Overview
As we enter into early 2013, the new emerging focus within the Department of Defense--alongside the private sector--is the evermore crucial question of creating a solid defense against the plethora of cyber attacks on valuable national assets. These attacks are far ranging, from a simple hacktivist defacing a meat packaging company's website with slogans about saving cows (lol), to intricate and damaging heists of intellectual information by those that seek to gain an upper hand in markets.
In the past years, media outlets have become virtual whistleblowers about these attacks, as business officials who are the subject of belligerent cyber incursions fail to report their breaches out of fear of losing consumer trust. *The resulting governmental and public awareness has led to a vitalized effort to secure our critical infrastructure and corporate assets.* Prestigious universities such as George Washington and Princeton are offering top tier cyber security degrees and both the undergraduate and masters level. Former Secretary of Defense Leon Panetta signed a series of last second initiatives designed at expanding our 'cyber soldiers' from a measly 900 to almost 5,000, with Hagel picking up the torch on cyber defense issues. Obama, frustrated with congressional stratification, signed an executive cyber security order aimed at increasing government and corporate communication over security flaws. In effect, it's actually very similar to CISPA.
Of course, a mere 15 years ago most security and international affairs officials viewed cyber security as mere blip on the proverbial radar. The concept of a mass cyber attack that left our country in shambles was best left to writers of science fiction, cyberpunk sagas, and Hollywood screenplays. It's a bit of delicious irony that the spoiled directors in sunny California and the farfetched cyberpunk writers many like to poke fun at actually ended up predicting one of the largest threats to American national security. At least, it is to me.
Hollywood prophecies fulfilled set aside, the primary belligerent in the cyberbattlefield is China. Last quarter alone, China accounted for 30% of all cyber attacks in the third quarter of 2012, a 14% increase from the previous quarter. Concurrently, the economic damage of these attacks have also increased. According to President Obama in a speech given in 2009, the economic cost of these attacks range upwards to a trillion dollars per year (all cyber attacks, not just China). This high reward, low cost is exactly why nation states such as China (and to a lesser extent Iran) are turning increasingly to the cyber domain to further their national objectives. Through these substantial and sustained attacks, hostile nations are able to extoll a large economic tax on America that's on par with physical attacks, minus the large scale retaliation.
In Clausewitz's trinity that he describes as the driving force of war, he lays out three major factors: 1. Violent Emotion, 2. Chance and Probability, and 3. Political rationality. It's rather hard to rally a country to war (which is done through invoking a violent emotion towards the enemy) over loss of data, it's similar to asking people to sign away their lives because someone killed your cows. Of course, a cyber attack thats leads to a massive loss of life, such as a logic bomb in our power grid, would likely stir up a slew of "war hawks" to the political stage.
"I promise to end the tyrannical murder of cows, and bring moocracy to farms everywhere!" |
How Do We Respond to these Attacks?
Given that the field of cyber security is fairly new, the extent to which these strategies have been validated is rather low. Until now, there has been no large government wide initiative to create a robust cyber defense infrastructure. Therefore, these are mostly musings more than anything.
It is important to remember that the United States is constrained in it's possible response options. As I've mentioned before, since these attacks have only produced economic damages, and no physical impairment, its nearly impossible to mobilize a civilian movement. Further, given the economic interdependence between the two countries and the domestic decline of the American domestic sphere, it's most likely against U.S. interests to get involved in another bloody and prolonged conflict in Asia.
So then, we are left with three large options (remember, none of these are mutually exclusive):
1. Responding with offensive cyber operations
2. Diplomatic pressures
3. Increasing cyber security
Option 1: Responding with Offensive Cyber Operations
Summed up, this is the 'eye for an eye' approach. While I'm sure that we in engage in minor cyber espionage activities in country, I doubt any of these operations are very extensive. With this option, the United States would not only continue to expand its cyber security capabilities, but also an injection of steroids its cyber offensive capabilities, and subsequently putting the latter to good use.
There are a variety of ways America can attack China, as in many ways, China is more vulnerable to attack than the U.S. is. Due to the overly restrictive nature of the Chinese authoritarian regime, the network systems there are most likely more centralized than the systems in the United States (see note). For those relatively unfamiliar with the adverse effects of centralization, it basically creates an interconnected system of networks to one huge host (or a group of central hosts/hubs). While the primary gain is an increase in technological efficiency (if established properly), the resulting weakness is rather obvious: take down the central system(s), and the entire sphere of networks collapses with it.
Now, shutting down an entire hub might be drastic, but launching attacks on networks controlling business operations or oil installations could result in a pretty heavy penny on the Chinese economy. Sabotaging the defense industry in China, for example, could result in beneficial gains for the United States and her allies. While an attack on Chinese Command and Control networks might dissuade them from being as belligerent when it comes to territorial issues.
2. Diplomatic Pressures
Even though a world wide based campaign against Chinese attacks is unlikely, the United States has a variety of diplomatic tools at its disposal to try and the Chinese to put a leash on its "cyber militias". For example, we could step up pressure on the North Korean regime by putting in place a large embargo on all items except food and aid, increase military aid to South Korea, Japan, Taiwan, and India, as well as reinforcing their territorial claims, or continue demands that if China doesn't cease their illegal attacks, there will be negative reciperical effects (primarily, economic through trade restrictions).
3. Increasing Cyber Security
Of course, the most effective way to protect our assets is to increase our infrastructure that is designed to counter act illegal incursions into our cyberspace. Luckily, we seem to be doing this, with an increase in our cyber force, and grumblings of endings our heavy relience on Chinese telecommunications companies (which often act as fronts for Chinese espionage). However, there still exists the need of improvement. As my teacher put, "We need to find the biggest nerds living in their parents basement, and drag them out into daylight to work for us." A sustained effort to test and retest the sturdiness of our cyber defenses is going to be needed.
-Tom
** I alleged that are government ignored many of the threats of cyberwarfare in an earlier post, and rather ironically, the government came out with plans to fill these gaps a few days after I made the post.
Note: The comment on centralization stems primarily from observations I have made on the behavior of the Chinese government
UPDATES:
http://money.cnn.com/2013/02/19/technology/china-military-cybercrime/index.html?hpt=wo_c2
- Mandiat, who released a live video of a Chinese hacker... well... hacking, alleged in a 60 page report that the Chinese military was heading up cyber espionage operations against the United States. While this does not come as a shock, it is interesting. Typically, the Chinese government utilized so-called "cyber militias" to attack the U.S. in an attempt to strengthen their plausible deniability claims.
- According to the Military Times, the United States is poised to retaliate by putting into place fines, penalties, and trade restrictions; China responded to U.S. allegations by affirming their stance of not getting involved with cyber attacks. They also claimed to have traced attacks back to the U.S., though most experts state that the U.S. government is not responsible.
No comments:
Post a Comment