Cyber! Cyber! Stealing Bytes…

By Tim Marshall.

The US government says the cyber attack on government computers, revealed this week, is part of an “ever evolving threat” by a “dedicated adversary”.

The personal records of four million employees are now in the hands of the hacker, which was, according to the US, China, an accusation Beijing denies.

America’s cyber security, at national government level, is overseen by the National Security Agency (NSA), which is part of the Dept of Defense (DOD).

Despite the impressive budgets, the formidable technology, and the brilliance of many IT specialists within the DOD, the breach of security, and others over the past few years, is not a surprise.

A DOD Cyber Strategy report published this spring underlined the efforts being made to keep the USA safe, but there was no hiding the weak spots in the defence.CYBER 1

The report nods at the truth that the roots of that weakness lie in the country’s strengths – which are, despite all of the criticism about ‘snooping’, and ‘intrusion’, and some of the troubling measures it has taken, that the USA remains a democracy and the government is bound by the law.

Dr Simon Moores*, security analyst and Chair of the international ecrime congress, told the W&Y –  “Post-Snowden, western governments now find themselves at a strategic disadvantage. The good news is that there are only three things you can do to a computer: steal its data, misuse credentials, and hijack resources. The bad news, is that cyberspace, with its huge surface-area, so readily open to compromise, has become a cheap and dominant military platform for intelligence and point reconnaissance and now represents our greatest vulnerability.”

Because it is a relatively open society, the US government’s share of American cyber space is roughly ten percent. That leaves 90% of the ones and zeroes in the commercial sector, much of which cannot devote the resources to defence that the DOD is capable of.  Therefore a hostile entity is partially pushing at an open door. Getting into the Americans system is easy, and once inside it is more difficult for the state to check who is where, and doing what, than it is in a dictatorship.

Cyber 3In 2011, as preemptive legal warning, the USA declared that cyber attacks constitute an act of war. Therefore legal action against individuals could be taken, economic sanctions could be imposed against states, and even military action could be justified, all underpinned by American, if not international, law.

But those threats are for acting after the event.

Cyber criminals, and states engaged in cyber warfare, act on the principle that the greatest crime is being caught and so devote considerable effort to hiding their tracks, at the least to the extent of being able to claim ‘plausible deniability’ in public.

Conversely, many non democratic states, have an inherent advantage in their own computer systems when the USA seeks to spy on, or attack them.  In countries such as Iran, China, and North Korea, all Internet entry points and internal routes are controlled by the state.  At the legal level, the Chinese government would find it laughable if told it would have genuinely to go through the courts to access a private company’s data, or close down a network.  The Iranian media would never be allowed to publish leaks of classified information highlighting weaknesses or giving away state secrets, such as the West suffered with the Snowden affair.  Given the constraints on America, and the secrecy of many of its enemies, cyber warfare is for now a relatively level playing field. The Americans have the technology and the budgets, while the Chinese, for example, have the sheer numbers of people required to operate a massive world wide hacking strategy, and are unencumbered by legal restraints.

The point of hacking America is far from only accessing government financial, political, and military systems. A hostile entity might seek to close down the electric grid of a city, disrupt water supply, tap into the telephone system, or take over a national TV network. Although they may be non governmental institutions, some still fall into the category of ‘critical infrastructure, and therefore it is the duty of the state to take an interest in their security.  To do this the Pentagon has been involved in an ‘outreach programme’ with the commercial sector for many years. As the 2015 review states “The Defense Department will implement successful private sector exchange programs to bring measurable benefits to the Department of Defense…” The British intelligence services also now ‘reach out’ to private business hoping to co-operate on cyber defence, although not necessarily using exchange programs.

In the non democracies the state simply tells the commercial centre what to do. The USA’s cyber defence (and attack) is hamstrung by legal requirements. The US physical war machine is unparalled, no country is close to matching its prowess, but in cyber space it is a long way from being the clear dominant power.

*Next week Dr Moores, quoted in this article, is chairing the first ecrime congress to be held in China.

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Be the first to comment on "Cyber! Cyber! Stealing Bytes…"

Leave a comment

favorites.png
Comments are moderated before they are published. Please consider if you're contributing to the discussion before you post. Abuse and general negativity will not be allowed to appear on the site. This might be the Internet but let's try to keep things civil.
 

Your email address will not be published.


*


*

This site uses Akismet to reduce spam. Learn how your comment data is processed.