In the United States at least, there is no security threat today that government policymakers, private businesses, and the public fear more than major cyberattacks. For example, since 2013 the American director of national intelligence has named cyberthreat as “the number one strategic threat to the United States, placing it ahead of terrorism for the first time since the attacks of September 11, 2001.”¹ The relative invisibility, tracking difficulty, inexpensive initiation, technical obtuseness, fluid content, speedy impact, and broad scope of cyberthreat make it seem unintelligible, unpredictable, unmanageable, and ultimately catastrophic. On a global level, potential victims find themselves both frustrated and baffled about how to cope with cyberthreat more successfully. In light of this threat, this chapter analyzes the rising perceived importance of foreign cyberthreat, its changing nature, the legacy of ineffective target responses, and the ramifications of resulting global sea changes.

Since the 1990s cyberattacks on global computer networks have risen in number (as well as in sophistication), reaching 1.7 billion in 2013, up from 1.6 billion in 2012.² For the United States, over time “the frequency and sophistication of intrusions into U.S. military networks have increased exponentially.”³ In 2011 the Government Accountability Office estimated that “the number of unauthorized access or installations of malicious software on U.S. government computers has increased by 650 percent since 2006.”⁴ From October 2011 through February 2012, the Department of Homeland Security reported over 50,000 cyberattacks on private and government networks, with 86 on critical infrastructure networks.⁵ In 2014 a report to Congress revealed that “hackers have penetrated, taken control of, caused damage to and/or stolen sensitive personal and official information from computer systems at the Departments of Homeland Security, Justice, Defense, State, Labor, Energy, and Commerce; NASA [National Aeronautics and Space Administration]; the Environmental Protection Agency; the Office of Personnel Management; the Federal Reserve; the Commodity Futures Trading Commission; the Food and Drug Administration; the US Copyright Office; and the National Weather Service.”⁶ Aside from governments, cyberattacks also have targeted private businesses. For example, in 2010 “proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries,” involving over 75,000 computers at more than 2,500 businesses in 196 countries, were hacked.⁷ Today nobody seems immune—regardless of the protection system—to cyber penetration.

Possessing a unique set of characteristics, the virtual domain of cyberspace is now as important a source of threat as the physical domains of land, sea, air, and space.¹³ However, considerable confusion surrounds the rapidly changing cyberthreat. Continuing transformations in cyberattackers, their goals and motivations, their targets, and their attack styles have complicated understanding ongoing trends. Figure 1.1 summarizes the changing nature of foreign cyberthreat.

Not surprising, the most dangerous cyberattackers come from “groups with the resources and commitment to relentlessly target a company or government agency until they succeed in breaking in and then take value out.”¹⁴ Thus, today “the main threats no longer come from teenage hackers or petty criminals, although such actors are still around; instead, sophisticated criminals and state-sponsored spies pose the most danger for businesses and governments.”¹⁵ The Government Accountability Office lists the primary cyberattack sources as intelligence services, criminal groups, hackers and hacktivists, disgruntled insiders, and terrorists.¹⁶