Tuesday, March 27, 2018

Oh Yeah, the Physical Real World Exists, Too

Why is there a cyber limit on responding to cyber hackers who live and operate in the physical world?

Okay:

It is not news that cyberspace is insecure. Attackers have had the advantage over defenders for not just years, but decades. Quotes from decades ago make it clear that cyber defenders then faced the same challenges we do today (and with a similar lack of success).

When confronting enemy air defenses, we don't simply focus on counter-measures on the plane that deflect air defense missiles. We go after the launchers to blow them up.

When confronting enemy artillery or surface-to-surface missiles, we don't just try to shoot down the projectiles and harden defenses. We go after the artillery and missile launch sites to blow them up.

Body armor is not the only way to keep soldiers from getting killed; and active protection systems are not the ultimate way of defeating threats to armored vehicles. Killing the threats works even better.

So why do we seem to focus so much on defending against cyber attacks and mounting cyber counterattacks of our own when hackers in the real world blow up real good?

Not that fighting in cyber more effectively isn't something that should be done, but you'll note that attacking the hackers in the physical world isn't even hinted at in the scope of the issue.

UPDATE: It's great that the Army is preparing cyber-warriors at Fort Gordon (ah, I remember it well), but in an era when "cross-domain" capabilities is a thing in the Army, don't forget that enemy cyber-warriors may fight in the cyber domain but live in the physical world--where old school high explosives can kill them.