Search Follow us
11 January 2017 · 4 min read

Cyber wars

Will Russia’s attempt to influence the US election change global cybersecurity policy?

The news this week that Russia tried to influence the outcome of the US election is likely to have elevated cybersecurity up Mr Trump’s ‘to do’ list for when he takes office next week. The report from the Intelligence Agencies stated that “Russia’s effort the influence the election represented a significant escalation in directness, level of activity and scope of effort compare to previous operations.” Cyber is not a new topic, and has been a buzz word in the defence industry over the past five years as companies sought exposure to what has been seen as a growth market. However, cyber is still a very small percentage of revenues for the defence primes and the market has been very fragmented. In today’s blog, I ponder what impact Russia’s meddling in the election will have on cybersecurity.

Donald Trump takes office in a world where the cybersecurity environment looks very different to that which President Obama inherited eight years ago. In 2008, espionage was a serious problem and the level of cyber crime seemed too high. However, it was not front page news. Now the public has caught up so there is no hiding, and every one of us has become a target in what is increasingly an information war, rather than a pure cyber war.

There are three categories of offensive cyber action; attack, espionage and crime. Cyber crime and espionage are commonplace and cost the global economy billions of dollars every year. However, the most dangerous are attacks, where the action is equivalent to the use of force. The most likely targets are critical infrastructures, for example energy, telecommunications, finance, government services and transportation. The current assessment is that the only actors capable of such an attack are nation states. Unfortunately, nation states make uncomfortable and difficult enemies.

Interestingly, experts increasingly believe that deterrence rarely works in cyber space. The global information network we are creating thanks to the internet is so insecure that cyber criminals intent on causing harm are able to circumvent almost any form of protection. What does work however is imposing economic consequences for malicious cyber action – for example sanctions of indictments, not necessarily a counter attack or military action.

Therefore in order to punish rogue nation states who cause harm, Governments must take a more formal approach to cyber security and define the acceptable norms. Historically there has been a reluctance to do this because it has been easier to deny attacks and therefore avoid punishing another nation. However, Russia’s bold actions during the election campaign, and the subsequent media storm, have forced the US into action. 35 Russian diplomats have been expelled from the US, and two Russian compounds on US soil have been closed. President Obama also said there will be more actions, “some of which will not be publicised.”

So if the solution to cybersecurity is diplomatic, where does that leave all the defence and technology companies who see cyber technology as a growth market? Well I believe there are two key points. Firstly technology to try and deter attacks will still be required as the first line of defence. However, the current haphazard approach which allows companies to purchase any solution they see fit may well be about to end. We could be on the verge of having government mandated sector specific standards and policies to ensure continued delivery of critical services, which would lead to industry consolidation. Secondly, more investment will be made in technologies which can retrospectively identify attackers in order to hold people to account.

Increasingly, modern cyber warfare looks less like a scene from a futuristic film, and more akin to the propaganda war waged by Goebbels in the 1930s. In the information war of 2017 it will take a combination of high tech solutions and good old fashioned diplomacy in order to prevent a serious attack.

Disclaimer - Past performance is no guarantee of future results. Inherent in any investment is the potential for loss. This material is being provided for informational purposes only and nothing herein constitutes investment, legal, accounting or tax advice, or a recommendation to buy, sell or hold a security. This document may contain materials from third parties, which are supplied by companies that are not affiliated with Edison Investment Research. Edison Investment Research has not been involved in the preparation, adoption or editing of such third-party materials and does not explicitly or implicitly endorse or approve such content. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. It should not be assumed that any investments in securities, companies, sectors or markets identified and described were or will be profitable. All information is current as of the date of publication and is subject to change without notice. While based on sources believed reliable, we do not represent this material as accurate or complete. Any views or opinions expressed may not reflect those of the firm as a whole. Edison Investment Research does not engage in investment banking, market making or asset management activities of any securities. The material has not been prepared in accordance with the legal requirements designed to promote the independence or objectivity of investment research.