A few days ago the BBC summarized expert testimony before the US Senate on the extent of the penetration of classified networks. “In an open session, experts from the US National Security Agency and government labs said America had to change the way it thought about protecting Department of Defense (DoD) computer networks” because foreign countries were carting off classified information wholesale.
Foreign spies should be assumed to have penetrated the computer networks of the US military, American politicians have been told.
Security experts testifying to the Senate Armed Services Subcommittee said the penetration was likely so complete that attempts to curb it should stop.
Instead, cyberdefence should be about protecting data not controlling access.
The experts said the US should look into ways to retaliate against nations that had access to its networks.
DOD Buzz adds that the degree of penetration is so complete that intruders are doing specific lookups on classified systems. They know what information they lack and where to go. The article argued that the “cyber Pearl Harbor” may have already happened.
Although much of the press coverage of the cybersecurity debate has revolved around “privacy issues” — how far the government will be allowed to scan private network traffic, relatively little attention has been given to the ability and reliability of those who are expected to do it. The testimony before the US Senate Armed Services Subcommittee emphasized that the guardians themselves may be either overmatched or compromised.
At an Air Force conference on cybersecurity, speakers argued that the Russians and the Chinese were having a field day stealing secrets. There was little anyone — even the victims — could do about it because the lawyers would always get in the way. There is no such thing as “stand your ground in cyberspace” — only call 911 and hope for the best.
And you can’t do anything about any of this. Government officials won’t talk about offensive cyber-attacks, so we can’t go there. Private sector clients in crisis with Mandiant often ask, how can we get back at these guys, or at least, can we destroy the data they’ve stolen, Bejtlich said.
“I’ve never seen somebody execute this, because of legal concerns,” he said. “The CEO says, ‘I wanna get these guys,’ but if there’s a lawyer in the room, what does he say? ‘Absolutely not.’”
Going after data that has been stolen from your network is like following a thief who has stolen your television and then breaking into his house to steal it back, Bejtlich said – “not authorized by our legal code.”…
Healey argued that the U.S. can’t afford to keep being coy with China. It must build a coalition of cyber-victims and formally call out Beijing on the world stage, citing specific examples of Chinese hacking. Healey said Washington has never laid out its cyber-grievances in this way, and suggested that threatening to embarrass China might be one first step.
He also said the cyber-world must dispense with its worries over “attribution” – tracing the origins of attacks. Healey repeated the factoid that 178 countries were “involved” in the 2007 cyber-attack on Estonia: “Who cares?” he said. “That is completely meaningless.” In those situations, if the U.S. is affected, “the president needs to pick up the phone and call the Kremlin.”
The nation awaits the President’s call to the Kremlin.
The Kremlin, meanwhile, has told Mitt Romney to stop criticizing Barack Obama over his whisper to be “more flexible” with Russia after he wins his second term. ‘Russian President Dmitry Medvedev told Mitt Romney on Tuesday to use his head and stop reverting to Hollywood stereotypes,’ perhaps in reference to movies showing Russia running spies in the US.
Obama appeared to suggest at the Seoul meeting that he was ready to make a concession on the issue if he wins the November presidential election.
Romney told CNN in a transcript released by the station that Obama should understand that “Russia is not a friendly character on the world stage” because it has old ties to the governments of Syria and Iran …
Most analysts in Moscow believe that Russian president-elect Vladimir Putin will have better chance of establishing close relations with Obama than Romney.
President Obama for his part, joked about the incident in which an open microphone caught him whispering to President Medvedev. “First of all, are the mikes on?” Obama said to to reporters. Maybe not just the media’s mikes, Mr. President, but other mikes as well. Which makes you wonder, if a lawyer has to ask reporters if the mikes are on, how good might he be at defending the secrets? Bonus question: write a program in any language to detect whether the computer it operates on has been powered down and to report that fact while powered down.
While the information revolution in the West has been largely created by the private tech sector, the environment it operates in has been paradoxically shaped by lawyers. Many of Russian and Chinese leaders began their careers in the intelligence service, but many if not most American senior officials are law graduates.
The result may be that to the Chinese or Russian leader, information networks are a road, whereas to the American official the information networks are a source of potential litigation. What consequences this may have are interesting to speculate upon.
“During the Crimean War a letter was reportedly sent home by a British soldier quoting a Russian officer who had said that British soldiers were ‘lions commanded by asses'”, a characterization which was later used to explain why the Great War generals sent millions of men to walk into German machine gun fire. Perhaps a similar phrase will be used to characterize early 21st century America: a nation whose genius tech industry was led by lawyers.
Historians will struggle to understand the paradox. An economy that produces less and less surplus has found that lawyers add little or no value, a result manifested in the rising unemployment among lawyers. The New York Times reported that the Big Apple had the “largest glut of unemployed lawyers in the nation”. One unemployed lawyer in another part of the country made 1,000 applications — without snagging a single interview. What are lawyers — beyond a certain number — really good for?
The law may be one of those professions in which their marginal utility to society increases up to a point after which each additional lawyer actually subtracts from social value. The world is better off with some lawyers, but starts to get worse off with too many. And yet lawyers are still being churned out by the tens of thousands to rule the roost in Washington DC. One lawyer is in the White House right now asking if the microphones are on.
The Chinese and the Russians are now apparently guided by the formula of “who knows, grows”. How will they fare against their Washington counterparts whose maxim is, “who spins, wins”?