Platt Perspective on Business and Technology

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 2

Posted in business and convergent technologies, social networking and business by Timothy Platt on July 1, 2017

This is my second installment to a new series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Part 1.)

I stated at the end of Part 1 that I would turn here in its follow-up to at least briefly consider how Russia used cyber-weapons to influence and even disrupt the 2016 elections in the United States including the presidential election there. And I will do that here, widening my perspective on the issues raised by that one event to also consider, for example, Russian meddling in the United Kingdom’s Brexit referendum and recent European elections too, as well as other internationally impactful cyber-attack incidents.

I begin this posting and its narrative by citing some recent news stories concerning at least some of these cyber offensives, as specifically orchestrated by and led by agencies of the Russian government:

UK Officials Now Think Russia May Have Interfered with the Brexit Vote.
Russian Meddling and Europe’s Elections.
FPI Conference Call: Russian Interference in Foreign Elections.

And I also cite this Wikipedia piece:

Russian Interference in the 2016 United States Elections.

and this public release version of an official US government intelligence community assessment report on the 2016 hacking of United States elections by the Russian government and by groups organized and led by them in that:

Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytic Process and Cyber Incident Attribution.

Officially, nation states only develop cyber-warfare capabilities for defensive purposes, and as a deterrent from others using this type of weapon offensively against them. If they admit to having cyber elements in their militaries at all, it is always for strictly defensive purposes and never with intent to proactively, offensively use them.

North Korea and China have deployed cyber-weapons in pursuit of their national interests and so have the United States and others and in a variety of arguably non-defense roles. All three, and other nations as well, have actively used these capabilities in order to clandestinely gather in secret and sensitive information from national governments. And for China and North Korea this has also actively included gathering sensitive and confidential information from private businesses too. And a variety of countries have at least occasionally used these capabilities in more overt manners too, besides just seeking to surreptitiously gather information through cyber-espionage.

As a specific and well known example of that, the North Korean government very specifically cyber-attacked Sony Pictures and their computer network in retaliation for their producing and releasing a movie: The Interview, in which a buffoon representing Kim Jong-Un was targeted for assassination. See:

U.S. Said to Find North Korea Ordered Cyberattack on Sony and
N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say.

And North Korea under Kim Jong-Un has become particularly active in using cyber-weapon capabilities offensively. They have used their cyber-capability to attack banks and private businesses in South Korea, and to attack the South Korean government itself. And as a very recent, as of this writing, example of this policy and practice, consider their use of ransomware as a means of bringing in foreign currency “income” and from multiple sources globally, to help prop up their economy.

North Korea’s economy has always been weak at best but it has spiraled downward from weak to worse under sanctions imposed because of their recent nuclear weapons and ballistic missile tests. See:

• This Wikipedia piece on North Korea’s far-reaching WannaCry Ransomware Attack and this news story about it:
More Evidence Points to North Korea in Ransomware Attack.)

I have to add that even countries that have largely limited their development and deployment of cyber-warfare capability to defensive use have found themselves at least occasionally resorting to them in offensive initiatives. I cite the use of the Stuxnet computer worm as an example of that type of cyber-offensive approach as the United States and Israel specifically sought to impede Iran’s effort to develop and produce nuclear weapons as a particular limited, targeted use of this type of capability.

I have to add that offensive and defensive are in the eye of the beholder. I think it safe to state that the United States government would claim that it carries out cyber-surveillance on the computer networks and systems of countries such as North Korea (as noted above) for strictly defensive purposes. And the same could be said of their alleged use of cyber-weapons to impede North Korean ballistic missile tests “left of launch” – on the ground and before those missiles can take off. They would claim that these are all defensive measures taken to deter the grave risk that an always unstable at best North Korean leadership might have nuclear weapons and ballistic missiles that they could deliver them with in a devastating attack. The North Koreans, and I add others might see this type of action differently and as representing something other than defense-only.

And of course Russia has recently gone on the cyber-offensive and very actively, and globally in attacking and seeking to suborn elections and referendum votes in multiple nations that they see as being at least potential adversaries, as noted in the above references on that. And they have cyber-attacked neighboring countries in a variety of ways over the years too (e.g. in preparation for their physical incursion into the Ukraine.) And I add that they have prominently deployed social media and related resources as weapons in much of this, as touched upon in more abstract terms in Part 1 of this series and as noted, by way of example, in the news pieces pointed to in the above-offered links.

New technologies and new ways to use already established ones create both new positive-side possibilities and new, negative-side vulnerabilities. And the more disruptively significant a New is, the greater both the positive and negative side to it can be for impact achieved. This holds for social media and the emerging internet of things, and it applies to cloud storage and cloud-based application programs and related distantly located and managed functional capabilities. This applies to essentially every new and every next-step technology that emerges, and certainly online where an attack can be launched and sent out at close to the speed of light and with largely effective masking as to where an attack actually came from.

• These new and emerging technologies are usage neutral in this regard, in and of themselves. Their societally positive and negative values arise in how they are used and in what ends they are used to achieve.
• And information systems security: an increasingly vital face to national security and on all levels and for all nations, is increasingly a matter of thinking outside of the box of past and even current practices, and beyond the scope of past and even current possibilities, to imagine what a potential adversary: local and individual, or national and more comprehensively scaled might do or try to do next. (See Stuxnet and the Democratization of Warfare for a brief orienting discussion of the roles that even single individuals can play in this.)
• Then the next step in this risk assessment and remediation conceptualization arises and it is the most difficult one of all to actually design for use and to put into effect – getting people and organizations: both businesses and governments included there, to actually prepare for what might come, by installing and using protective systems that are developed in light of realistic threat assessments, and that include in them proactive protective elements.

I keep finding myself thinking back as I write this, to a fundamental challenge that is implicit in the ongoing real-world information security experience publically shared by the Open Web Application Security Project (OWASP) in their Top 10 threat assessment and identification project. Many of the most serious and prevalent risk vulnerabilities that this widely known and respected organization has published about, have been included in their recurringly updated Top 10 risks list for years now, and even from the beginning of that organization and from the first edition of this list. Widely accessible ways are available for both identifying where these vulnerabilities are in systems that exhibit them and for remediating them, patching and removing them. But so many businesses and even government agencies do not effectively address even long-known vulnerabilities, let alone new and emerging ones.

When I wrote of the emerging cyber-security risks inherent in the internet of things, in Rethinking Online Security in an Age of the Internet of Things: the more things change, the more they stay the same, I did so with this human usage and management vulnerability in mind. And with that noted, I return in this discussion to the Russian hacking of the United States Democratic Party server computers, leading up to the 2016 elections there, and how they used confidential emails and other documents illegally obtained from them, out of context at the very least to interfere with those American elections. I have been writing of these events and about the vulnerabilities that they represent here, in terms of technology. But in a fundamental sense they are human user challenges too, and fit as threat vectors into the social engineering paradigm, and even when channels such as social media are not involved.

Ultimately, the only way that the Russians could hack those Democratic Party computer servers was by coaxing humans with legitimate access to those systems to take actions that would install malware on them, primarily by coaxing them to click to links in emails that would prompt the downloading of malware onto their secure network connected email server computers. And this brings me to three basic categorical corrective responses, for at least limiting the possibility of a next similar attack from working. And here I write in terms of cyber-defense and security in general:

• Better computer and network user training,
• Better, more up to date and capable automated systems,
• And usage options channeling systems that reinforce good practices and discourage or even actively prevent bad, risk-creating ones.

Technology fixes are always going to be important and necessary in this, but increasingly the biggest vulnerabilities faced come from human users, and particularly ones who are trusted and who have access permissions, to critically important systems.

I am going to continue this discussion in a next series installment, with that set of possibilities and that observation. And I will offer at least a brief set of thoughts as to how the above bullet pointed information systems security approaches might be implemented in a rapidly, disruptively changing computer and information technology context. And as part of that, I will at least briefly discuss some of the positive tools and capabilities that have emerged in the last few years, as of this writing, and how they can be exploited, turning them into sources of security vulnerability too.

Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: