Skip to content

Upheavals, Cyberwar and the Responsibilities of Journalism

November 6, 2010

The Economist’s “Cyberwar” issue this summer laid out the case for three major security issues faced by the Internet: 1) ongoing spying, reconnaissance and theft; 2) a significant disruption to the internet; and 3), as we become ever more interconnected, the potential for utilizing the internet to disrupt our physical infrastructure.

If there was a take-away, it was that the 1) just happens, and the likelihood of 2) and 3) is more probable than not. Both their cover art and their word choice were more sensational than even-handed. For example, “an attacker might prefer to go after unclassified military logistics supply systems, or even the civilian infrastructure. A loss of confidence in financial data and electronic transfers could cause economic upheaval”. Unnerving, but are we supposed to be worried about a military attack or someone cracking our bank accounts?

The phrase “cyber war” has been echoed frequently since late 2007 on the heels of the denial-of-service attacks on Estonia, and the term “upheavals” more so beginning a year later with the financial crisis. “Cyberwar” is a red herring designed to distract us from issues about which we might be deeply concerned if we were properly informed. One might have been the looming economic crisis, but as the term continues to be used, another is an attempt to gain control over the internet and therefore the data that is stored on it and flows through it.

Buried in the same article between quotes from current and former military officers, Administration staffers and spy chiefs, they do record two demurring voices: Howard Schmidt, incumbent Cyber-Security Coordinator of the Obama Administration, and Bruce Schneier, “an IT industry security guru”. Schmidt says, “There is no cyberwar.” He is quoted by Ryan Singel in Wired as going on to say that “the government needs to focus its cybersecurity efforts to fight online crime and espionage.” Singel’s piece is especially interesting in the context of Wired, since they have also run such hype as “When the Bots Attack”. He is notable as well for being one of the earliest to demur.

Bruce Schneier makes much the same case, that “there’s a power struggle going on in the U.S. government right now. It’s about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top.” He summarizes the more hyperbolic claims, and then dismisses the Estonian denial-of-service attacks as “simple hacking attacks by ethnic Russians angry at anti-Russian policies.” They are, he says, a normal risk, not unprecedented, and if comparable to a military invasion, as inconvenient as the foreign troops simply getting “in line in front of people at the DMV so they couldn’t renew their licenses.” The real problem is the blurring of the concepts of war and security, much like the War on Terror. Cyber-security sounds dull and old-fashioned. We know we’re supposed to ignore phishing requests, and install anti-virus software regularly, but framing the debate in the context of war, “we invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.”

Schneier concludes that cyber-security is of course also a military issue, and that we should prepare for the possibility of such an attack, but that “the risks of a cyberwar are no greater than the risks of a ground invasion,” and developing those capabilities within the confines of normal law enforcement will help in that preparation. The Economist paraphrases him saying, “Cyberwar will certainly be part of any future war… but an apocalyptic attack on America is both difficult to achieve technically (“movie-script stuff”) and implausible except in the context of a real war, in which case the perpetrator is likely to be obvious.” Singel went still further, laying out the key players and motivations in the power struggle, and explaining some of the technical details to which Schneier alludes.

The key feature to this debate is that the Internet has rendered our established geographic notions of borders obsolete. All telecommunications of course do this, but the Internet was the first one that encouraged strangers to communicate with strangers. You do not pick up the telephone to call someone you don’t know unless you need something specific from them. The only equivalent before the Internet was ham radio.

It is ironic that 9/11 happened right as the bubble burst: it raised the anxiety about all manner of border porosity. The technology utilized to achieve the attack on the Towers had been around since the late 1960s, and had nothing to do with the Internet, or any kind of communications technology really, but all technologies that promote openness became suspect.

Seymour Hersh, in his recent excellent summary of the key features and actors in the debate, quotes Whitfield Diffie, a pioneer in encryption, as saying, “The problem with the Internet is that it is meant for communications among non-friends.” The attack on the World Trade Center seemed like “movie-script stuff”, and in the numbing collapse of the bust raised the awareness that all our technologies have both advantages and disadvantages, and that at the outer edges of probability, screen-writers are prescient scenario planners. It might not be a stretch to see the miles of metal wall being erected along our southern border as not only an attempt to stem northward migration, but also as a monument to the fear that “non-friends” can now come into our country via the Internet.

That is the nub of the confusion, though. A non-friend can only gain access to a sub-net if he has permission. Kevin Mitnick, a hacker with formidable skills, still relied on the old-fashioned con, persuading people to give him their passwords. In this era of connectivity, there is also the perception that everything is connected, but that too is still more of a dream than reality; even if we do continue our march toward a world of hyper-connectivity, it will be a self-healing network of self-healing networks. There is no big on-off switch, and the fact that Joe Lieberman recently introduced a bill to require one shows how little he understands the benefits of such networks. In terms of the damage that can be done, yes, it might be possible, for example, to penetrate a server at a power company, and then—if that server is actually hooked up to the systems that run any one of many pieces of critical equipment—to execute a program to shut it down, or worse, introduce a logic bomb that could cause it to malfunction to the point where it does not simply shut off, but fails catastrophically. But those are a long list of if’s, and they’ve affected one component in a very large self-healing network. This capability existed before the internet: setting physical spies aside, if there was a modem connection between a critical piece of equipment and a telephone, there was always a long chain of if’s. The point is that the story has to be within the realm of the possible, and now, because the way the internet works is beyond the ken of most newspaper’s audiences, they find the story of Cyberwar compelling.

The real question is why, with the dissenting voices of Singel, Schmidt, Schneier and Hersch, are papers like The Washington Post, The New York Times, The Financial Times and The Economist playing into fear mongering? They are echoing this message in both their online and print editions. In fairness, the debate is moving in a healthy direction: the most recent articles are exploring the issues of separation of military and civilian control, and some are downplaying the threats themselves, but this seems to be a response to the more skeptical pieces. The debate has taken nearly a year to get here, and one questions why more journalists are not being more critical. Overwhelmed with information, we may be more inclined to depend on them for healthy skepticism, but forget that the Fourth Estate has interests of its own.

The debate over the slow death of traditional journalism obscures the fact that there has always been an echo chamber. We forget that the bastions of “All the News That’s Fit to Print,” also sometimes print items they should not. We should never believe everything we read, and while the Internet might be amplifying the echo chamber, it might also be algorithmically capable of rating journalists for their credibility.

For references, please see:
Upheavals and Cyberwar2

One Comment
  1. Lars permalink

    Interesting take on the subject.

    I, for one, take anyone cutting in front of me at the DMV as an act of war, so maybe Bruce Schnier’s description of the threat isn’t so innocuous…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: