The Fourth Age of Cyber

At this point, it seems pretty clear that we're entering the fourth age of cyber. Today, cyber-influenced, -adjacent, and -centric warfare is entering center stage as a force projection technique used around the world. In many ways, it's becoming normalized and expected.

In the first age of cyber, roughly from the early 1960's to the end of the 1970's, cybersecurity wasn't even a word. Back then, what we would today call cybersecurity was a shadowy subculture of hackers and virus writers. Today, these groups are synonymous, but then, they were two distinct subcultures. And neither one was particularly focused on anything but doing what they thought of as neat things with computers. The hacking and virus communities were much more interested in technical accomplishments than, say, money. But that changed.

In the 1980's and 1990's, those subcultures were still around, but they were somewhat coopted by those that realized that computers, not vaults, stored modern money. They began using their technical skills to get at this cash, with varying degrees of success. Not only were bank accounts on the line, but digital intellectual property was too, and these criminals wanted all of it. And they were able to get at quite a bit of it. But these groups were still independent and working toward their own goals.

This started to change in the third age. Spanning from the early 2000's to just a few years ago, during this period, we see the emergence of organized crime using cyber for things like ransomware and increasingly sophisticated bank heists. We also see the beginnings of cyber-weapons being built and deployed by nation-states. This has continued just about until today, with the emergence of campaigns like Student, Flame, BlackEnergy, and Hatman. This brings us to today.

Over the past few months, we've seen some startling — by not unexpected — developments in cyber-warfare. We've seen Project Raven in the UAE, staffed by what were essentially mercenaries hired from the United States. We've seen continuing and unabated attacks in the Ukraine against its power infrastructure. And last week, USCYBERCOM announced their involvement in a campaign against what used to be called the Internet Research Agency, as a preventative measure against interference in the 2018 midterm congressional elections in the United States. This is the fourth age of cyber, where nations are using cyber as an obvious, known, and expected weapon in their arsenals.

More countries will certainly become more open with their cyber capabilities over the next few years, opening a pandora's box of policy questions. It remains to be seen if we'll find the right answers.