Stories‎ > ‎

What We Can Learn About Cyber Security from the Cold War and the Global War on Terrorism

posted Aug 18, 2017, 6:39 AM by James Caroland   [ updated Sep 11, 2017, 12:32 PM ]
By Dan Cahill, Commander, United States Navy

Cyber Security/Defense is often presented as a complex and expensive problem. However, if viewed through the proper prism, the fundamentals can be distilled down to a few lessons from history like the Cold War and the “Global War on Terrorism.” When considered in this context, the solutions become clearer and more cost effective.

If the Cold War taught the U.S. one thing, it should be that armies don’t win wars, economies do. A corollary to this would be that solid business principles build economies and win wars. While the U.S. was building its overall economy, the Soviet Union was building up its military. Non-Military Soviet manufactured goods could not compete on the world stage and were limited to Warsaw Pact/Soviet Bloc nations. Throughout the Cold War, the U.S. had a manufacturing based, export oriented economy. The U.S. supplied the world with high quality manufactured goods and the U.S. economy grew by leaps and bounds.

During the Korean War, in the early 1950s, the U.S. spent 15% of its Gross Domestic Product (GDP) on military spending which dropped precipitously to just over 10% at the end of the Vietnam War and stayed below 8% from 1972 onward [1]. In contrast, up until the early 1980s, the Soviet Union contributed 15-17% of its GDP towards military expenditures with increases of 4% to 7% per year since the end of World War II [2]. When considered in the context of the Cold War, this represents highly disparate expenditures.

The Soviet Union attempted to keep up with the U.S. in military spending/power projection. The problem for the Soviet Union was that the U.S. economy, for much of the Cold War, was three times larger than the Soviet economy [3]. The U.S. beat the Soviet Union by drawing it into a fight the Soviet Union could not win and one that was fought by only two parties: the North Atlantic Treaty Organization and the Warsaw Pact.


Fast forward to September 11th, 2001; a terrorist operation that probably cost less than one million dollars prompted a multi-trillion dollar response; this is 1 x 106 versus 1 x 1012 (a million to one). This demonstrates the effectiveness of asymmetrical warfare; the damage far exceeds the cost to produce it.

If we apply these principles to the cyber realm, we see that the U.S. Government, and more specifically the U.S. Department of Defense, is fighting a much larger economic war than what the U.S. fought during the Cold War. Unlike the Cold War, where the U.S. had an economy three times larger than its adversary and was pitted against the Soviet Union in a dollar for dollar war, the cyber-landscape is much different. Virtually every country in the world and most every company in the world which relies upon the Internet to conduct business is in the market for Cyber Security solutions. In 2016, worldwide spending on Cyber Security was nearly 74 billion U.S. Dollars (USD) [4]. The entire U.S. Defense budget for 2016 was approximately 585 billion USD [5]. By 2020, worldwide Cyber Security spending is projected to reach over 100 billion USD, which would be 1/5 of the entire U.S. Defense budget. [6]

The U.S. Department of Defense, or the U.S. government for that matter, cannot and should not attempt to compete simultaneously with the European Union, China, Russia, Microsoft, Apple, Google, Exxon and virtually every other entity in the world that utilizes the Internet to conduct business. If it tried, with the U.S. economy being only approximately 25% of the world economy, it would have to spend 4 to 1 against the rest of the world [7]. If the U.S. wants to compete in the 21st century, it needs to look at Cyber Defense/Security in business terms and not try to compete with what is already a functioning marketplace for cyber-related risk management. The better approach is to spend simultaneously on developing effective offensive cyber weapons, decoupling mission critical national security information from the Internet by placing it on classified networks, and letting the soon to be 100 billion USD Cyber Security market and 2,500 billion (2.5 trillion) USD insurance industry develop solutions to protect non-mission critical national security information and private industry networks and data [8].

----------------

[1] Council on Foreign Relations.  “Trends in U.S. Military Spending”.  Accessed July 15, 2017.  http://www.cfr.org/defense-budget/trends-us-military-spending/p28855
[2] Federation of American Scientists. “Russian Military Budget”. Sept 7, 2000. http://fas.org/nuke/guide/russia/agency/mo-budget.htm
[3] The Maddison-Project, http://www.ggdc.net/maddison/maddison-project/home.htm, 2013 version.
[4] Fortune Magazine. “Here’s How Much Businesses Worldwide Will Spend on Cybersecurity by 2020”.  Accessed Jul 13, 2017.  http://fortune.com/2016/10/12/cybersecurity-global-spending/
[5] The U.S. Department of Defense. “The FY-2016 Budget Proposal”. Accessed Jul 13, 2017. https://www.defense.gov/News/Special-Reports/FY16-Budget/

[6] Fortune Magazine. “Here’s How Much Businesses Worldwide Will Spend on Cybersecurity by 2020”.  Accessed Jul 13, 2017.  http://fortune.com/2016/10/12/cybersecurity-global-spending/

[7] The World Bank. “Gross Domestic Product 2016”. Accessed Jul 31, 2017. http://databank.worldbank.org/data/download/GDP.pdf

[8] Swiss Re.  Global insurance industry grows steadily in 2015 amidst moderate economic growth but outlook is mixed, Swiss Re sigma report says”.  Accessed Jul 13, 2017.  http://www.swissre.com/media/news_releases/global_insurance_industry_grows_steadily_in_2015_amidst_moderate_economic_growth_but_outlook_is_mixed_sigma_report.html


Photo credits (in order of appearance):  Wikimedia Commons, Wikipedia


About the Author

Daniel Cahill holds a commission as a Commander in the United States Navy and serves in the U.S. Navy Reserve where he supports the Naval Inspector General, including oversight of the U.S. Navy’s Cyber Security program.  He holds a Bachelor’s Degree in Marine Engineering, with a concentration in Nuclear Engineering, from the United States Merchant Marine Academy.  He earned graduate certificates in both International Relations and Business from New York’s Columbia University, where he is currently a Masters candidate in their Enterprise Risk Management (ERM) program.  Commander Cahill's academic work has focused on applying business principles to government decision making and resource allocation.