Platt Perspective on Business and Technology

Information systems security and the ongoing consequences of always being reactive – 11: governments as white and black hat hackers, and the threat and reality of cyber-warfare

Posted in business and convergent technologies, social networking and business by Timothy Platt on April 7, 2013

This is my eleventh installment to a series on the state of information systems security going into the second decade of the 21st century, and on challenges that will have to be addressed in moving forward from where we are now (see Ubiquitous Computing and Communications – everywhere all the time, postings 185-188 for Parts 1-4 and its continuation page, postings 189 and following for Parts 5-10.)

The focus of interest of this posting is summarized at least in part in its title with the phrase “governments as black hat hackers, and the threat and reality of cyber-warfare.” In a fundamental sense, I have been writing about this topic since before I first started writing to this blog, and from fairly early on in this blog itself. I cite in that regard, a series that I ran in this blog starting in December 2010 titled: The China Conundrum and Its Implications for International Cyber-Security (see Ubiquitous Computing and Communications – everywhere all the time, postings 69 and scattered following for its 24 installments.) China, by no means holds a monopoly in seeing and pursuing cyberspace as a potential site of conflict, and even as a 21st century battlefield. China by no means hold a monopoly in seeing this new and emerging potential battle ground as a source of both defining weaknesses and strength, that could come to dominate the determining of overall outcomes for any conflict where it becomes involved.

I began this posting by citing China because that country and its military are currently very actively in the news, as of this writing, with accounts of how military backed and orchestrated cyber-attacks are targeting both:

• Business and industry computer based information systems, with a goal of capturing business intelligence, and
Supervisory Control and Data Acquisition (SCADA) systems that manage and control key national infrastructure resources such as power grids, telecommunications systems and petroleum and natural gas pipelines.

The concern for the former of these points is industrial espionage on a perhaps vast scale, with redirection of stolen proprietary business information to Chinese industry, and perhaps particularly to the Chinese military’s own vast industrial systems. The concern coming out of realization of the second bullet point is that it looks like the Chinese military is seeking to develop resources in place, that would do nothing and remain hidden in targeted computer systems and networks unless activated – but that could, if successful, cripple and even shut down the backbone infrastructure of the United States and other countries, and if not long-term, then at least long enough to open undefended doors to other forms of attack.

This is all very ominous, but once again, China is not the only country to at least plan, and also to develop and test in that direction. I began by citing China here, and its overtly aggressive and confrontational approach here, but this is only incidentally a posting about China and its approach to cyber-defense (and cyber-aggression.)

• My goal here is to tackle an issue that is perhaps vitally central to this overall topic, but that is rarely if ever explicitly addressed: the difficulty if not impossibility in drawing a clear defining line between defense and offense in any cyber-conflict, or in any real organized attempt to prepare for its possibility.

I will return to the China story in this, but before I do I want to add one more player to this narrative: the United States.

• China has its Great Firewall, or Golden Shield Project as it is more formally known, managed and run by their Ministry of Public Security, that seeks to monitor and manage online information flow and access within China as a national security objective.
• The United States has a series of agencies and organizations (e.g. its Federal Bureau of Investigation(FBI) and more), many of which are now organized and run within the purview of the Department of Homeland Security that seek to identify and stop online criminal activity, and criminal activity in general in the US where organizing or other identifiable information related to it is distributed or stored online. These federal agencies in general hold sway where criminal activity crosses state lines, which is essentially always the case for cyber-crime.
• China has its People’s Liberation Army (PLA). And as just one component to its overall cyber-warfare program, the PLA is currently, as of this writing, operating a very active and outreaching program out of a building in the Pudong New Area of Shanghai that is being carried out by a group called the Comment Crew in the West; this is a unit of China’s Second Bureau of the PLA General Staff Department’s (GSD) Third Department and is more formally, internally known as their Unit 61398 – which evidence now shows to have been in operation at least as far back as 2006. This is the now internationally identified source of many if not most of the recent US (and other national) critical infrastructure probings and attacks that I noted in passing at the top of this posting. (The Third and Fourth Departments are both primarily tasked with cyber-warfare planning and execution and are linchpin to carrying out China’s and the PLA’s cyber-warfare policy.)
• The United States has, among other military commands in place for addressing cyber-warfare, its US Cyber Command, with key elements of that joint services unit distributed widely throughout the overall Department of Defense. And its mission is to prepare defensive and offensive capabilities that would help the US address any possible cyber-threat – ideally at least.

Loosely speaking, both countries have separate cyber-intelligence and response operations facing inwardly and with a more civilian focus, and outwardly and with a more military and national defense focus. But given the nature of cyberspace, with its absence of anything like national borders or boundaries, any “inwardly” facing, civilian-oriented program or organization that works in cyberspace is of necessity going to have to work globally too. And given the nature of cyberspace and the threat vulnerabilities that would have to be protected, any “outwardly” facing national cyber-warfare defense program is going to have to look and connect inwardly too, as there is no clear boundary or border that an enemy would have to cross in launching a cyber-attack within the country.

China’s Ministry of Public Security and their People’s Liberation Army each jealously guard their own turf, cyber-turf definitely included, from incursion by the other. Both are controlled in a byzantine manner by the Chinese Politburo, and more particularly by its Standing Committee.

In the United States, inwardly and outwardly facing organizations responsible for key portions of the overall cyber-defense system are legally separated too where, for example the Central Intelligence Agency (CIA) is legally restricted from conducting any of its operations within the United States proper or its territories and the FBI focuses on crime that directly impacts upon or arises within the United States or its territories. But in cyberspace and when operating online and tracking and interacting with others online it can be difficult or even impossible to know where everyone involved actually, physically is located and certainly in anything like real-time where that would matter.

So far I have noted some of the organization level players in this for the People’s Republic of China and for the United States, and how they are organized at the highest, most general levels as to their missions and areas of focus. China, I will add, has come to be widely seen as one of the largest by volume sources of cyber-attack and cyber-crime in the world today so this topic really does fit into this series. And with this background information in place I come back to my goals bullet point as repeated here, from above:

• My goal here is to tackle an issue that is perhaps vitally central to this overall topic, but that is rarely if ever explicitly addressed: the difficulty if not impossibility in drawing a clearly defining line between defense and offense in any cyber-conflict or in any real, organized attempt to prepare for its possibility.

I am going to look in at least some detail into what that means in my next series installment, and with US and Chinese governmental systems as touched upon here, and their activities, as working examples for explaining the why and how of this observable confusion. And in anticipation of that: on the China side of this story, I will at least begin a discussion of how and why the Beijing government sees its approach to cyberspace and online information as being defensive and even a defensive response to an emerging existential threat, and even as the US government and others see its decisions and actions as offense in nature and as indicators of systematic repression. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and its continuation page, and at Social Networking and Business.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: