Sunday, February 24, 2013

Cyber Strikes Preemption: Savior or Curse?

The Obama administration's announced step toward preemptive cyber attacks as reported by the New York Times sets off more alarm bells than victory signs.  Let's start with looking at what preemptive strikes are.

As defined in the Times report, cyber preemption by the United States is justified if "U.S. agencies detect credible evidence of a major digital attack looming from abroad."  Here's the first alarm bell: what is meant by "credible evidence" and "major digital attack" (to quote the news release)?  This policy definition, to be effective, requires strict definition so that attacks are not recommended to the president which "hope" to take out or prevent a future attack but which are not real.  And how is a "threat" to be detected?  By standard CIA intelligence?  By some new, as yet unannounced U.S. cyber detection capabilities?

As described in our Semi-Annual Review: Cyberwarfare 2013-2015, this type of policy is nothing more than a repackaging of U.S. Military cyber weapons under a new banner and giving first-strike capabilities a cloak of respectability while creating a danger that does not necessarily exist today.

Here is the second alarm bell: Alerted to our preemption plans, are our cyber enemies going to sit back and await Washington's judgement on their cyber plans, or will they go ahead and attack, before their capabilities to do so are destroyed, or at least compromised?

There is currently no publicly available information that the United States has the cyber-based capability to take out other nations' cyber sites at will.  Even the famed Stuxnet attack required physical use of a flash drive to initiate.

Let's be careful what we threaten.  Since reliable attribution of the sources of threats is limited and our attack methods are questionable, are we unnecessarily setting ourselves up for preemptive attacks - the very action we are attempting to prevent?  Quite possibly yes.

Tuesday, February 19, 2013

Chinese Cyber Attacks on U.S. Are New "Cold War." Really?

By James McFarlin

As reported by CBS News on February 11, Chinese attacks on American computer sites are heavily oriented toward cyber espionage to obtain U.S. military secrets and cyber theft to obtain commercial trade secrets for Chinese economic gain.  These attacks pose a serious threat to national security.

The problem with these threats is that the United States has absolutely no effective means to stop such attacks, or in many instances know that the attacks occurred at all.  As detailed in our Semi-Annual Review: Cyuberwarfare 2012-2013, there are seven forces driving cyberwarfare, of which cyber espionage is a part.  These Chinese attacks are succeeding and will continue to succeed because four of these forces are in play: Espionage is a major thrust for nation-states such as China, America's computing networks are becoming more, not less, vulnerable, U.S. cyber borders are largely unprotected, and finally, American military and commercial enterprises have no 'Active Defense' capabilities which detect and stop attacks from occurring.  [You may request your copy of this Report on the right of this web page.]

These vulnerabilities are years from being addressed.  The current attacks involve theft, not interruption or destruction of operations.  Could the Chinese progress to this stage?  The answer is a categorical "yes."  If you are successfully inside computer systems, you are a few steps from having the capability to control or at least interrupt those systems.

Will China take their intrusions to the levels of interruption or destruction?  Not unless they want a war on their hands.

So, in our opinion, the United States does have the makings of a new Cold War with China on the horizon, and currently no way to stop it.