Advertisement
Subscribe to our daily newsletter.
Subscribe

Navy’s top cyber advisor decries overuse of the word ‘attack’ to describe cyber incidents

Not every malicious cyber incident constitutes an “attack,” and people need to stop throwing that word around so much, the Navy’s principal cyber advisor told members of industry.

By

Chris Cleary, Navy principal cyber adviser, speaks during a panel at DefenseTalks 2022. (DefenseScoop)

Not every malicious cyber incident constitutes an “attack,” and people need to stop throwing that word around so much, the Navy’s principal cyber advisor told members of industry on Tuesday.

“I want to talk about the word ‘attack’ for a minute. Because this is something that I think we’ve overused, and we have to get better with this,” Chris Cleary said at the AFCEA NOVA Naval IT conference.

He used a parenting analogy to illustrate his point.

“If my oldest daughter called from school and said, ‘Dad, I’ve just been attacked’ … And If when I got there she opened up her laptop and showed me a spear phishing email, I’d say ‘we have to work on your language.’ Because right now, we call that an attack. Everything that happens in this domain has one word associated with it: attack. And I would argue this is where industry is taking words that the military always use that has very specific definitions” and applying them incorrectly to certain types of cyber incidents, Cleary said.

Advertisement

Under the laws of armed conflict, an attack is generally defined as something specifically designed to kill or injure people or damage equipment, he noted.

“If you’ve haven’t found yourself in one of those two aspects, you’re probably not quote-unquote under attack. Somebody stealing actual trade information from you is not necessarily an attack — they’re not trying to degrade your ability to conduct your mission,” Cleary said.

However, government agencies need to know when institutions are experiencing a true cyberattack so that they can better provide assistance, he suggested.

“Once it begins to tip into that space, you have to learn how to identify that differently, because then it will require resources,” he added. “We can’t go everywhere, but there are always some things that we need to respond to a little bit differently. And this really comes into the whole whole-of-government approach to include being led by CISA and the Department of Homeland Security. But how do we work together to identify when there are legitimate attacks in this space and how we, you know, marshal resources to come to your aid?”

Jon Harper

Written by Jon Harper

Jon Harper is Managing Editor of DefenseScoop, the Scoop News Group’s online publication focused on the Pentagon and its pursuit of new capabilities. He leads an award-winning team of journalists in providing breaking news and in-depth analysis on military technology and the ways in which it is shaping how the Defense Department operates and modernizes. You can also follow him on X (the social media platform formerly known as Twitter) @Jon_Harper_

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

U.S. Navy Operations Specialist 1st Class Frederick Robinson, from Abbeville, Louisiana, stands tactical data coordinator (TDC) in the combat information center (CIC) during sea and anchor detail as the Arleigh Burke-class guided-missile destroyer USS Carney (DDG 64) departs Azores, Portugal after a brief stop for fuel, October 5, 2023. (U.S. Navy photo by Mass Communication Specialist 2nd Class Aaron Lau)

Navy’s new cyber strategy aims to place a premium on non-kinetic capabilities’ role in conflict

By Mark Pomerleau

Latest Podcasts

How the Navy is reducing workforce friction to improve mission outcomes

How DARPA is looking to AI to fend off cyber vulnerabilities through a challenge program

climate change

How the DOD protects national security interests by monitoring climate change

Google’s Scott Frohman Talks AI Innovation at Google Cloud Next

Weapons

Cyber

IT

AI