Cyber attacks, data breaches, and vulnerabilities have gone from esoteric ideas to a mainstream problem. With that in mind, it would be quite attractive to predict attacks before they happen. Prediction could allow us to adjust defenses rather than perform expensive and reactive incident response which can include everything from deep forensics to throwing out millions of dollars worth of equipment. And not to mention massive reputation repair campaigns.
In the world of non-cyber warfare, criminality, and activism we try to predict attacks and violence before they happen. Attacks are never isolated, they are motivated by end goals that can inform analysis and they happen in cycles. We run extensive intelligence programs, executed by law enforcement and intelligence agencies. Programs assess the intent and capabilities of adversaries. (Example: What are China’s military intentions as they relate to Taiwan and does China have the capability to execute military activity against Taiwan?)
In cyber, we face a different and sometimes frustrating world especially as it relates to generating meaningful insights and intelligence. However, there is also good news. As Oren Falkowitz, former USCYBERCOM Chief Data Scientist states it, “In cyber security the web balances being the platform to create attacks and being the source of information to prevent attacks.” We can track the data trail of threats, attackers, methods, and operations before they execute attacks
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program