GLOBAL FORECAST

Recommendations

Info

state and substate actors has become so profitable that it has surpassed the global market for trafficking of illegal drugs. 1 There is increasing frustration over the slow pace of change, as well as concern that a truly damaging cyber attack is unavoidable if we do not change the status quo. The slow pace of progress can be attributed to our failure to address the root causes and key enablers of cyber crime and conflict. So what are the causes and enablers? A starting point would be to look at the cybersecurity problem as three separate, but interconnected parts. The first is the end user. These are consumers, enterprises, and government agencies that rely on commercial information technology (IT) products and services. End users are terrible at managing their own security. At the most basic level, end users do not even know how to establish strong passwords or avoid clicking on malicious links. Larger organizations struggle with basic security practices, but they also have to deal with the challenges of managing a complex IT environment, including legacy systems that are difficult if not impossible to protect. 1 Lillian Ablon, Martin Libicki, and Andrea Golay, “Markets for Cybercrime Tools and Stolen Data,” RAND Corporation, National Security Research Division, 2014, https://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf. 102 | Center for Strategic and International Studies
The second part is the global black market for cybercrime and the malicious actors, tools, and services available in this underground economy. As many have pointed out, the economics of cyber crime skew in favor of the attacker. Exploits are easily acquired and can be reused on multiple targets, and the likelihood of detection and punishment is low. The underground marketplace for hacking tools and services—as well as the gains from hacking—are growing in size and complexity. The ease of monetizing hacking services and the spoils from hacking have transformed cybercrime from ad hoc activities conducted by lone individuals, to a highly organized Law and policymakers have shied away from tackling the root causes and key enablers of cyber crime and conflict. U.S. government policies and regulation have focused on securing the end user (consumers, enterprises, government agencies), primarily through information sharing, promoting the adoption of standards and best practices, and other incentives. While improving security at the end user is a critical piece of the problem, the approach is similar to promoting holistic medicine as a cure for communicable diseases. Improving the security of commercial IT products and disrupting the enablers of black market cybercrime, however, could have a game-changing effect on our cybersecurity posture. Law and policymakers have shied away from tackling the root causes and key enablers of cyber crime and conflict. This is usually due to a lack of understanding of the issues—either because of their technical complexity or because of political pressure from businesses that fear regulation or privacy advocates who fear “Big Brother.” In the absence of a major cyber attack on the United States, political, legal, and resource constraints on government action will likely persist. But action to address root causes and coordinated global network of specialized hackers and exploit developers. IT vendors are the third part of the problem. These companies develop, manufacture, and sell IT products, sometimes riddled with exploitable software vulnerabilities. In other business sectors, from automotive and medicine and medical devices to children’s toys, there are strong precedents for product liability holding companies responsible for manufacturing and design defects and failure to warn about and enablers of cyber crime and conflict need not risks associated with using the product. In contrast, contradict these political and business dynamics; in most software license agreements make companies some cases, addressing them may not even require immune to liability for damages or losses caused by changes in policy or law. Much can be done by the software flaws. Immunity from liability in this context enables companies to get away with develop- products and services that comprise the Internet handful of companies that provide the majority of ing insecure products, creating fodder for the undergrown marketplace for malicious cyber activities, focused nudging and guidance from government. and computer-operating systems, through more and it asymmetrically exposes enterprise and consumer end users to risk. Global Forecast 2016 | 103
Page 1:
2016 GLOBAL FORECAST editors CRAIG
Page 4 and 5:
about csis For over 50 years, the C
Page 6 and 7:
Introduction CRAIG COHEN WASHINGTON
Page 8 and 9:
6 | Center for Strategic and Intern
Page 10 and 11:
Reconnecting of Asia JOHN J. HAMRE
Page 12 and 13:
10 | Center for Strategic and Inter
Page 14 and 15:
America’s Changing Role in the Wo
Page 16 and 17:
A selective engagement approach to
Page 18 and 19:
tional, military, and economic mean
Page 20 and 21:
Page 22 and 23:
ole in international affairs. Now w
Page 24 and 25:
Page 26 and 27:
ISIS (Re)Writes History JON B. ALTE
Page 28 and 29:
enth-century society of pious belie
Page 30 and 31:
and daily exhibitions of terror and
Page 32 and 33:
Iran after the Agreement ANTHONY H.
Page 34 and 35:
understanding that the United State
Page 36 and 37:
Israeli military leaders predict th
Page 38 and 39:
Page 40 and 41:
Putin’s Europe HEATHER A. CONLEY
Page 42 and 43:
far-right, anti-Semitic Jobbik part
Page 44 and 45:
Predicting Russian behavior is hard
Page 46 and 47:
A NATO Strategy for the Eastern Fla
Page 48 and 49:
Sino-Russian Cooperation JEFFREY MA
Page 50 and 51:
Interbank Financial Transaction) sy
Page 52 and 53:
Page 54 and 55: Reform Cold, Politics Hot: Presiden
Page 56 and 57: pushing ahead more aggressively on
Page 58 and 59: not just hypothetical; they are alr
Page 60 and 61: Geopolitical Consequences of China
Page 62 and 63: Chinese leaders are actively pursui
Page 64 and 65: 62 | Center for Strategic and Inter
Page 66 and 67: By 2030, the Asia-Pacific region wi
Page 68 and 69: is not expected to be a major playe
Page 70 and 71: North Korean Vulnerability? VICTOR
Page 72 and 73: downturn in the country’s stock e
Page 75 and 76: PART 6 africa
Page 77 and 78: Responses in Nigeria, South Africa,
Page 79 and 80: Terrorism in Sub-Saharan Africa THO
Page 81 and 82: states, sustaining itself through k
Page 83 and 84: PART 7 inside the pentagon Global F
Page 85 and 86: Three Fiscal Futures In the final w
Page 87 and 88: The Battle over How to Save Defense
Page 89: apid acquisition actually happened
Page 92 and 93: 90 | Center for Strategic and Inter
Page 94 and 95: What is one of the most significant
Page 96 and 97: Nuclear Deterrence in a Disordered
Page 98 and 99: The Need for Global Zero SHARON SQU
Page 100 and 101: faith on effective measures relatin
Page 102 and 103: Increased interest in missile-based
Page 107 and 108: PART 9 energy and security
Page 109 and 110: Implications of Sustained Low Oil P
Page 111 and 112: e used to partially offset this “
Page 113 and 114: Linking Subnational and Supranation
Page 115 and 116: Efficacy of Sanctions against Energ
Page 117: Iran. Both Russia and Iran can accu
Page 120 and 121: Responding to the Closing of Democr
Page 122 and 123: er to support the consolidation of
Page 124 and 125: Soft Power and Security DANIEL RUND
Page 126 and 127: After the Ebola Catastrophe J. STEP
Page 128 and 129: sense of—and account for—the wi
Page 130 and 131: Food Insecurity, Conflict, and Stab
Page 132 and 133: Despite its impressive economic gro
Page 134 and 135: prisoners in a gesture of good fait
Page 136 and 137: Winning the War of Ideas FARAH PAND
Page 138 and 139: versity of religious belief, includ
Page 140 and 141: contributors JON B. ALTERMAN is a s
Page 142 and 143: MICHAEL J. GREEN is senior vice pre
Page 144 and 145: FARAH PANDITH is a senior fellow at
Page 147: Blank
show all

GLOBAL FORECAST

Create successful ePaper yourself

Delete template?

Save as template?