National Small Business Week



May 5-11, 2019 is National Small Business Week.  Two out of every three new jobs created in the private sector are created by small businesses.  There are over 30 million small businesses in the United States alone.

The National Cybersecurity Alliance is co-sponsoring National Small Business Week this year, along with the Small Business Administration and others.  As part of this, each day this week, there will be a focus on an element of the NIST Cybersecurity Framework, the gold standard for keeping your business secure in cyberspace.

Today being the first day, is about Identify, the first of the five pillars of the Cybersecurity Framework.  There are several other resources related to indentifying your key assets at this link.  I encourage you to check them out.

In addition, the Federal Trade Commission has published a great one pager on the NIST Cybersecurity Framework which you may access and download here.

A Not Unexpected First


Kindly note, this is not a political post, nor is it intended to take sides in a very complex and difficult international conflict.  This is an analsyis of a technology related development and what it means in relation to the growing threat of cyberwarfare.  Any political statements or comments other than about the analysis itself will not be posted.

Unless you specifically avoid the news and social media, you are likely aware of the recent flare up between Hamas forces in the Gaza Strip and Israel.  What you may not know is that on Sunday, Israel launched a military stike on a building that it says was the source of a cyberattack.  This is believed to be the first time that traditional military force has been used in response to a cyberattack in real-time.

Accoding to reports, Israel identified and stopped a cyberattack.  The cyberattack was broadly characterized as attempting cause harm to civilians in Israel.  In response, Israel was able to trace the source of the cyberattack to a specific building in the Gaza Strip, which it attacked and destroyed in an air strike.

It has long been theorized that a future military conflict between two cyber-warparties could take place without a single weapon being fired.  The thesis being that the opposing sides would attack one another in cyberspace, looking to do damage to the other by destorying or disrupting utility grids, healthcare facilities, financial systems, transportation networks and more.  A war started without a single shot or traditional military attack.  Imagine the chaos that could result from such cyberattacks.  The world has already witnessed limited examples of these threats in areas like the Ukraine.  It’s no secret that many large cyberattacks and data breaches are known or thought to be the work of Nation State actors.

So, unfortunately, what took place yesterday is not exactly unexpected.  It was just a matter of time before a nation who was targeted by a cyberattack responded militarily.  Who the parties in conflict are is not the real story here.  Cyberattacks have the potential to disrupt social order and in so doing, have the theoretical capability to cause death and destruction that one might associate with a military attack between warring parties.

I am sure there will be extensive debates as to ethics of responding militarily to a cyberattack.  How can you measure proportionality when one attack may have failed and the retaliatory strike succeeded?  It feels like a video game moving into reality and it’s not a comforting thought.  It’s almost surreal to be thinking in these terms, yet here we are, in 2019 having just learned of the first publicly known real-time military response to a cyberattack.  Could this be the start of an overt form of Cold War 2.0?  It’s not a pleasant thing to consider.

This is not what technology was developed for.  Technological capabilities should make our lives better and our world a safer place.  So much good has come from technology.  Let’s hope we can stay focused on using technology to improve the quality of life for every human being on this planet.