Cyber Scene #7 - Cybersecurity Transition

 

Cyber Scene #7

Cyber Scene is intended to provide an informative, timely backdrop of events, thinking, and developments that feed into technological advancement of SoS Cybersecurity collaboration and extend its outreach.

---

 

Cybersecurity Transition

The President's Commission on Enhancing National Cybersecurity delivered its urgent recommendations in December 2016 for president-elect Trump, identifying actions to be taken over the next 10 years, which has now been followed by the new administration's revised draft Executive Order examining cybersecurity.  The 12-member commission, comprising business, academic technology and security's "brightest minds," addressed public-private sector information sharing on cyber threats.  Since spring, the present administration reportedly requested a 37% increase in cybersecurity resources for 2017 but found Congress unwilling to fund the Cybersecurity National Action Plan (CNAP) budget proposal outlined in Cyber Scene #3.   (see the Associated Press article in its entirety at

http:///www. miamihearald.com/news/business/technology/article118665973.html)

Economist's Special Report on Espionage Spotlights Cyber Prominence

Permeated with explicit as well as implicit cyber security issues, the Economist executed a particularly pithy five-part deep dive on Espionage (Nov. 12, pp 3-12). This analysis begins with technology and ends with the road to improvement under legal constraint/oversight on both sides of the Pond.  Peppered with photos of the usual distorted Hollywood "spies," the unforgiveable typo of "SIGNIT" in a graph, and source tributes "to all who remain anonymous" (one being Oleg Kalugin), the analysis is nevertheless excellent and worth a complete read.  For the time-constrained, a pre-digested cut follows.

Shaken and stirred  (Overview)

The introduction opens with Perestroika ("The Mitrokhin Archive" which revealed Kim Philby, inter alia) and fast forwards to Snowden, contrasting  typed manuscripts with digital downloads.  The analysis contrasts the world where Western intelligence agencies, whose masters were their governments, were pitted spy v. spy, with the present where the services are part of everyone's world.  Beyond protecting society from terrorism, these services are now "...held to account in the press, parliaments,and courts."  The analysis tracks this transition, still in progress, which is in part due to the revolution in technology.  The Utah Data Center and GCHQ's "hum" of computers inside the "donut" in Cheltenham, UK, are raised as examples of how the revolution "...has brought spying closer to ordinary people."  The mission, now globalized, has also evolved:  coded short wave messages and drop boxes of old have morphed into computers and smartphones "...identical to those in your pocket."  The services, particularly pre-emptive counter-terrorist ones, morph as well from "gatherers of evidence" to "hunters of conspiracies."  The public no longer accepts "trust us" but is thirsty for transparency, whence the inherent polarity re: secrecy.  The UK success in keeping the Enigma secret during World War II is juxtaposed with US journalists publishing Bin Laden's cell phone use as the impact of this so-called "need to know" harming the intelligence services' ability to protect.  The special report looks at intelligence transgressions but notes that the "savage criticism" of late (re U.S. and U.K. services) is overblown.  It acknowledges that "freewheeling James Bonds" (as in the report's photos) or mass surveillance are myths, and that the criticism is particularly unfair when it comes from outside the Five Eyes (US, UK, CA, NZ, AU) community, which has oversight in place.

Tinker, tailor, hacker, spy (Technology)--Who is benefiting the most from the cyberisation of intelligence--the spooks or the foes?

The report now looks at the dual-edged sword--that "the computer was born to spy"-- but also that said technology becomes supercharged in a multi-polar, multi-dimensional world.  At $3.4 trillion, the internet has resulted in cyber leaps and "signals intelligence gushing in torrents. The trick is to make sense of it."

The report enumerates cyber opportunity and threats:  contact chaining, "data exhaust,"  so-called intelligent home appliances, and many other attack surfaces for hacking which include open source data sets.  Despite the exponential growth, the intelligence services "...not only do more, but spend less" when compared with $175,000 per month for a HUMINT tail.  But tracing data is also problematic:  protocol issues; online gaming, chat rooms and steganography; encryption; shear volume; and less human error to name a few.  One 11/15 Paris bomber reportedly directed that a call be relayed via Syria to pass through a lightly monitored Turkish network.  NSA and GCQH should bring vulnerabilities to the attention of the software companies for patches, but "...in their role as attackers, (the SIGINT agencies) need some reserve."  Pew Research Center charts note that Americans themselves don't know what the balance should be. 

Standard operating procedure (Governance)--How the war on terror turned into a fight about intelligence

The "whipsaw" effect of the intelligence services' immediate 9/11 ramp up, following the proverbial seven years of famine, and then severe scrutiny, serves as "...a case study in how democratic, law-abiding societies struggle to govern bureaucracies that act behind a veil of secrecy...The thing to remember, however, is that in other countries the debate barely took place at all."

So procedures such as the President's Surveillance and CIA interrogation programs, deemed legal were revisited with the opposite decision and particular acrimony with Snowden's massive 2013 leaks.  Some claims of the former may have been overstated, and one defendant of the latter argued that the three individuals who were waterboarded were "walking libraries." Reasonable and highly unreasonable complaints were co-mingled, with press coverage pointing to services being "out of control" rather than simply highly bureaucratic and subject to the complexities of the laws.  The press also skewed the facts, and as General Mike Hayden, former NSA Director notes, should have reported the headlines to have been:  "NSA damn near perfect."  Former GCHQ Director Iain Lobban, when asked if his workforce were asked to snoop, replied "I wouldn't have a workforce; they'd leave the building."  Despite the tendency to achieve balance, the trade-offs between intelligence effectiveness and winning public trust are a constant.

China and Russia:  Happenstance and enemy action--Western intelligence agencies are turning to the old rivalry with Russia and the new one with China.

While many Western intelligence agencies establish strong liaison ties with the biggest ones (e.g., CIA or DGSE), and particularly for SIGINT or IMINT support, rivalry is a bigger global story:  in 2015, the DNI James Clapper told Congress that China and Russia were  America's main cyber threat.  Recent hacks (e.g., Simone Biles' medical records and the DNC and former Sec State Powell's e-mails) underscore the unrestrained nature of active measures.  RT, Russia's overseas television network, has taken to slurs the Economist dubs "insinuendo," destabilizing former Warsaw Pact democracies with devastating Crimean results. Russia leads the way, with China in fast pursuit and moving from an internal focus to "Ugly Gorilla" and PLA-related intrusions leading to DOJ indictments. While US-Russo relations remain  strained, Economist authors believe that intelligence holds the possibility of calming US-China tensions, but Gen. Hayden notes that with China,  "No one else is in the same area code.  It's pass-fail."  A chilling chart, "Habitual Intruders," tracks 12 years of suspected Chinese hacks.

The solace of the law--How to do better

Linked to Cyber Scene 2's legal discussions, the concluding segment calls to mind the arguments of just war theory, underscoring five guiding principles for the legal ramifications of the future of a particularly "cybernised" world:

• the accessibility of the law           
• the necessity of spying, regardless of the means
• proportionality                      
• oversight and monitoring, and 
• redress by an independent tribunal for those mistreated.

As CIA Director, General Hayden added "politically sustainable" to his Venn diagram, a notion echoed by Michael Leiter, former Director of the National Counterterrorism Center when he called "translucence" the need for the public to have a broad outline, but not details of what services do.  This vast agenda before the intelligence services also requires the highest of standards: the article closes by noting that critics must understand that "the intelligence services are often the best protection ordinary people can hope for."

(See: http://www.economist.com /news/special-report /21709778-intelligence-services-both-sides-atlantic-have-struggled-come-terms?frsc=dg%7Cd  for the entire report, www.economist.com/ rights for reprints, and www.economist.com/special reports for a list of named sources.