Monday, January 02, 2017

What Are the Rules of Cyberwarfare?


We are now well into the era of cyberwarfare—the use of computers and computer networks in military, terrorist, and diplomatic conflicts.  But to judge by the recent tiff between President Obama and Russian President Vladimir Putin, neither the U. S. nor Russia has figured out exactly how to use these new weapons, or how to defend against them effectively.

Last July, Wikileaks unleashed a flood of embarrassing emails hacked from the Democratic National Committee, leading to the resignation of that organization's chairwoman Debbie Wassermann Schultz and undoubtedly influencing the Presidential selection process, though to what degree it is impossible to say.  In December, the CIA announced that they were confident that Russian hackers were responsible for stealing the emails and giving them to Wikileaks.  And on Dec. 23, President Obama announced that he was retaliating for the hacks by sending home 35 Russian diplomats and taking other actions against the Russian diplomatic corps in the U. S.  After initial talk by Russian officials of retaliation against the retaliation, Russian President Vladimir Putin surprised many by saying he would suspend any actions against U. S. diplomats in Russia, at least until the Trump administration takes office. 

Retaliation against diplomats has been around ever since there have been diplomats.  Over the decades, countries have developed traditional ways of treating official representatives from foreign lands with policies such as diplomatic immunity from routine prosecution, the suspension of normal customs inspection for diplomatic materials, special diplomatic zones around embassies, and other perks.  But one reason for all these special privileges is that they can be revoked at any time. 

This writer is old enough to recall some of the many times that the old Soviet Union (USSR) engaged in these kinds of games with the U. S. on any pretext or sometimes no pretext at all.  It was all part of the Cold War chess game, and watched closely for indications that the Soviets might be wanting to warm up the war a little.  Everyone agrees that sending a diplomat packing is a lot better than throwing bombs, so while tensions are raised by such incidents, it's usually a sign that serious conflicts are not in the immediate offing.

Still, there are a couple of notable and disturbing aspects of the DNC hacks and their consequences.  One concerns the identity of the hackers, and the other concerns what constitutes a truly effective response to such attacks.

It took nearly six months for the CIA to be confident enough to announce publicly that Russians were in fact responsible.  In that aspect, hacking and other hard-to-trace cyberattacks resemble terrorism, in that the identity of the terrorists responsible for a given attack is usually not immediately known, and may not ever be discovered.  Although good detective and investigative work often uncovers the perpetrators eventually, the delay between the attack and the discovery of who did it allows for uncertainty to dominate the situation, leading to general confusion, controversy, and other problems that are usually exactly what the attacker wants to achieve in the enemy camp.  It's possible that the CIA made its announcement when it did not because it took all that long to figure out who did it, but for other diplomatic or political reasons.  Still, it's hard to fight back against an enemy if you don't know who he is.

Identifying the source of a cyberattack is only the first step in an effective response.  As in conventional warfare, one doesn't want to overreact, but on the other hand, just letting an enemy get away with anything isn't good either.  An important factor in these not-yet-open-warfare conflicts is how the public perceives them.  Both the U. S. and the Russian presidents do everything with an eye to their constituents, so things done in secret which have secret effects are not that useful.  Instead of using the hacked emails for their own purposes, whoever hacked them (probably the Russians) gave them maximum publicity, and to the extent that the DNC was hampered in its operations, the attack was a success. 

What's new and disturbing about this particular incident is that it represents a significant intrusion into the domestic electoral process by a foreign power which overtly favored a particular candidate—one who will take office on Jan. 20, barring unforeseen circumstances.  What makes the situation worse is that the President-elect does not seem to be all that troubled about it.  Four years in office is a long time, though, and it's likely that Trump and Putin will at some point fail to agree on something, after which it's anyone's guess what will happen.

Part of what makes it so hard to defend against cyberattacks is the global nature of the Internet environment—Moscow or Paris or Adelaide is just as close to my Internet connection as the neighbor down the street.  Traditional military defenses were geographically fixed and you could draw contours of safety within them—here, you have to be concerned about ground attacks, there you are subject to air bombings, and way back behind the front lines, there was almost nothing to worry about.  But cyberattacks can go anywhere there's an Internet connection, and the targets are often only as well-defended as the private organizations and their IT people can make them.  As we know, these defenses range from the almost impregnable to the nearly nonexistent, and so many attractive cyber-targets are almost defenseless against a concerted attack by well-resourced agents of a foreign power.

It's not clear that the best defense is a good offense either, especially when it's not immediately clear who is doing the attacking.  And when many thefts of data are not discovered until months or years after the damage is done, it's even harder to mount an effective response.

It looks like international cyberwarfare will muddle along in this confused state unless and until such a major attack occurs that we get serious about some sort of national defense policy against foreign cyberwarfare.  There are serious concerns being voiced these days about the hacking of power grids and other vital infrastructure systems such as air-traffic control and the domestic Internet itself.  Our best defense for these systems right now is that nobody has a strong reason to attack them, but that could change at any time.  And if it does, I just hope we're ready for what comes afterwards.

Sources:  I referred to a report on President Obama's retaliatory actions against Russia carried by CNN on Dec. 29 at http://www.cnn.com/2016/12/29/politics/russia-sanctions-announced-by-white-house/, and also a report on Putin's non-response at https://www.washingtonpost.com/world/russia-plans-retaliation-and-serious-discomfortoverus-hacking-sanctions/2016/12/30/4efd3650-ce12-11e6-85cd-e66532e35a44_story.html.

No comments:

Post a Comment