Tuesday, April 30, 2013

Cyberwar: War in God’s Space?

Since it doesn’t exist in a physical realm, cyberspace has been referred to as “God’s space.” While we’ll never know if this is true, we do know this: cyberspace has been invaded by the human race. 

And where humans tread, trouble follows. Cyberspace is no exception. In fact, this column exists only by the grace of this trouble. The trouble to which I am referring? Cyberstalking. Bank account theft. Disruption of securities trading markets. Outright warfare between two sovereign countries. And other malicious acts that are too numerous to mention.
What do humans do when there is trouble? Write rules. Unfortunately, the rules of cyber conduct can be difficult to pin down, much like religion. This difficulty, however, did not stop NATO’s cyber defense center from trying to craft its own set of rules for the world to follow. The results of their four-year effort?  The Tallinn Manual* (named after a city in Estonia, recipient of the first publicly-known target of politically motivated cyberattacks, in April 2007).

The Tallinn Manual argues that “existing law broadly applies to cyberspace.” With this one bold conclusion, those operating in the world of cyberspace now have their rules of conduct. Simple as that. Next?

A recent analysis in The Economist posits that “such rules would be helpful if law-abiding countries went to war (Sweden against Canada, for example).” But doubts about the Tallinn rules run rampant.  Why?  Quite simply, those launching the cyberattacks are unlikely to pay attention to any such rules. Countries like North Korea, for example, might rather play by their own rules.

Alas, war in cyberspace will be conducted by man’s rules.  Or depending on the man, by the Devil’s rules.

*”The Tallinn Manual on the International Law applicable to Cyber Warfare”.  Cambridge, 2013.

("Word Law in Dictionary" image: Jeroen van Oostrom/FreeDigitalPhotos.net)

Sunday, April 28, 2013

Technological Terror could be on the Horizon

Written by Jim McFarlin Special to The Desert Sun
Apr 24 mydesert.com

You don’t have to look far to see how deeply the Coachella Valley is intertwined with computer networks around the nation. From smartphones to GPS satellites, from online banking to the power grid, networks fuel our daily lives.

But how safe are these vital networks from cyberattacks?  More…

Thursday, April 25, 2013

Should the U.S. Fight Fire with Rhetoric – or Fire?

Hackers affiliated with the Chinese government were “by far the most energetic and successful cyberspies in the world last year,” according to a recently issued report.

The 2013 Data Breach Investigations Report was issued by Verizon’s RISK Team and 18 partners, including officials from the United States and several foreign governments. Although cyber intrusions with financial motives are the most common source of data breaches worldwide, China dominated the category of state-affiliated cyber-espionage of intellectual property.

This report and others (including the U.S. National Intelligence Estimate) confirm China’s success in penetrating U.S. networks to access proprietary and top secret military information. Here are my conclusions:

· U.S. cyber defenses are largely ineffective against Chinese attacks.

· U.S. military plans and corporate intellectual property are important to China’s plans for continued economic and military growth.

· China will not acknowledge the attacks and cannot be talked down.

A front page Wall Street Journal article on April 22, “U.S. Eyes Pushback On China Hacking,” talks about increasing diplomatic pressure, trade sanctions, and perhaps cyber countermeasures.

Let’s be honest: the only viable defense under these circumstances is a strong offense. Each time American interests are confronted with clear Chinese attacks, the U.S. must strike back – hard. U.S. cyber defense initiatives should become much more proactive and offensive nature if we are going to see a decrease in foreign cyberattacks of all types.

Agree or disagree?  Let me know.

("Virtual Tanks Protecting Computer Data" image: Victor Habbick/FreeDigitalPhotos.net)

Tuesday, April 23, 2013

From Boston Terror to Cyberterror: The Importance of Getting the Terminology Straight

We can only know how to respond to attacks against the United States if we know what we are fighting back against.

When attacks on the U.S. occur, descriptive words are thrown around by officials and the media in a mad, almost random frenzy, as they try to build a frame of reference to the nature of the threat against us. Whether these attacks involve deadly explosives, such as those used in Boston, or cyberattacks, like the daily assaults against U.S. banks, the word terror must be used carefully.

In the case of the Boston bombings, the term first used by President Obama was “senseless loss.” The next day, he used the term, “act of terrorism,” stating that terrorism is any bombing aimed at civilians. To be accurate, however, terrorism is any attack on civilians for a political purpose. Until you know the purpose, you can’t know if it is terrorism. The Tucson shooter who nearly killed Rep. Gabrielle Giffords in 2011 was simply deranged. He was a certified paranoid schizophrenic, not a terrorist.

Similarly, descriptive words are thrown around in the world of cyberattacks, but they are often inaccurate. Chinese thefts of intellectual property receive knee-jerk reference as cyberwar. Intrusions on banking networks are classified as acts of cyberterror. But the same definition for the Boston attack applies to cyberattacks. An attack which takes out the western U.S. power grid in an attempt to traumatize or bring fear and irrational acts from civilians is an act of cyberwarfare. Theft of intellectual property is cyberespionage.

Cyberattacks of all types – crime, property theft, disruption, destruction – will only continue to increase. If we begin to get our terminology straight, we will be better equipped to clearly understand and respond to such attacks.

NOTE: As of the time of this posting, the Boston attacks do appear to be an act of terror.

("Cyberspace Word Definition" image: Stuart Miles/FreeDigitalPhotos.net)

Monday, April 8, 2013

U.S. Cybersecurity Safety Net to Vanish?

Today, Chinese cyberespionage will continue against corporations and the U.S. government. Meanwhile, Iran will focus their assaults on American banks. They might even cause periodic disruptions in service.

It’s business as usual on the cyber front. And America is wide open for business.
Luckily, a successful cyberattack has yet to be launched against our vital networks such as the power grid or communications network. In fact, such an attack isn’t even expected in the near future – but not because our government has a formidable cyber defense system protecting us.

It’s simply because our enemies don’t yet have the necessary attack capabilities. If they did, America would be on the verge of a state of national emergency at this moment.

The continued attacks and lack of progress were predicted in our Cyberwarfare Quarterly Report (available for download in the sidebar). As the Report states:

"The U.S. continues to operate in a period where a 'cyber safety net' exists - those nation states and radical organizations who want to launch harmful cyberattacks against the U.S. do not yet have the capability, while those that may have the means [China, Russia] have no motive for doing so."

During this relative ‘quiet time’ the U.S. could be aggressively developing strategies and defenses against the cyberattacks that will one day threaten our nation’s most vital networks.

At least, this would be the smart thing to do. 

The steps taken so far include an administration initiative pushing for “guidelines for industry-government cooperation” to protect against cyberattacks. Establishing a one-year timeline just to develop these guidelines is in my opinion using up valuable time in our cybersecurity safety net. 

Is this lack of urgency going to cost the U.S. down the line? I’ll have an update for you in my Cyberwarfare Report in July.

("Net with Blue Sky" image: sritangphoto/FreeDigitalPhotos.net)