Saturday, June 14, 2014

Cyber Part II - Fear, Beagle-punching, profits

by Bill Doughty

President Eisenhower famously warned against a military-industrial complex. The authors of "Cybersecurity and Cyberwar" ask if a cyber-industrial complex is developing, especially since 9/11/2001. 

As fear grows so does the profit motive.

But authors P. W. Singer and Allan Friedman contend that cyberthreats are not all created by a great conspiracy or political and profit incentives. 

They ask that threats "be put in their proper context and understanding." 

And they show how the pieces can fit to provide greater security and less fear.

The authors define and differentiate types of attacks using the "CIA triad": Confidentiality, Integrity and Availability. They examine:
  • how terrorists use the Web, 
  • why North Korea (which they call a "cyber pygmy") is less vulnerable to a Web attack, 
  • what Stuxnet did to Iran, 
  • how China steals trade secrets, 
  • what Israel's Operation Orchard did to network operations in Syria, and 
  • why "the best defense is a good defense," with parallels to the aftermath of the assassination of Archduke Franz Ferdinand in 1914.
"Cyber Security and Cyberwar" is between "Leading with the Heart" and "Neptune's Inferno."
It's thought-provoking history and context, with references to Mark Twain, Thoreau, von Clausewitz, President Truman, the Khan Academy and Tom Cruise and the Church of Scientology. 

Iraq and the rule of unintended consequences come up several times.

In 2007 several soldiers in Iraq, using their smartphones, took pictures of U.S. Army helicopters and uploaded them to the Internet, not knowing the photos had geotags that identified their precise location; insurgents destroyed four of the helos in a subsequent mortar attack. In another incident, Army officers took down an enemy computer network facilitating suicide bombings but inadvertently shut down 300 servers in the U.S., Europe and Middle East. And, at one point, insurgents in Iraq hacked into the feeds coming from drones using over-the-counter software. They were then able to watch themselves being watched by us. 

Part II of this book is all about why it's important to learn "What Everyone Needs to Know."  While this book is engaging as an instructional manual of sorts, focused on accomplishing its goals, there are moments of what the authors call "fun" and "whimsy." 

Just as Clay Shirky did about a lost cell phone in "Here Comes Everybody," Singer and Friedman talk-story about organic self-correcting online justice. Their anecdote is about beagle punching.

When "hacktivists" saw an undercover video of workers in a testing lab doing acts of animal cruelty they took matters into their own hands. Employees who punched beagle puppies in the face (no, I don't know what they were testing) were targeted for cyberjustice by hackers who used "both new hactivism and old-school civil disobedience." While the hackers' reaction may have been overboard -- publishing names, addresses and embarrassing personal information of employees -- the effects were startlingly effective. "Cybersecurity and Cyberwar" gives the details and brings up other examples of social media activism, including the "Arab Spring."

The authors call for perspective in the face of fear when considering how much damage can actually be done, noting that "the computer used as a military weapon is just a tool. Just as the spear, the airplane, or the tank, it simply aids in achieving the goals that are part of any military operation." We're reminded that box-cutters are tools, too, and in 9/11 in the hands of Islamist religious fundamentalists some box-cutters brought about massive destruction.

Learning the threats and strategies for defense: cyber security class at the U.S. Naval Academy.
The insights of U.S. Naval Academy Professor George R. Lucas Jr. are brought up several times in this book. Lucas says, "The threat of cyber terrorism is greatly overblown." And, "To be blunt: neither the 14-year old hacker in your next-door neighbor's upstairs bedroom, nor the two- or three-person al Quaeda cell holed up in some apartment in Hamburg are going to bring down the Glen Canyon and Hoover Dams."

Singer and Friedman show one example of the profit motive and growth related to cyberfears: In 2001, only four firms were lobbying Congress about cybersecurity, but in 2012 that number had risen to 1,489 companies seeking to influence public policy or otherwise lobby for their interests.

"With that money comes the risk of bias and even hype," the authors warn.
"The most important takeaway, then, is that we must avoid letting our fears get the better of us, or even worse, let others stoke our fears and thus drive us into making bad decisions. How we respond to this world of growing cyberthreats will shape everything from our personal privacy and the future of the Internet to the likelihood of regional crises and even global wars."
So the challenge is finding balance and perspective between security and privacy/freedom, face the hard choices, and make good decisions. That brings us to Part III, "What Can We Do." 

No comments: