One of the headmen of the Cult of Cyberwar, James Lewis of the Center for Strategic and International Studies, admits the cult has overdone it in recent months.
This in a short essay, “The Cyber War Has Not Begun,” here.
No nation has launched a cyber war or cyber attack against the United States … Pronouncements that we are in a cyber war or face cyber terror conflate problems and make effective response more difficult.
This is a bit like seeing the town whore swearing she’ll attend regular meetings of the Church Universal and Triumphant. One can’t help but be impressed — but only in a jaundiced way — wondering how long this ‘conversion’ will last.
Lewis, readers have seen, has been one of the chieftains of the Cult of Cyberwar. And DD blog’s survey of citations of his name, and a few others, in media databases over the past few months shows his footprint clearly.
Here is the unscientific master list, taken from a search on cybersecurity/cyberwar through newspaper databases over the past year, current only to January 19:
1. Alan Paller, SANS — 84
2. McAfee — 80
3. James Lewis, CSIS — 47
4. Booz Allen Hamilton — 38
5. Symantec — 31
6. Mike McConnell, BA — 25
7. Paul Kurtz, Good Harbor — 11
8. Richard Clarke, Good Harbor 4
1. Gene Spafford, Purdue 25
2. Marcus Ranum 0
Here, we don’t split hairs over the precise syntax used by each of the Cult of Cyberwar’s chieftains. Lewis cannot escape that he was one of the major contributors to the bad state of affairs to which he now says nay.
If readers have followed this specialized topic, they know this in response to US cyberczar Howard Schmidt’s recent statement to Wired that the United States was not in a cyberwar. And this was in the context of Booz Allen Hamilton’s Mike McConnell, who had been in the mainstream media repeatedly over the past few months — from 60 Minutes to the editorial pages of the Washington Post — mercilessly pimping the idea that the country was in a cyberwar and that it was losing.
A couple things lend themselves to helpful repeat use:
In the case of Mike McConnell’s list of citations, one remarkable feature [was] that not a single reporter writing these things identified him as the chief salesman of Booz Allen’s cybersecurity business operation. It’s a computer security business which rides on stories about looming cyberwar and the national shortage of computer security workers, to be trained on the taxpayer dime and then poached so that they can be leased to the government by Booz Allen and its competitors.
All this, even though the big aimed-at-the-US-government consulting and contracting business gleefully flogs McConnell and whatever he’s saying or doing on its homepage daily.
What could be better than to have a VP on 60 Minutes telling everyone about the lurking menace of cyberattack, being able to feature that on your homepage right next to your links for cybersecurity job staffing for positions like “Defense Intelligence Critical Infrastructure and Homeland Defense Analyst” or “Iranian Cyber All-Source Analyst”? In case that country is planning to cyberattack us.
“Booz Allen Hamilton, a leading consulting firm, helps government clients solve their toughest problems with services in strategy, operations …” reads the website.
One sees the work afoot here. It could not be more obvious. One has the right to make a good living and there is no better place to present a sales pitch refined into a story of national menace then at 60 Minutes.
As for the James Lewis’s Center for Strategic and International Studies, it sold itself to one of the country’s biggest computer security vendors recently, for the sake of providing ‘research’ on the universal menace of cyberattack throughout the country.
And this was encapsulted in another vignette taken from the archives of recent national news:
Globally, widespread cyberfacilitated bank and credit-card fraud has serious implications for economic and financial systems and the national security …
Power plants, oil refineries and water supplies increasingly dependent on the Internet are under relentless attack by cyber spies and thugs, according to a McAfee report.
The “Critical Infrastructure in the Age of Cyber-War” analysis by the US-based Center for Strategic and International Studies said the price of “downtime” from major attacks exceeds six million dollars a day.
“If cyberspace is the Wild West, the sheriff needs to get to Dodge City,” concluded the study commissioned by McAfee, which sells computer security software.
The Wild West analogy is one of James Lewis’s favorites. And while there may be truth in it, it’s purpose has been to merely feed hyperbole on the subject.
Well sorry, the man can’t have it both ways now.
James Lewis can complain that the manipulative hyperbole on cyberwar on the media isn’t helpful and that the US is now not in a cyberwar. But he should also have mentioned that he’s been one of the primary contributors to the hype. And that the selling of the services of the think tank shop one works out of to a large computer security vendor, for the purpose of furthering the message of cybercatastrophe, is also not much in the way of a confidence builder.
So why is the US not in danger of being crippled in a a cyber-ambush staged by another country?
Lewis answers this question in his essay, but even that is a fairly obvious revelation.
We’d start bombing the hell out of them. With or without ironclad proof of some other country’s complicity has never been an impediment to violent action in recent history.