The Brookings Institution recently held an event for the release of the book, “Cybersecurity and Cyberwar: What Everyone Needs to Know.” Brookings describes the event:
On January 6, the Center for 21st Century Security and Intelligence and Governance Studies at Brookings launched the new book Cybersecurity and Cyberwar: What Everyone Needs to Know. The first panel featured co-authors Peter W. Singer and Allan Friedman discussing their book and the key questions of cybersecurity – how it all works, why it all matters and what we can do. A second panel featured some of the leading journalists on the cybersecurity beat today, exploring the challenges of reporting on a new domain and explaining its complexities to the public.
I think the authors do a pretty good job describing the numerous issues wrapped up in the cyber space without resorting to any “OMG, a Cyber-Pearl Harbor is just around the corner!” moments.
You can watch both panels here:
Slate posted an excerpt from the book, ” What can (real) pirates teach us about cybersecurity?”
In centuries past, the sea was a primary domain of commerce and communication over which no one actor could claim complete control, much like the Internet today. While most just used the sea for normal commerce and communication, there were also those who engaged in bad deeds, again much like the Internet today. They varied widely, from individual pirates to state militaries with a global presence. In between were state-sanctioned pirates, known as privateers. Parallel to today’s “patriotic hackers” (or the private contractors working for government agencies like the National Security Agency or Cyber Command), privateers were not formally part of the state but licensed to act on its behalf. They were used both to augment traditional military forces and to add challenges of identification (attribution in cyber parlance) for those defending far-flung maritime assets.
These pirates and privateers would engage in various activities with cyber equivalents, from theft and hijacking, to blockades of trade (akin to a “denial of service”), to actual assaults on economic infrastructure and military assets.
The authors not only make the comparison between activities, but also point to the potential of pursuing similar eradication strategies.
The cyber parallel today, again, is that all netizens have a shared global expectation of freedom of action on the Internet, particularly online trade, just as it is ensured on the open ocean. If you knowingly host or abet maritime pirates or privateers, their actions reflect back on you. The same should be true online. Building those norms will motivate both states and companies to keep a better check on individual hackers and criminals (the pirate equivalent). It will also weaken the value of outsourcing bad action to patriotic hackers (the latter-day privateers).
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Snowden is the gift that keeps on giving…at least to national security reporters. In the New York Times, David Sanger and Thom Shanker have a piece describing the NSA’s ability to hack computers that aren’t even connected to the internet (a security measure known as “air-gapping.).
The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
Of course, the U.S. doesn’t like this sort of activity when it’s done to us:
The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.
Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China — perhaps through front companies — from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems — and they have, on systems like those at the Pentagon and at The Times — the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America’s complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.
At that session, Mr. Obama tried to differentiate between conducting surveillance for national security — which the United States argues is legitimate — and conducting it to steal intellectual property.