Homeland Security Watch

News and analysis of critical issues in homeland security

January 15, 2014

Cyber Potpourri – Presentations, Pirates, and Posturing

Filed under: General Homeland Security — by Arnold Bogis on January 15, 2014

The Brookings Institution recently held an event for the release of the book, “Cybersecurity and Cyberwar: What Everyone Needs to Know.” Brookings describes the event:

On January 6, the Center for 21st Century Security and Intelligence and Governance Studies at Brookings launched the new book Cybersecurity and Cyberwar: What Everyone Needs to Know. The first panel featured co-authors Peter W. Singer and Allan Friedman discussing their book and the key questions of cybersecurity – how it all works, why it all matters and what we can do. A second panel featured some of the leading journalists on the cybersecurity beat today, exploring the challenges of reporting on a new domain and explaining its complexities to the public.

I think the authors do a pretty good job describing the numerous issues wrapped up in the cyber space without resorting to any “OMG, a Cyber-Pearl Harbor is just around the corner!” moments.

You can watch both panels here:

 

Slate posted an excerpt from the book, “ What can (real) pirates teach us about cybersecurity?

In centuries past, the sea was a primary domain of commerce and communication over which no one actor could claim complete control, much like the Internet today. While most just used the sea for normal commerce and communication, there were also those who engaged in bad deeds, again much like the Internet today. They varied widely, from individual pirates to state militaries with a global presence. In between were state-sanctioned pirates, known as privateers. Parallel to today’s “patriotic hackers” (or the private contractors working for government agencies like the National Security Agency or Cyber Command), privateers were not formally part of the state but licensed to act on its behalf. They were used both to augment traditional military forces and to add challenges of identification (attribution in cyber parlance) for those defending far-flung maritime assets.

These pirates and privateers would engage in various activities with cyber equivalents, from theft and hijacking, to blockades of trade (akin to a “denial of service”), to actual assaults on economic infrastructure and military assets.

The authors not only make the comparison between activities, but also point to the potential of pursuing similar eradication strategies.

The cyber parallel today, again, is that all netizens have a shared global expectation of freedom of action on the Internet, particularly online trade, just as it is ensured on the open ocean. If you knowingly host or abet maritime pirates or privateers, their actions reflect back on you. The same should be true online. Building those norms will motivate both states and companies to keep a better check on individual hackers and criminals (the pirate equivalent). It will also weaken the value of outsourcing bad action to patriotic hackers (the latter-day privateers).

- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -

Snowden is the gift that keeps on giving…at least to national security reporters.  In the New York Times, David Sanger and Thom Shanker have a piece describing the NSA’s ability to hack computers that aren’t even connected to the internet (a security measure known as “air-gapping.).

The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.

While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.

The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

Of course, the U.S. doesn’t like this sort of activity when it’s done to us:

The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.

Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.

At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

3 Comments »

Comment by William R. Cumming

January 16, 2014 @ 12:46 am

Great post Arnold and thanks for the effort and links!

Wondering about personal gain in this arena by federal employees? William Casey while heading CIA never complied with federal Ethics rules and used CIA staff to manage his portfolios.

Comment by John Comiskey

January 16, 2014 @ 6:06 am

The scramble for cyber space dominance is no scramble for Africa

See: http://www.amazon.com/The-Scramble-Africa-Conquest-Continent/dp/0380719991/ref=sr_1_sc_1?ie=UTF8&qid=1389869598&sr=8-1-spell&keywords=Scrammble+for+Africa

The African scramble ended in a repudiation of the “white mans burden” and a de-colonization nightmare that still haunts the continent.

Cyber-space has little in the way of front-lines and territories to be held. Nation states and the private sector AND bad guys roam largely undeterred by conventional restraints.

US’s International Strategy for Cyber Security aptly calls for an international strategy and not a [US] national strategy.

See:http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf
http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf

That said, the US remains the preeminent world power and [IMHO] has an obligation to lead an international effort to “meta-govern” cyber space. The term meta-govern is used here to reflect a sense of shared governance to include nation states, the private sector, and the worlds citizens. See also meta leadership http://dspace.mit.edu/bitstream/handle/1721.1/55934/CPL_WP_05_03_DornHendersonMarcus.pdf?sequence=1

Comment by William R. Cumming

January 16, 2014 @ 9:52 am

By refusing to demilitarize Africa, Space and the Cyber Realm the USA will reep what it has sown!

As the leading proliferator of nuclear arms and conventional weapons history will be hard on the USA and its so-called Century starting in August 1945!

And NO I do not hate the USA just realize how the NATIONAL SECURITY STATE led from 1993-2009 by two Presidents that evaded their countries call as young men failed to heed the key message of Eisenhower’s farewell address.

C. Wright Mills THE POWER ELITE worth a read even though dated 1955! The Elites, whether political, military, economic or religious have failed in their responsibilities to our democracy [republic]!

Soft power is the key to this Century’s outcomes.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>