3 May 2019

Dawn of the code war

By Usman W Chohan

'Dawn of the Code War: America's Battle against Russia, China, and the Rising Global Cyber Threat'.

Cybersecurity is now an imperative cog in the national infrastructure apparatus in several countries, and the protection or disruption of national cyberarchitecture represents a pressing concern in many world capitals.

To varying degrees, countries are now employing “cyber armies” to engage in low-intensity conflict in cyberspace, in addition to preparing for larger-scale interstate hostilities.

Non-state actors and smaller countries are also eking out asymmetric advantages by investing resources in cyber capabilities.

As the third decade of the 21st century soon begins, cyberwarfare will come to be an ineluctable security consideration, even in peacetime conditions.


But this was not always the case. Governments and their security establishments, including that of the United States, paid insufficient heed to the threats that cyberwarfare could and would pose.

Only by learning the hard way, and through a systemic lobbying effort by key stakeholders the countries would realise that cyberspace was an open-front for sustained and asymmetric warfare.

The process of that realisation in structures of government is the essential subject of John P Carlin’s ‘Dawn of the Code War: America’s Battle against Russia, China, and the Rising Global Cyber Threat’.

It details the chronology of cyberwarfare attacks from an American point of view, and gives a legal-judicial perspective.

Specifically, the book highlights five sources of threat that the American cyberarchitecture has faced in the last three decades i.e. China, Russia, North Korea, Iran, and non-state actors like the Islamic State.

Carlin, who had served as the national coordinator for the Justice Department’s Computer Hacking and Intellectual Property program during the former US president Barrack Obama’s administration, oversaw a network of specially trained prosecutors who focused on cybercrime. Since 2016, the international media has obsessed about the Robert Mueller’s report on Donald Trump’s alleged corruption and collusion.

Interestingly, Mueller worked as a prosecutor in many domains, including cybercriminality with Carlin working directly under him in that capacity. This angle of his experience, therefore, also sheds an important light on the professionalism of the American Justice Department and the individuals who help to cement that reputation: Carlin and Mueller included.

Carlin’s chronology first depicts the humble beginnings of the office, chasing after the “usual suspects” such as spammers, fraudsters and copyright infringers. However, the game grew much heavier when Carlin’s office recognised a burgeoning threat from Chinese government espionage.

The Chinese “threat” consisted of an army of hackers trained to crack into foreign servers to steal plans, negotiating strategies and any useful proprietary information.

The chronology of this trend towards theft of intellectual property is an important element of the book, and it is also situated within the two-way tension: China blocks sources of information (The Great Firewall), and it also grabs critical information from abroad.

The Trump administration’s pursuit of this issue has been a key spark behind the Sino-US Trade War which has impacted international economic growth through the cooling of global trade. Carlin’s analysis of events puts much of that global shadow-boxing match in context.

The Iranian Revolution also comes to the book’s foreground as its cyber army began to bring the fight to America’s doorstep.

Iranian hackers penetrated the information systems of the Sands Hotel and Casino in 2014, as revenge against the Casino’s owner and pro-Israel political extremist Sheldon Adelson.

Sheldon had publicly advocated for the dropping of ballistic missiles against Iran, and the Iranian hackers retaliated against his warmongering remarks by thwarting his legalised gambling racket through cyberattacks.

Carlin highlights this episode in his book to emphasise the capabilities that the Iranian cyber army, despite national isolation, has systematically developed.

Carlin then draws attention to the state-sponsored nature of North Korea’s cyber army, which has managed successfully to evade the otherwise brutal sanctions regime that the US has imposed.

A key observation of the author is that the North Korean hacking of SONY, a Japanese media conglomerate, was a seminal event in the proliferation of cyberwarfare.

North Koreans retaliated because of the release of a propaganda movie The Interview which belittled their Supreme Leader.

The SONY hack is particularly important because of the legal complexities involved for a Justice Department: should an American legal institution pursue a case against a North Korean hacking unit for sabotaging a private Japanese company releasing an American propaganda film? These sorts of legal quagmires are richly explained throughout the book, but most adeptly in the North Korean case.

The author also discusses the role of non-state actors in cyberspace. The widespread, anonymous and amorphous nature of the internet allows terrorists, criminals, and other nefarious actors to gain a disproportionate voice relative to their size in the real world.

Finally, the book raises concerns about “Russian meddling” in American political and social life. Written in the post-2016 election environment, the book highlights the impact that even comparatively small but highly specialised and savvy forces such as Russian cyber groups can have on a large democracy.

The implications of information wars is becoming even more evident in other countries, such as in India, where the 2019 election represents a catastrophic muzzling of truth/facts in the wake of the BJP’s disinformation empire. Sadly, Carlin’s insights about information cyberwarfare are both prescient and likely to worsen in the years to come.

That said, there are several shortcomings of Carlin’s book which deserve categorical mention.

First of all, the book relies too much on public domain research and secondary sources. The book had to be cleared by the Justice Department to not reveal anything compromising. Naturally, given the pernicious role of the American surveillance state, and its near dominance of online communication network traffic flows (most global data passing at some point through American servers, except for in China), there would be much that would need to be concealed. But the reliance on secondary sources reduces the impact that a truly behind-the-scenes look would have offered. We might suppose that the world’s cryptoanarchists and neo-Wikileaks are best poised for that role, rather than a retired bureaucrat like Carlin.

Second, it is a clear limitation of the book that it is excessively US-centric – eulogising the American role in cyberspace as one of merely crime-fighting and not crime-causing.

This “Captain America” narrative distracts severely from the analysis when it delves into monologues about the role of America as supposed savior of the online frontier.

It also detracts from otherwise sound analysis and observations about the looming threats of amorphous online warfare. By any measure, the worst perpetrator of cybercrimes in the world could hardly be a group in Tehran.

Third, the book advocates a logic of “naming-and-shaming” international cyber actors. The premise of Carlin’s practitioner work in the Justice Department was that cyber criminals or cyber domain entities must be called out in order to dissuade them from further actions. However, the author should have recognised that naming-and-shaming has its limits, not least because agents can and do change their names, but also because the author is particularly silent on the American names that must be shamed.

This also speaks to the fourth limitation, which is that the author severely downplays America’s cyberwarfare crimes over the past three decades, and this leads to take dubious moral positions in many cases, not least in discussing characters who are considered heroes by some in the online domain such as Julian Assange, Edward Snowden, and Chelsea Manning.

As such, while Dawn of the Code War is an important contribution to a readership’s understanding of the evolution of cyberwarfare, particularly from an American point-of-view and a legal-jurist perspective, its limitations and biases must be explicitly noted.

Further works must complement the initiative of this book by providing more broad-based, international, and nuanced perspectives to go beyond the “Captain America” approach.

Dr Usman W Chohan is the Director of Economics and National Affairs at the Centre for Aerospace and Security Studies, Air University

No comments: