05.29.13
The Iranians are coming!
The US is terribly positioned to talk of fair play in cyberspace. However, it pretends otherwise in the current campaign to boost cyberdefense-spending in the national security megaplex. Consider that one whole plank in the US discussion of China’s cyber-espionage is that the latter is not playing fair. American officials have lined up to assert this over and over, which led to this recent lampoon made for DD blog, one showing Michael Hayden, General Keith Alexander’s predecessor at the National Security Agency.
Hayden famously maintained stealing another country’s secrets for this country was for the security of American citizens, the preservation of liberty. The Chinese, on the other hand, were engaged in dirty pool, when they were stealing (or trying to steal) similar things.
Keith Alexander, the current head of the National Security Agency, in a quote widely used by others to frame an alleged unfolding disaster, claimed that what the Chinese are doing constitutes “the greatest transfer of wealth in history.”
I saw a video of when this was delivered to a small miscellaneous audience of inside-the-Beltway journalists and national security shoe-shine boys. No one blinked or asked a question.
Here’s another example from Bloomberg this week:
“China is doing stuff you’re not supposed to do,??? says Jacob Olcott, a principal at Good Harbor Security Risk Management, a Washington firm that advises hacked companies.
This is Richard Clarke’s firm talking. Clarke has mined the catastrophism end of the cybersecurity discussion since the Clinton administration. That’s a long time, from public service to the private sector and through non-fiction books and novels. As a celebrity in the arena, Clarke has taken it to the bank. Anyone speaking from Good Harbor is a sock puppet in the cause.
The Businessweek piece notes that the National Security Agency has been into everyone’s networks, accumulating so much experience and technical power that much of the routine penetration and collection is automated.
The Chinese are not moved by American complaints. And yesterday’s stunt in the Washington Post, in which it was implied that American weapon systems had been compromised, is not likely to change anything.
From Businessweek:
All this activity gives China leverage against Washington’s complaints, says Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists. Beijing can turn U.S. protests about industrial espionage around and claim that Washington is doing something even worse. “It’s OK to steal plans for a new automobile,??? Aftergood says the Chinese can argue, “but not our national secrets.???
If it is not China, more leaking, or tactical planting of information, is taken to the big media.
Earlier, the Wall Street Journal reported that Iran has been into corporate American energy infrastructure.
From the WSJ:
Iranian-backed hackers have escalated a campaign of cyberassaults against U.S. corporations by launching infiltration and surveillance missions against the computer networks running energy companies, according to current and former U.S. officials.
In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded “far enough to worry people,” one former official said.
The developments show that while Chinese hackers pose widespread intellectual-property-theft and espionage concerns, the Iranian assaults have emerged as far more worrisome because of their apparent hostile intent and potential for damage or sabotage.
The US touched off a hot covert war with Iran when it deployed the destructive Stuxnet malware and perhaps other viruses into that country’s networks in an attempt to derail or slow down its nuclear program. Many computer security experts not in the US government warned that this would touch off an cyber-arms race and escalations.
Unsurprisingly, it has.
In light of this the country continues to act as if it the exceptional nation. It balefully speaks of the actions of others against US networks while reserving the prerogative to conduct extra-legal operations against those deemed enemies. We can no longer have it both ways. There are costs as well as consequences and they quickly become obvious.
In theory, manipulating the software could be used to delete important data or turn off key safety features such as the automatic lubrication of a generator, experts said.
Current and former U.S. officials wouldn’t name the energy companies involved in the attacks. or say how many there were. But among the targets were oil and gas companies along the Canadian border, where many firms have operations, two former officials said.
The officials also wouldn’t detail the precise nature of the evidence of Iranian involvement. But the U.S. has “technical evidence” directly linking the hacking of energy companies to Iran, one former U.S. official said.
The same people are gathered to comment.
The Richard Clarke sock puppet:
“If you were worried about cyberattacks against electric utilities five years ago, you’re still worried today,” said Jacob Olcott, a former cybersecurity aide on Capitol Hill now at GoodHarbor Consulting. “Some within the electric sector have become more savvy about security in recent years. Many are not.”
James Lewis, of the Center for Strategic and International Studies, who provides for every major story on impending cybertrouble:
“It’s reached a really critical level,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies, who frequently advises the White House and Capitol Hill. “We don’t have much we can do in response, short of kinetic warfare.”
The reliance on jargon is a bit cute. Kinetic sounds more erudite than blowing them up.
The Iranians are very threatening because they are bent on destruction, of setting an example of their power in cyberspace, reads the piece. There is the continuing implication that a country with a military that compares to the US as an ant compares to a hob-nailed boot has the potential to create a serious and horrid event in the continental US simply by pushing software switches from remote.
The Chinese, on the other hand, have “a 50-year plan” and are interested in maintenance of stability.
So they are only quietly stealing things.
The media selects and carefully grooms its stories, including those which involve cybersecurity and cyberwar. It actively excludes and edits those who do not exude the right tone.
This has always been so.
The Washington Post’s story on a DoD report and the confidential side of it which revealed China had allegedly compromised important US weapons platforms was guaranteed to generate copycat news pieces throughout the day and the rest of the week.
John Pike, in e-mail from GlobalSecurity.Org, with me:
“One of the networks did a pre-interview with me, but I was not
sufficiently alarmed, so they went with Richard Clarke instead.”
It was learned that this brand of posh wine was a favorite of Richard Clarke’s when he mentioned it repeatedly in Breakpoint, his techno-thriller novel which included cyberattacks on the country.
James Lewis — from the archives.