Why Is Cyber Defence Decades Behind Weaponized Software?

cybersecurity john mcafee defense
A simulation of a globe at the CeBIT IT fair on March 1, 2011 in Hanover, central Germany. JOHANNES EISELE/AFP/Getty Images

The high technology of warfare, up until the rise of the Roman Empire, was primarily focused on defense. Cities and castles with stone walls 10 feet thick, moats, boiling oil sprayed from specially constructed towers, rolling stone balls weighing multiple tons dropped on attackers. A well constructed fortress was unassailable.

The Roman war technologists changed all of that. The creation of torsion-powered siege machines. Rolling towers, incendiary ballistics and a host of other technology-based weapons allowed the Romans to overrun the most hardened fortresses.

Fast forward to 1945 and the first use of atomic weapons in wartime. The only defense was simply not to be anywhere near the blast area—an uncertain defense at best.

As nuclear weapons increased in devastation by orders of magnitude each decade, our defensive systems were virtually non-existent. Underground bunkers, caches of dried food, safe water sources, etc. are pitiful defences against the destructive power of direct hits from multiple megaton explosions.

Perhaps the most absurd defense against a nuclear attack is the U.S. Ground Based Missile Defense System. Let's ignore for a moment the overwhelming evidence that the system does not work, and assume that it works perfectly. The result of its perfection would result in the very thing that modern day cybersecurity specialists fear most: High altitude electromagnetic pulses (EMPs).

If the U.S. missile defense system actually succeeded in its goals, then the resulting EMP would destroy the entire electrical grid of the North American continent, resulting the the death of 90 percent of its inhabitants.

But all of this is ancient history. The world has evolved. Why would any nation state waste billions in hardware, fuel and manpower when a few dozen high level hackers, sitting comfortable in front of a computer screen, drinking coffee, or vodka, or smoking weed, could accomplish far more with a push of a few buttons?

Why this has not yet happened is because the target nation likely has equivalent capabilities, powered by isolated systems that will survive an initial attack, who will respond in like kind. This detente may keep us secure for a while, but rogue nations, throughout history, led by mad men or women, may soon not care about what response may come. And what then?

If you doubt that our cyber defense systems lag far behind our weaponized software then you are either living in a cave or you never watch or read the news.

Seven years ago, the U.S. and Israel launched a piece of weaponized software, called Stuxnet. It infected hundreds of millions of computers worldwide, yet was sophisticated enough to locate and isolate control systems in Iran at which time it activated and destroyed a significant percentage of Iran's nuclear centrifuges. Last year, however, 23 million records were discovered to have been taken from the U.S. office of personnel management by an unknown agency. The hack began in 2013 and was not discovered for two years. A few months later a teenager hacked the FBI and published the personal records of 20,000 FBI agents. Many of them undercover.

The news is virtually littered with hundreds of similar cases. If you believe the we have any effective cybersecurity whatsoever, then you have bought—hook, line and sinker—the propaganda that our government has been feeding you. Wake up!

John McAfee is a cybersecurity pioneer who developed the first ever commercial anti-virus software.