Saturday, 13 May 2017

After massive cyber attack, State Department sharpens its knives again

From the New York Times:

"Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyber attacks on Friday that hit dozens of countries worldwide, forcing Britain's public health system to send patients away, freezing computers at Russia's Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere."

Nasty stuff. But not entirely, shall we say, unexpected.

Cyber attacks have been growing in sophistication and show no sign of cooling down. It's the Wild West out there, folks, and the government is about two day's ride on a fresh horse. Everyone online knows the cavalry isn't coming and it's up to you - whether as a corporate or an individual - to find and install your own cyber defences. Buck up and defend yourself, learn some jiu-jitsu or something.

The central problem here happens in the physical world too. When a scientist invents a new class of weaponry, eventually that technology falls to peasants and militia. It's the law of the concrete jungle: you can't keep a secret, especially if that secret might help other apes gain power. We do love our power. Perhaps nuclear weapons won't filter down, but that doesn't mean bad actors won't try to get their stinky hands on some suitcase nukes.

In the cyber world, the chances of the equivalent of a nuclear weapon falling down the food chain onto the databases of non-state actors are actually pretty high. The internet was built for one node to talk to all other nodes - all of which they know, and all of which they trust. Security was an afterthought because bottlenecks create inefficiencies and the whole point is the speed of communication. Scientists just wanted to pass documents. Today the internet is a series of tubes touching almost every square metre of human importance. You could say it got out of hand...

The efficiency incentivised actors with gigantic resources, such as nation states, to construct and use cyber weapons. However, when you fire a bullet it doesn't smash into the target and wander away. It explodes with bright flames. But cyber weapons do actually float around once they're used and anyone who knows how to do so can fire them again, and again. Of course, some of the more sophisticated weapons are difficult for the unintended user to operate. But cracking the code is surely just a matter of time. (Or you could just break into the NSA. Whatever's easiest.)

The most sophisticated weapons of nation-states will inevitably filter to the second tier actors of organised crime. After a while, they then find their way down to non-state actors, terrorists, anarchists and others. Again, this is not unusual in the history of weapons. The difference is the speed, which is made all the worse when the top tier can't hold onto their weapons.

So that's the reality of the cyber world. Cyber is difficult. Humans will figure out what to do eventually (the US military is already thinking about a parallel internet avoiding all the pitfalls of the first attempt). But for now, cyber attacks will be depressingly common. Hopefully, criminals are parasitical and don't want to kill the host. That's the best outcome because it doesn't take much imagination to see how autonomous cars, for instance, are frighteningly vulnerable targets. What if the cars were told to turn left, right now? Yeah...happy dreams, my Uber-riding friends.

But the reason I highlighted this story is it shows the largely silent battle for Washington bubbling to the surface. The NYT likes to pretend it's innocent here, and all decent, reasonable people are horrified by the idea that the government might control the press. None of them seem to be concerned at all that the press might control the government. Journalists and professors are all part of what is essentially one large institution: the press and university system. There are few ideological arguments between major universities, or between universities and the mainstream press. Even in its heyday, the intellectual diversity of the Catholic Church was a good deal higher.

In the article above, a connection has been made between the cyber attack and the NSA. Indeed, it lands in the first sentence. True, the NSA did misplace some serious cyber firepower to a group calling itself the "Shadow Brokers," which then onsold the software to the highest bidder. Naughty NSA, why can't they keep anything secret?

But the article's point is not to outline the actions of thieves. The paper couldn't care less about organised crime. The story actually offers the State Department, which keeps a dripping umbilical chord tied directly to NYT editors, a chance to vilify the incompetence of its traditional enemy: the Pentagon.

A few months ago, the CIA also lost some cyber weapons. What's interesting isn't that the CIA is vulnerable to hacking. Of course the CIA is vulnerable to infiltration. Pretty much the only thing it does well is allow adversaries in (I'm only half joking). What was interesting isthe discovery that the CIA has created its own cyber shop. The CIA has an implicit agreement with the NSA to collect data at rest (documents in computers, safes, a person's mind, etc) while the NSA was to gather data in motion (signals, bits and bytes flying through the air). Now we have solid evidence that Langley clearly isn't on friendly terms with the folk at Fort Meade.

The Pentagon has had a rough time over the past ten years. The Iraq War didn't proceed very well (largely because State Department diplomat Paul Bremer decided to disband the Iraqi army. Anyone who thinks the US doesn't know how to occupy and govern a foreign country isn't paying attention. It does. However, the diplomats and soldiers made Iraq a plaything in their never-ending battle to undermine the other and draw power. That a million Iraqi's died due to this factional fighting is, like, totally terrible, dude. But hey, no one ever said running the world's largest empire would be bloodless). The Pentagon's other problem was the Edward Snowden leaks.

I'm not sure what you think of Mr Snowden, but just because he worked for the NSA, doesn't mean he was a Pentagon guy. One of the worst own-goals at the Defence Department was its brain-dead idea to use contractors. I'm not saying the decision was made lightly. The Pentagon calculated it didn't have enough personnel after 9/11. But it still made a dumb decision. Both Mr Snowden and Bradley/Chelsea Manning are the result of lower of standards and chasing a discounted price.

Anyway, the hatred poured on the NSA after the leaks came largely from media and privacy groups demanding the Pentagon accept new limitations. One of the most persistent lies they recited was that the US government spies on its citizens. Yet evenpassing knowledge of the leaks shows it would violate the laws of physics, let alone sanity, to do this. No one can "listen" or "read" your conversations if they only have the date, time and duration of the phone call.

Yet those privacy groups played an important role. With them on the front lines calling for reform, the generals couldn't fire back publicly at the State Department. But I am telling you now, everyone in Washington knew the real players. And it wasn't the privacy activists. The State Department wanted to carve off the NSA from the Pentagon and put it under its control, just like it did with the CIA in the 70s and 80s. The State Department smelled blood in the water after the Iraq War and it wasn't going to let the opportunity slip away.

And you could hear the clanging of steel on steel as the two factions fought it out. Rumors have circulated for years that Cyber Command - first established in 2009 to handle US offensive digital operations - was being elevated and divorced from the intelligence-oriented NSA. The Obama administration nearly enacted a similar plan late 2016. And in July the Pentagon was close to submitting a scheme to the White House to give the organisations separate leaders. That plan reportedly called for putting an Army three-star general in charge of Cyber Command and a civilian at the top of NSA for the first time in its 65-year history. Adm. Mike Rogers currently oversees both agencies.

But the Pentagon seems to be holding onto its intelligence agency. The only thing that altered was a law dictating that phone and internet corporations must now store the metadata, rather than the NSA. That's it. That's the only change. If you'd said that in 2012, I wouldn't have believed you. I don't know what the Pentagon had to give up elsewhere, but it held onto the budget, power and reach of the world's pre-eminent signals intelligence agency. That's a big win.

Now State has noticed a new opportunity to paint the NSA as not only rogue and untrustworthy, but a danger to the people of the United States. It's hard to see President Donald Trump buying this, considering his closest advisors are Pentagon lifers, but State and the NYT have noticed how Mr Trump reacts to the democratic winds and it'll be interesting to see if they can stir up enough populist reaction to impact Mr Trump's thinking on this.

The second aspect here is people can think the NYT is "fake news" all they like, but during the Snowden revelations the harshest critiques of the NSA came from internet companies. After all, Google, Facebook and the rest are competing to gather, store and use internet data. From their perspective, the NSA stepped into their turf. And on the internet, it's the private companies, not the government, that has actual power.

So will State now cut into its rival across the Potomac? It's hard to know. It'll try its best. And with a Republican in the White House, the generals usually have an easier time. But with the framing of Mr Trump's administration as fascist and in cahoots with the Russians, the Pentagon will probably struggle to keep the bleeding to a minimum this time.

I just really hope the two factions keep their arguing within Washington and don't use other countries as proxy battlegrounds. After all, the best place for a civil war is at home.

No comments: