Tuesday, July 20, 2010

The threat of cyberwar (roundup)

There has recently been a good bit of media coverage of the issue of "cyberwar". An article at the Economist gives a good overview of the debates regarding the threat of cyberwar and what America and its allies are doing to prepare. They describe two basic levels of cyberwar -- espionage and sabotage:
The next step after penetrating networks to steal data is to disrupt or manipulate them.
Since so much of this discussion is focused on surveillance and secrecy, I'm going to include recent articles on those topics. I won't provide any substantial commentary, just some choice quotes.

NPR has an article covering the concerns of cyber-alarmists; James Gosler describes the challenge and our inadequate preparation:
"You can have vulnerabilities in the fundamentals of the technology, you can have vulnerabilities introduced based on how that technology is implemented, and you can have vulnerabilities introduced through the artificial applications that are built on that fundamental technology," Gosler says. "It takes a very skilled person to operate at that level, and we don't have enough of them."
Gosler estimates there are now only 1,000 people in the entire United States with the sophisticated skills needed for the most demanding cyberdefense tasks. To meet the computer security needs of U.S. government agencies and large corporations, he says, a force of 20,000 to 30,000 similarly skilled specialists is needed.
So basically, every smart person in the US should work for the CIA/NSA. That's a bit of exaggeration, but Gosler is still suggesting a massive allocation of resources to the field of cyberdefense, a large portion of which will involve secret government agencies (for a sense of scale, there are about 30,000 science and engineering PhD's awarded each year in the USA).

For all the hype about the threat from China, the Economist has this to say:
Western spooks think China deploys the most assiduous, and most shameless, cyberspies, but Russian ones are probably more skilled and subtle. Top of the league, say the spooks, are still America’s NSA and Britain’s GCHQ, which may explain why Western countries have until recently been reluctant to complain too loudly about computer snooping.
Of course the USA is still the best at cracking codes and spying on communications (rember the establishment of warrentless wiretaps from the NSA). But that doesn't mean we should let down our guard. Here's a long but telling quote from the NPR story:

The cyber manpower crisis in the United States stands in sharp contrast to the situation in China, where the training of computer experts is a top national priority ...

The Chinese government, in fact, appears to be systematically building a cyberwarrior force.

"Every military district of the Peoples' Liberation Army runs a competition every spring," says Alan Paller of SANS, "and they search for kids who might have gotten caught hacking."

One of the Chinese youths who won that competition had earlier been caught hacking into a Japanese computer, according to Paller, only to be rewarded with extra training....

Some members of Congress, eager to follow China's example, are now promoting a U.S. Cyber Challenge, a national talent search at the high school level....

Last year's preliminary Cyber Challenge game was won by a 17-year-old from Connecticut — Michael Coppola — who was smart enough to hack into the game computer and add points to his own score.

... the competition judges were so impressed by Coppola's ability to hack into the computer game that they actually rewarded him for changing his score.

"It's cheating," Michael says, "but it's like the entire game is cheating."

Indeed. People who know how to cheat will soon be on the front lines of cyber defense...

So,the ethic of these new "cyber-soldiers" is to do whatever it takes to win (Just one more way that the USA emulates the People's [sic] Republic of China). They are even rewarding "soldiers" who attack non-target computers as part of their strategy. As they say, the "whole game is cheating". So much for the myth that there can be rules in war...this seems morally equivalent to Germany marching through Belgium to attack France, or Hamas launching rockets at Israel from within urban areas. What is the chance that these "cyber-warriors" will flinch at taking over your personal computer to use it as a weapon against their enemies? Not much different from the Russian mafia with their bot-nets.

Well, I'm out of time, but here are a couple of other stories to think about:

The American security apparatus is out of control, and now includes almost a million people with top-secret security clearance. Soon enough, there won't be anything special about having security clearance -- what will make you special is if you don't have security clearance. To paraphrase Noam Chomsky: covert actions are only secret from the domestic population.

For some context, Kevin Carson has been expounding on how the National Security apparatus is becoming involved (or can be expected to get involved in) in all sorts of traditional law-enforcement activities, from the drug war, to copyright infringement, and just harassing dissidents.

Update: I should mention that this was inspired by a post at "The Ruling Class" blog, called, of all things, The Ruling Class.

No comments: