The global rules of engagement for cyberspace have unraveled in recent years as rogue nations took advantage of their ability to hack companies like Sony Pictures, FireEye CEO Kevin Mandia told CNBC on Wednesday.
“What I’ve seen over the last three years is the rules of engagement have broken,” Mandia, whose firm is partnered with more than 60 governments, told Jim Cramer in an exclusive “Mad Money” interview. “I’m not sure what’s going to happen next for many nations with a modern capability.”
The FireEye chief broke down how these unofficial rules have been eroded: in 2014, North Korean actors scrubbed the data at Sony Pictures after the studio released the controversial film “The Interview.” In 2015, Russian hackers broke into the Pentagon’s computers. In 2016, documents leaked by foreign hackers were center to a presidential election. In 2017, Iranian actors performed more cyber-intrusions on U.S. systems than ever before.
“In 2018, we’re all figuring out: where’s the boundaries? Where does it end? How do we have rules?” Mandia said.
Now, foreign governments are hiring professional cyber-actors to either mount cyberattacks on U.S. companies or scour their systems for information, adding another layer of complexity to the job of security firms like FireEye, the CEO continued.
“You can’t really expect every company to withstand a cyber-military attack. That’s probably not the bar you want to set as a nation,” he told Cramer, adding that these days, state-sponsored hackers are “people, probably in uniform, badging into a building” somewhere abroad.
Mandia said that, eventually, the question that governments around the world will have to answer is what constitutes “fair game” for espionage. Many countries already have rules around traditional espionage, but cyber-spying is a new playing field that nations will collectively have to tackle.
And, unfortunately, no one company will ever perfect incident detection, the CEO argued.
“Outside looking in, a lot of people may have the response, ‘I can’t believe they lost this information.’ Don’t forget: there are professionals on the other side,” Mandia said. “You’re not going to pitch a perfect game in security every day. You’re just not. And you’re up against some of the best hackers in the world.”