3 April 2016

Cyberwar, out of the shadows (Q&A)


Author Fred Kaplan details how the US has quietly amassed the power to hack the world but has failed to create a plan for deterring similar attacks on US soil.

A hacking attack on a Las Vegas hotel company. A power grid blackout in the Ukraine. A series of industrial accidents at an Iranian nuclear enrichment lab.

What do all these things have in common? They were likely the work of foreign governments with a political ax to grind.

Welcome to cyberwar. You likely will soon hear more about this new weapon, as the US government becomes more open about its ability to hack targets in other countries, damaging their power grids, dams, factories and key computer systems.

Slate national security reporter Fred Kaplan describes this world in "Dark Territory: The Secret History of Cyberwar," a book released earlier this month. He charts the growth of the US government's hacking abilities, culminating in the creation of the US Cyber Command, which links the National Security Agency's spy prowess with the might of the US military.

Fred Kaplan charts the growth of the US government's hacking abilities in "Dark Territory: The Secret History of Cyberwar."Carol Dronsfield

But for all the damaging hacks the US government could carry out, Kaplan contends with the startling reality that the US is at risk of all the same attacks. While it might not be the world of mutually assured destruction faced during the Cold War, cyberwar clearly presents as many dangers as it does opportunities for the countries that engage in it.

Kaplan spoke with CNET about why this world has remained in shadow for so long, what could deter cyberattacks in the future, and why public debate will help.

Q: Cyberwar is hard to define. Why do you think that is?

Kaplan: Right now there isn't much distinction between cyberwar and cybersecurity. It was decided a few years ago the best way to forestall an attack was to know when the attack is coming. You get inside the networks of your prospective opponents. It's the digital equivalent of having spies on the ground.

The dangerous thing is, it's only one step between that and launching a cyberattack. They could attack us with very little notice, and we could attack them with very little notice. If you're worried that the other side is going hack our infrastructure first -- making it much harder to defend ourselves -- there's an incentive to go first.

You write that there is no good strategy for deterring cyberattacks. Why is deterrence so hard?

Kaplan: Part of the problem is that all of these issues have been entangled from the beginning with the National Security Agency and similar agencies, which are all extremely secretive. Contrast that with the nuclear standoff of the 20th century. From the beginning, you had people engaging in conversation about strategy: "How do you not just fight, but deter another country from blowing us up?""If this technology had been around when Richard Nixon was president and J. Edgar Hoover was director of the CIA, they could have done things that would make what they really did look like tiddlywinks."

There hasn't been anything like this with cyber. It's been too secretive for anyone with a strategic bent to discuss. But now the NSA has merged with US Cyber Command, a combat command [that leads the military's hacking efforts]. It's not just a tool of espionage, but of war.

It's not in the American tradition to build up power like this without it being open to a public discussion. We've amassed all this stuff that can do all these amazing things before anyone has decided whether we should be doing these things.

How has public awareness of NSA surveillance changed the debate about the US government's hacking abilities?

Kaplan: I think it's had a very salutary effect. Edward Snowden's revelations about the extent of domestic surveillance prompted [President Barack] Obama to look into possible NSA abuses and whether there were reforms that should be enacted. They came up with some measures and some reforms, a few of which were actually enacted.

There is potential abuse of this. If this technology had been around when Richard Nixon was president and J. Edgar Hoover was director of the CIA, they could have done things that would make what they really did look like tiddlywinks.

What has the impact been on tech companies now that the public is more aware of the US government's hacking abilities?

Kaplan: There's a long long history of, call it what you will, cooperation or complicity, between telecoms and the intelligence world. In the 1920s, leftovers of the World War I intelligence agency persuaded Western Union to give it access to all the telegrams coming into the country.

When the software and the Internet industries started coming about, it actually became a two-way street. When Microsoft presented a very early version of Windows to the NSA for vetting, the NSA found 1,500 points of vulnerability. They left some open so that they could sneak into this system.

[Nonetheless,] when the Snowden revelations went public, a lot of the software companies howled in protest.

What about Apple, which is fighting a court order to help the FBI break into an iPhone used by one of the San Bernardino shooters?

Kaplan: Apple is a little bit different. Beyond the phone, the government is trying to create a legal precedent that will allow them to perpetuate this arrangement through the next era of encryption, which is making the next generation of software and hardware harder to hack. What Tim Cook is very much interested in is ending this arrangement.

But here in the US, for all the clamoring about privacy, you'll see a 10,000-word contract and you just mindlessly click, "I agree." It's different in other countries. A lot of countries with totalitarian pasts, like Germany, look at the NSA like the East German Stasi. There's the fear that they would lose foreign markets because people would say, "I don't want to buy this product." But the effect that it's had, I'm not really quite sure. The fact is these companies still make the best stuff.


No comments: