In my view, one of the major weaknesses in cyber defense planning is the perception that there is time to lead a cyber defense while under attack. It is likely that a major attack is automated and premeditated. If it is automated the systems will execute the attacks at computational speed. In that case no political or military leadership would be able to lead of one simple reason – it has already happened before they react.
A premeditated attack is planned for a long time, maybe years, and if automated, the execution of a massive number of exploits will be limited to minutes. Therefore, future cyber defense would rely on components of artificial intelligence that can assess, act, and mitigate at computational speed. Naturally, this is a development that does not happen overnight.
In an environment where the actual digital interchange occur at computational speed, the only thing the government can do is to prepare, give guidelines, set rules of engagement, disseminate knowledge to ensure a cyber resilient society, and let the coders prepare the systems to survive in a degraded environment.
Another important factor is how these cyber defense measures can be reversed engineered and how visible they are in a pre-conflict probing wave of cyber attacks. If the preset cyber defense measures can be "measured up" early in a probing phase of a cyber conflict it is likely that the defense measures can through reverse engineering become force multiplier for the future attacks – instead of bulwarks against the attacks.
So we enter the land of "damned if you do-damned if you don't" because if we pre-stage the conflict with artificial intelligence supported decision systems that lead the cyber defense at computational speed we are also vulnerable by being reverse engineered and the artificial intelligence becomes tangible stupidity.
We are in the early dawn of cyber conflicts, we can see the silhouettes of what is coming, but one thing becomes very clear – the time factor. Politicians and military leadership will have no factual impact on the actual events in real time in conflicts occurring at computational speed, so focus have then to be at the front end. The leadership is likely to have the highest impact by addressing what has to be done pre-conflict to ensure resilience when under attack.
Jan Kallberg is a researcher at the Cyber Security Research and Education Institute, University of Texas at Dallas.