Why Defense, Not Offense, Will Determine Global Cyber Powers

Darktrace director of strategic threat Marcus Fowlers explains what to expect from nation-state attackers in the months to come — and why kindergarten classes are a good model for solid cybersecurity.

After 25 years in public service in the United States Marine Corps and Central Intelligence Agency, Marcus Fowler is learning more about strategic cyber defense from watching his wife teach kindergarten.

Fowler, now director of strategic threat for Darktrace, explains that his former life was focused mainly on the threat. And a kindergarten classroom is rife with threats, scissors, choking hazards, and more.

But unlike a CIA agent or threat analyst, a kindergarten teacher is “not watching the scissors to see if they poke a child,” he says. “They’re watching a complex network of the things they care more about. And they’re enforcing the norms of their classroom as they understand it, even though it’s changing constantly.”

By the end of a school year, he says, the teacher knows which students are the most accident-prone and which are the biggest flight risks. They know which one is inching toward the door because they want to go look at butterflies outside, and which one is inching toward the door because they’re making a break for it.

“[My wife is] like a conductor in an orchestra,” he says. The classroom is like a living organism “that actually starts to really be harmonious. And I think that application of AI in the security space is showing that it has the ability to do [the same].”

Cyber Dominance Through Defense
AI helps security teams understand and enforce “normal,” Fowler says, enabling them to better defend the organization and quickly disrupt anomalous or malicious behaviors – while allowing business operations to continue as normal.

And defensive capabilities like these are critical to combating nation-state cyberattacks and establishing “cyber dominance.”

“I’m very focused on cyber dominance,” says Fowler, who points out that definitions of “dominance” in other fields of battle – naval dominance, for example – are easier to define than “cyber” or “information” dominance. Generally speaking, though, dominance is the state where you can make your desired reality the actual reality, despite the will of an opponent.

In many cases, dominance might be achieved by having the best offensive capability: the biggest naval force or the most formidable arms, for example. Fowler believes cyber dominance will ultimately be decided differently.

“I think [cyber dominance] is going to be more defined by defensive superiority than offensive capability,” he says.

A key reason: Nations can’t flaunt their offensive cyber strength without weakening it.

Fowler explains that while a nation’s military might have some very sophisticated, damaging zero-day vulnerabilities sitting on their shelves, those zero-days lose all their power as soon as anyone learns about them and patches them. A government’s intelligence organization might have obtained deep access to an adversary’s critical assets, but as soon as the adversary knows about it, they’ll close that access. It isn’t like building aircraft carriers.

There is “very rapid potential change in offensive capability based on disclosure and based on awareness,” Fowler says.”[However], the ability to defend – especially applying next-generation technology like artificial intelligence to show that you can’t only defend what they have today, but what they’ll have tomorrow – that can really start to define who the cyber superpowers are.”

If cyber dominance may, eventually, be best displayed by a country’s ability to dodge or take a punch, who’s ranked highest right now?

The National Cyber Power Index, released in September by the Belfer Centre at Harvard University, ranks the United States as the overall No. 1 overall cyber power, first in cyber offense, but only fourth in cyber defense, ranking beneath China (at No. 1), France, and the Netherlands. The US budgeted for over $17 billion on cybersecurity in fiscal year 2020.

What’s Coming From Nation-States Next
Spear-phishing will continue to be a go-to tool for nation-state attackers, says Fowler. And with a global pandemic and a US presidential election upon us, email-borne phishing attacks will just make targets more likely to click.  

“It sounds like low-hanging fruit,” he says. “The reality is it remains a glaring area of vulnerability, even though we all know it. [Nation-state-backed cyberattackers] are evolving their tradecraft in that space. They are also having a great deal of success in that space, right? It is an easy and consistent entry point.”

Fowler believes nation-state actors will be particularly interested in intelligence-gathering attacks right now – perhaps gathering information on individuals who might obtain important positions in the next administration (regardless of the outcome). Nation-states might try to find skeletons in the closet of individuals who might later be turned into “human assets,” for example, he says.

He also is looking out for the rise of more hybrid attacks: a blend of disinformation, espionage, destructive cyberattack, and kinetic attack bundled together.

“The cyber warfare norms are unwritten,” he says. “So I do worry about that. I also worry about collateral damage. What if unintended one thing, but it did another. It got into the wild and now you have this much, much worse thing that’s actually blowing back at you.”

To prepare for any cyber threats, Fowler says, cybersecurity awareness training is important…but cautions against relying on it too much.

“I do think anyone that sees that human as a robust line of defense is flawed,” he says. “I love humans. Some of my best friends are humans. The other ones are dogs. But they’re going to click on things. And it has gotten to a point that it is unfair, in my opinion, to lay too much of the spear-phishing defense at the feet of an employee. We need technology like AI to make that split-second decision about what is threatening.”

The Edge is Dark Reading’s home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio

Recommended Reading:

More Insights