Last week we witnessed the first Cyber War, but it didn’t go down quite as many of us expected. Instead of a group of anonymous hackers trying to take over thousands of infected PCs or trying to cut off access to critical infrastructure, we saw Google declare the first salvo in its war against Chinese censorship by moving its servers to Hong Kong.
The more I thought about this, the more I realized that this was war, declared by a private company on a nation state. Just because Google doesn’t have its own army (yet), or that no actual physical weapons were fired doesn’t make it any less of a battle. And it is only going to get worse for all of us as other private firms realize that they need to take control over their servers and intellectual property. What is curious is how few companies signed up for the cyber equivalent of the coalition of the willing – GoDaddy was one of the few. Not Microsoft. Not Intel. No PC manufacturer of any shape or size.
Let’s face it. No one wants to declare war on China, whatever form that will take. Most of our PC hardware components are made there. More people are using the Internet in China than the US total population, and it is growing quickly, too. And while the breaches on several Google accounts had Chinese origins, getting accountability isn’t easy.
Coincidentally, while all this was going down I was reading a preview copy of Richard Clarke’s new book called Cyber War. I highly recommend pre-ordering a copy. Clarke was a national security advisor to several presidents and teaches now at the Kennedy School at Harvard.
The book is chilling account of exactly what is wrong with our government and how unprepared we are for Cyber World War I. How so? Think of a Cyber War in terms of nuclear proliferation and the Cold War preparation. But unlike what we did in the 1960s to defend ourselves against possible nuclear annihilation, we are doing everything wrong for a cyber defense. Instead, we have made America more of a target, because so much of our infrastructure, our weapons, our culture, and our PCs are out in the open, ripe for the picking. Look at how easy it is to hijack the drone video feed as a starting point (although the control systems are secured, for the moment.) Clarke talks about various war game scenarios and at one he mentions:
“If you have a mental image of every interesting lab, company, and research facility in the US being systematically vacuum cleaned by some foreign entity, you’ve got it right. That is what has been going on. Much of our intellectual property as a nation has been copied and sent overseas. Our best hope is that whoever is doing this does not have enough analysts to go through it all and find the gems, but that is a faint hope, particularly if the country has, behind the filtration, say, a billion people in it.”
He mentions how there were times when computer professionals working for the Hopkins Applied Physics Lab back in 2009 discovered a data breach. The only way they could solve it was to disconnect their entire organization from the Internet and clean each PC, one by one. “If you are connected to the Internet in any way, it seems, your data is already gone [overseas].”
The problem is that the best defense in a Cyber War isn’t the best offense. Nope: it is hardening your connections. Look at what China has done with its “Great Firewall.” Most of us think this is to keep the porn and liberal thinking out of China. And yes, it does do that. But what is really going on is that in the event of a Cyber War, China can quickly pull the plug and disconnect from the world, to defend itself. Trying asking AT&T or Level 3 to do that here. Ain’t gonna happen.
Another part of the problem is that there is no one actually “tasked,” as they say in DoD-speak, with defending our power grid control systems, transportation networks, and so forth. Where are the cyber equivalents of nuclear strike forces in case someone hits one of these targets? Nowhere. DoD has its own ships, planes, and troops to worry about. Homeland Security is trying to keep shoe bombers and the like out of our skies. What is left is up for grabs. Call it the cyber gap. “Can a nation shut off its cyber connectivity to the rest of the world, or spot cyber attacks coming from inside its geographical boundaries and stop them?” China probably can. We can’t. In an odd twist of irony, the less developed a nation is, say Afghanistan or North Korea, the better defended it can be, because so little of that country’s resources are hackable. How many power grid control rooms have VOIP phones, bringing the Internet literally to the right desktop?
In the past, spies had a harder time of it. They had to physically copy plans, or data, or compromise an actual human being. Now, they can sit in their jammies and download entire manuals without anyone noticing.
When Obama was elected in the fall of 2008, Clarke was an advisor to the transition team. He asked everyone on the team to stop working on their home PCs and even provided brand new Apple MacBooks that were locked down so they couldn’t connect to the public Internet. When the users complained about this when they tried to access public Wifi networks, he “tried to quietly point out that if you are a senior member of the informal national security transition team, you probably should not be planning the takeover of the White House from a Starbucks.” Gulp.
That is the problem. We are too used to our connectivity, and have gotten too complacent with our computers. A lot remains to be done. You have been warned.
Pingback: Tweets that mention Google vs. China, our first cyber war « David Strom’s Web Informant -- Topsy.com
I just forwarded this blog to a bunch of security folks.
At Juniper, I was a member of the High-end Security Systems leadership team at Juniper before leaving to do what I do now which is run a virtualization startup called RingCube Technologies. Before Juniper via NetScreen via Neoteris, I worked at Cisco Systems, Intel Corp and Nortel Networks doing networking and security stuff. I don’t consider myself a security expert by any means but I have spent a great deal of my professional career in networking and security.
This article captures the responses I’ve received thus far from my colleagues on this blog topic who by most accounts, people would deem those folks as “security experts”:
http://www.wired.com/threatlevel/2010/03/cyber-hype/
I think the core message of this blog is getting lost particularly because of its packaging. Kinda like when folks disagree with Obama/Democrat’s fiscal policy and use words like Socialism and Communism to encapsulate their criticism. Hyperbole tends to polarize and leave the source/author of the message with either getting applause or getting discredited with little room for something in between.
Cyber-war, cyber-threat, cyber-security => cyber-sensationalism, cyber-hype?
On point re vulnerability to espionage and electric grid, but the Google withdrawl was a business decision–better to give up 2 percent of their annual revenue than compromise their model for the rest of the world, and the Chinese government’s first consideration is maintaining power, so it had to toe the line on its side. To equate it with cyber war is muddying the picture.
So too, espionage to filch technology and other valuable information, whether by competitors or foreign governments comes under the same broad umbrella perhaps of cyber defense of national interest as defending critical infrastructure, but very different issues.
We expect cyber-espionage, corporate or government sponsored, and we expect our own government to be doing the same. It’s spy-vs.-spy in the new age. The question of potential attack against, say, the electrical grid, is one of motive. A foreign power–let’s say China–may be interested in the potential for disrupting the grid in case of real war, but not going to do it just to hurt their an incredibly important trading partner–it would be an act of war in itself and invite military reprisal.
These are all serious and worrisome matters, but it’s a complex weave of methods, goals, motives and capabilities.
The Carrington event is enough trouble. How come we can’t have the great firewall of chicago. Shouldn’t we have the ability to isolate a breach better then the pres having a shutoff button?
Pingback: Interview with John Jainschigg on our next cyber war « David Strom’s Web Informant