Is cyber crime "the greatest transfer of wealth in human history," or just a "rounding error in a fourteen trillion dollar economy?" First of all, it is very difficult to estimate how much is lost every year as a result of cyber crimes, from a few billion to hundreds of billions of dollars. Some companies conceal their losses, sometimes they don't even realize they are suffering losses, and it is hard to put a value on intelectual property. The large dollar amount is not the only measurement. We must also consider the effects cyber crime has on trade, technology, and competitivenes, such as the pace of innovation, distortion of trade, and social costs from job loss. High end estimates see loss of jobs at over 500,000 due to cyber crime. Losses due to malicious cyber activity can be broken down into six parts: loss of intellectual property and confidential information, cybercrime, loss of sensitive business information including manipulation of stock market, opportunity costs, additional costs of defending networks, insurance, etc., and loss of reputation to hacked companies. In the end, the larger effect may be on everything else affected by cyber crime than a specific dollar amount. If more is not done to combat cyber attacks, there could be many short and long term effects in the coming years. For more information on the costs of cyber crime, click here.
On July 29, a conference was held by the Atlantic Council's Cyber Statecraft Initiative to discuss Iran's threat as a cyber power to the United States in the Cosmos Club in Washington, DC. The panel included Atlantic Council's Barbara Slavin, Atlantic Council and CCSA's Jason Healey, CrowdStike's Dmitri Alperovitch, and George Washington University's Frank Cillufo. The panel began by discussing the current state of Iran with its recent elections and a cautious optimism for change with the new minister. They then shifted to discussing Iran's current cyber capabilities, such as while still being limited to destruction of data and disruption of services, within five years, could be on the same level as the US, China, and Russia, among others with a higher intent to do damage than all the others. A main target for Iran has been the United State's financial sector, especially the banks. This is likely due to the economic sanctions placed over Iran by the United States. With current attacks not being overly damaging, such as attacks on the banks usually only lasting a day or two, with little actual damage to the bank, the US continues to add more infrastructure to the Internet. It is a matter of time before Iran attacks a target that is very vulnerable, where they can keep it down for a long period of time and cause serious damage.
On July 18, A Fierce Domain: Conflict in Cyberspace, 1986 to 2012, edited by CCSA's Jason Healey, successfully launched at George Washington University's Homeland Security Policy Institute. This book is the first of its kind to provide a comprehensive history of cyber conflict, discussing a number of early attacks that served as wake up calls to the need for greater cyber security. The book also goes on to identify important lessons for policymakers. For more information on A Fierce Domain, click here. For more coverage on Jason Healey and A Fierce Domain, check out these stories: Digital Doomsters and The Future of US Cyber Command. To purchase the book from Amazon, click here. Below are pictures from the launch event.
On June 24, CCSA's James Mulvenon and Gregory Rattray, along with Dmitri Alperovitch, co-founder and CTO of CrowdStrike Inc., took part in a discussion addressing the status of Chinese cyber espionage. The event was hosted by the Atlantic Council and focused on solutions to resolve US-Chinese tension on cyber security and espionage.
As part of the discussion, each expert provided advice for US policy makers to consider when approaching these challenges. Mr. Alperovitch began by categorizing the Chinese cyber threat into three sections: economic espionage dealing with intrusions into the private sector, national security espionage dealing with strategies to collect foreign intelligence, and computer attacks addressing the damage China could do to the US should such an attack occur. Next, Dr. Mulvenon spoke about the value of offensive reactions to China's cyber threats and attacks, considering how on defense you have to prepare for any number of factors, while on offense, you only need one solution to be successful. He suggested two approaches, first scaring China into a truce by stealing some of their information and enlightening them to the ramifications of attacking the US. Second would be to "poison the well" by feeding China false information and getting them to doubt any data they may acquire. Finally, Dr. Rattray spoke about the opportunity this new Chinese president has to steer hackers away from cyber attacks on the US and further risk alienating American businesses that used to look forward to Chinese business partnerships. He also mentioned that despite this, the private sector should make better efforts to protect themselves rather than leaning on the government for help.
For more information on what took place during the discussion, please click here.