Building Cyber Defense in the Gray Zone

Maj. Gen. Paul Capasso USAF (Ret.)
April 7, 2022 • 3 min read

As the battle for Ukraine continues, many in the United States are concerned about the possibility of a major cyberattack against the homeland. This cyber event could happen not only as a direct attack against our own country but also through unanticipated consequences of a cyberattack against Ukraine. Regardless of where the attack is directed, once the weapons are in the wild, everyone is at risk — whether they’re the intended target or not.

The Biden Administration’s recent fact sheet, “Act Now to Protect Against Potential Cyberattacks,” and the Cybersecurity and Infrastructure Security Agency’s “Shields Up” campaign provide noble guidance to follow on strengthening cyber defenses. Unfortunately, if you have not already started this process, you are behind the power curve.

Today, our adversaries scan our networks on a daily basis, looking for gaps and vulnerabilities to attack our most prized resources. It is not a secret that Russia is operating in the “gray zone,” where they can operate undetected and gain an advantage without fear of reprisal. However, a major cyber event against our critical infrastructure would cripple everything we hold dear and bring our nation to a standstill.  Then there is the question of attribution and determining who is responsible for the attack—never an easy task.   

No silver bullet exists that we can use to protect our vital assets, and we must work together as a collective whole to address the challenges we are facing. At a minimum, we should:

  • Build upon the guidance outlined in the Administration’s fact sheet to strengthen our networks using the defense-in-depth framework,
  • Automate detection and response actions,
  • Make every individual a cybersecurity evangelist through education and training, and
  • Ensure the sharing of real-time threat data is easy to accomplish.

It is well-known that humans are the weakest link in the cyber chain, and our adversaries are doing everything possible to exploit human frailty every day. It has become the battle of the minds – who will outfox whom. For example, our adversaries have perfected social engineering, making it more realistic, personalized, and harder to detect.

The key to solving this problem is figuring out how to take the human out of the loop, so they do not have to worry about being part of the security process. It is about innovation, building security into products upfront, and making even smarter smartphones and other connected devices. Artificial intelligence, machine learning, zero trust, and quantum computing all promise to protect our nation’s infrastructure, but can’t happen fast enough.

Protecting our vital assets is a full-time occupation and must not be taken lightly. As Mr. Robot has reminded us, “I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign.” A “call to arms” cannot happen fast enough.

Maj. Gen. Paul Capasso USAF (Ret.)
Vice President of Strategic Programs
Maj. Gen. Paul Capasso (Ret.) is the vice president of strategic programs at Telos Corporation.
Read full bio

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.