[David Strom's Web Informant] 29 March 2010: Google vs. China, our first cyber war

[David Strom]

Web Informant, 29 March 2010: Google vs. China, our first cyber war

Last week we witnessed the first Cyber War, but it didn't go down
quite as many of us expected. Instead of a group of anonymous hackers
trying to take over thousands of infected PCs or trying to cut off
access to critical infrastructure, we saw Google declare the first
salvo in its war against Chinese censorship by moving its servers to
Hong Kong.

The more I thought about this, the more I realized that this was war,
declared by a private company on a nation state. Just because Google
doesn't have its own army (yet), or that no actual physical weapons
were fired doesn't make it any less of a battle. And it is only going
to get worse for all of us as other private firms realize that they
need to take control over their servers and intellectual property.
What is curious is how few companies signed up for the cyber
equivalent of the coalition of the willing – GoDaddy was one of the
few. Not Microsoft. Not Intel. No PC manufacturer of any shape or
size.

Let's face it. No one wants to declare war on China, whatever form
that will take. Most of our PC hardware components are made there.
More people are using the Internet in China than the US total
population, and it is growing quickly, too. And while the breaches on
several Google accounts had Chinese origins, getting accountability
isn't easy.

Coincidentally, while all this was going down I was reading a preview
copy of Richard Clarke's new book called Cyber War. I highly recommend
pre-ordering a copy. Clarke was a national security advisor to several
presidents and teaches now at the Kennedy School at Harvard.

The book is chilling account of exactly what is wrong with our
government and how unprepared we are for Cyber World War I. How so?
Think of a Cyber War in terms of nuclear proliferation and the Cold
War preparation. But unlike what we did in the 1960s to defend
ourselves against possible nuclear annihilation, we are doing
everything wrong for a cyber defense. Instead, we have made America
more of a target, because so much of our infrastructure, our weapons,
our culture, and our PCs are out in the open, ripe for the picking.
Look at how easy it is to hijack the drone video feed as a starting
point (although the control systems are secured, for the moment.)
Clarke talks about various war game scenarios and at one he mentions:

"If you have a mental image of every interesting lab, company, and
research facility in the US being systematically vacuum cleaned by
some foreign entity, you've got it right. That is what has been going
on. Much of our intellectual property as a nation has been copied and
sent overseas. Our best hope is that whoever is doing this does not
have enough analysts to go through it all and find the gems, but that
is a faint hope, particularly if the country has, behind the
filtration, say, a billion people in it."

He mentions how there were times when computer professionals working
for the Hopkins Applied Physics Lab back in 2009 discovered a data
breach. The only way they could solve it was to disconnect their
entire organization from the Internet and clean each PC, one by one.
"If you are connected to the Internet in any way, it seems, your data
is already gone [overseas]."

The problem is that the best defense in a Cyber War isn't the best
offense. Nope: it is hardening your connections. Look at what China
has done with its "Great Firewall." Most of us think this is to keep
the porn and liberal thinking out of China. And yes, it does do that.
But what is really going on is that in the event of a Cyber War, China
can quickly pull the plug and disconnect from the world, to defend
itself. Trying asking AT&T or Level 3 to do that here. Ain't gonna
happen.

Another part of the problem is that there is no one actually "tasked,"
as they say in DoD-speak, with defending our power grid control
systems, transportation networks, and so forth. Where are the cyber
equivalents of nuclear strike forces in case someone hits one of these
targets? Nowhere. DoD has its own ships, planes, and troops to worry
about. Homeland Security is trying to keep shoe bombers and the like
out of our skies. What is left is up for grabs. Call it the cyber gap.
"Can a nation shut off its cyber connectivity to the rest of the
world, or spot cyber attacks coming from inside its geographical
boundaries and stop them?" China probably can. We can't.  In an odd
twist of irony, the less developed a nation is, say Afghanistan or
North Korea, the better defended it can be, because so little of that
country's resources are hackable. How many power grid control rooms
have VOIP phones, bringing the Internet literally to the right
desktop?

In the past, spies had a harder time of it. They had to physically
copy plans, or data, or compromise an actual human being. Now, they
can sit in their jammies and download entire manuals without anyone
noticing.

When Obama was elected in the fall of 2008, Clarke was an advisor to
the transition team. He asked everyone on the team to stop working on
their home PCs and even provided brand new Apple MacBooks that were
locked down so they couldn't connect to the public Internet. When the
users complained about this when they tried to access public Wifi
networks, he "tried to quietly point out that if you are a senior
member of the informal national security transition team, you probably
should not be planning the takeover of the White House from a
Starbucks."  Gulp.

That is the problem. We are too used to our connectivity, and have
gotten too complacent with our computers. A lot remains to be done.
You have been warned.

Tweet this: http://bit.ly/aFcWX4
Buy the book: http://bit.ly/9WCqKO