Although there are suggestions the idiom “we are all in the same boat” is a reference to the sinking of the Titanic in 1912, it actually was first used by the ancient Greeks when speaking about the risks that passengers in a small boat at sea had to share. The phrase certainly has stood the test of time, and aptly and accurately captures the cyber plagued world of today. For example, the Chinese, widely viewed in this country as a leading cyber provocateur, are working hard to shore up their cyber defenses. As recently reported in the Wall Street Journal, “The Chinese have gotten increasingly worried that they do not have the right kind of regulations, protections and responses in place,” said Adam Segal, a China and cybersecurity scholar at the Council on Foreign Relations in New York. “There is a real sense that there needed to be some type of regulatory response to potential attacks.”
Are the Chinese right to be worried? In a word, yes. China is generally perceived to be highly vulnerable to a cyber attack. While the recent spate of attacks on US interests that are being laid on China’s doorstep suggest the Chinese government should be apprehensive about an attack orchestrated by the United States to deter further aggression, the truth is China could be attacked by any number of sources. Interestingly, earlier this year China sought to reduce its list of potential adversaries by signing a mutual non-aggression pact with Russia. Under the pact, the two countries agreed not to hack each other, presumably dedicating their efforts elsewhere. Whether that pact will hold water over time is a somewhat dubious proposition.
And what of Russia, another source of continuing cyber attacks around the world? Russia Today recently reported that “A hacking group has sent an open letter to the head of military counterintelligence at the Russia’s Federal Security Service (FSB) to complain about Defense Ministry staff allegedly sidestepping the corporate email system to share top secret information, using public services instead.” The hackers said the stolen data was for sale, and kindly offered to sell it back to Russian military counterintelligence at a deep discount. Russia clearly has formidable capabilities in the cyber world, but it too has significant vulnerabilities.
We could continue the trip around the world, and doing so would reveal that every nation is vulnerable. Iran, another nation seen as a leading practitioner of cyber mischief, was victimized by the stuxnet virus. European nations fret they may be a decade behind in the cyber race to who knows where. There may be small solace in knowing that we are all in a very leaky boat. But that recognition may at least temper some behavior, and serve the greater good.
By Tom Davis, SDI Cyber Risk Practice
SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.
You can view previous blog posts on cyber risk management here.
August 11, 2015