora of actors and has fueled hundreds of billions of dollars of investments in cyber defense.

So here we are in 2018 having accomplished so much yet so little over the past decade, and my cyber spidey sense is tingling again. Here are three recent developments that are contributing to an increase in cyber risk over the coming 12-18 months.

The Russian Free Lunch

It is without dispute that the Russia government sought to disrupt the integrity of the U.S. election system with a series of cyber and information operations. The lack of requisite in determining an appropriate level of accountability for these attacks reinforces the “little stick” concern I raised in 2008:

“Big carrot, little stick. Cyberattacks have been launched against major companies, the U.S. government, and the McCain, Clinton, and Obama campaigns. Consequences for the attacker have been non-existent. This just further incentivizes adversaries to push the envelope.”

This risk is further agitated by the fact that National Security Advisory John Bolton is allegedly considering eliminating the top cyber job at the White House.

The recent departures of two cyber-capable executives at the White House already had experts like Jason Healey scratching their head and the full-on elimination of the position would create a vacuum at the White House on cyber issues.

The Hedge

We can’t discount the potential for these issues to be advanced behind closed doors. With the elevation of Cyber Command to the Combatant Commander level and the Trump Administrations affinity for covert action, we have to accept there are parts of this picture we just aren’t going to see in the open sources.

The Trump Tariffs Agitate China

The United States State Department’s Overseas Advisory Council recently released a report warning U.S. executives of an increased hacking risk due to the implementation of new tariffs by the Trump administration. The report warns that “one side effect of this simmering trade dispute will be an increase in China-led cyber espionage”.

The Hedge
For years I’ve been talking about China reaching innovation parity with the United States in a few key sectors and that will continue to influence their cyber espionage activities. China is making big bets in Artificial Intelligence and focusing technical talent and resources on creating, not stealing technology. Some commercial sectors are still at high risk of attack, but China could see a return to previous levels as a distraction from their current strategic initiatives.

No Deal for Iran

The U.S. withdrawal from the Iranian nuclear deal could provoke an increasingly isolated Iran to increase their level of cyber attacks against U.S. targets. The Iranians are emerging as a reasonably capable cyber power and have not hesitated to engage in attacks provoked by international political dynamics. A few cyber shots across the bow at U.S. infrastructure and corporations is a likely outcome of the nuclear deal collapse.

The Hedge
Iran is distracted with regional security issues including the conflict in Syria and increased tensions with Israel. Cyber attacks might not be top-of-mind, but they could certainly be on the near-term todo list.

The Year of Living Cyberdangerously or Cyber Ground Hog Day

After two decades of working cyber issues, I’ve learned not to sound the klaxon too loudly on emerging threats. As Lois McMaster Bujold notes “History does not so much repeat as echo” and the dynamics in the coming year aren’t entirely different from the past decade.

That said, it is important that executives, security managers, and practitioners understand the geopolitical dynamics that impact their threat and risk models and the three discussed above are notable enough indicators to warrant your attention.

About the Author

Matt Devost

Matthew G. Devost is the CEO & Co-Founder of OODA LLC. Matt is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cyber-security issues. Matt co-founded the cyber security consultancy FusionX from 2010-2017. Matt was President & CEO of the Terrorism Research Center/Total Intel from 1996-2009. For a full bio, please see www.devost.net