Cyber Scene #38 - Back to the Future
Cyber Scene #38 -
Back to the Future
Are Cybersecurity Politics Also Local?
The House Permanent Special Committee on Intelligence (HPSCI) is of course vectored of late on dawn 'til dusk (really) subpoenaed testimony, but outstanding and pressing docket issues remain for this committee and others on the Hill. One is the never final division of federal, state and local authorities and responsibilities. The Federalist papers presciently noted that division of federal and state (and subsequently local) political issues is a thorny and enduring problem. Are we picking our poison re: hanging separately or together? Are ransomware attacks hatched in a tweener's basement in State A or from a Vlad the Hacker's global cyber megaplex? Cities including Atlanta, Baltimore, and two in Florida which have been victims of "cyber hostage situations" might, in the final analysis, also start keeping the HPSCI literally up at night as the present mega hearings are doing. As reported by Wired on 28 October, U.S. states including Alabama, Virginia, Oklahoma, Texas, Arizona and New York, in addition to several major cities, are being attacked in hospitals, city internet systems, and voter registration networks. Although a bill to require the Department of Homeland Security to move forward to create "cyber hunt" and "cyber response" units was in play to defend against future ransomware shutdowns, the complexities in sorting out the centuries-old federal or state/local responsibilities endure. Funding is a major roadblock.
Even when the constituency is the same, the parties the same, and the state the same, divisions in how to fix the problem remain. According to the Wired article, although HPSCI Member Jim Himes (D-CN) "...is concerned about the rise in these brazen attacks, he also sees fundamental limitations in the federal government’s ability to help stop hyper-local attacks." On the other hand,Senator Richard Blumenthal (also D-CN) believes that “Ransomware is one of the growing threats to cybersecurity, and the federal government ought to be doing everything possible to assist towns and cities. There’s an urgency and an immediacy.” Indeed. House Member Dutch Ruppersberger (D-MD) offers a compromise of having the federal government train and assist (sound familiar to the military?) local entities to defend against the attacks, which will also give state and local authorities time to finance this very costly cyber shield. Once an attack occurs, FBI steps in to track it. But this does not meet Senator Blumenthal's "urgency and immediacy" standard. For those individuals turned away from a hospital, certainly not.
It's APT33 To Take Control
To "pylon," as it were, Wired's Andy Greenberg on 20 November reports that Iran's APT33 hackers are likely exploring "disruptive cyber attacks" on critical infrastructure. Iranian attacks are historic, but the perpetrators anticipated this time are looking at physical control systems used in electric utilities, manufacturing and oil refineries. The CyberwarCon conference in Arlington, VA, held on 21 November, was scheduled to include Microsoft security expert Ned Moran discussing Microsoft's recent findings over the last two months of a shift in Iranian activity from APT33 (aka Holmium, Refined Kitten and Elfin). Moran and Microsoft posit that APT33 is shifting to "...going beyond wiping computers...and may hope to influence physical infrastructure." The article goes on to document that such attacks on ICS (Infrastructure Control Systems) are rare, but powerful: the US and Israel's Stuxnet (2009 and 2010) reportedly destroyed Iranian nuke centrifuges; in 2016 Russia is said to have caused a blackout of the Ukrainian capital of Kyiv; and unknown hackers attempted to inflict physical mayhem and threaten the safely of personnel at a Saudi oil refinery (2017). CrowdStrike vice president Adam Meyers disagrees and thinks the Iranians will focus on espionage and will likely install software from APT33. Moran documents recent Iranian-US escalation devolving from political issues in attacks and counterattacks since June 2019, upping the ante.
For a look at how the U.S. Government is positioned to meet and anticipate these and other cybersecurity issues, Wired's Garrett Graff interviews on video NSA's Anne Neuberger, the Director of the newly established Cybersecurity Directorate. She articulately outlines the role of the Directorate, how she directs outreach to the public with the example of three alerts made public since the establishment of the Directorate in October 2019, and an overview of the problems and challenges now and projected into the future as new technologies take hold, and even newer ones are created. The video is a refreshing overview of how moving forward in a positive way plays out, despite the gloom and doom of the targets and victims.
Looks Familiar
For readership with a U.S. Global Entry access card, you may have been recently surprised at the "cleared in seconds" facial recognition system in place in certain US ports of entry. China's system is, per the 9 November "Economist" in "Data Privacy: The First Face-off" even more expansive...too much so, per one of its citizens who has brought a suit against his very large and powerful country. Guo Bing objected to the pervasive facial recognition requirement for entry, now specifically, into China's 300 site safari park system. There has been little privacy debate in China about this technology, but Mr. Guo is now cast as a hero of the "netizens" championing consumer rights. This has led to much social media discussion and support for Mr. Guo, as the article cites examples of those who are terrified due to "...a feeling that everything you say and do is being monitored...1984." Mr. Guo's case, requesting a modest refund for his season park pass, has not yet been concluded. The request is infinitesimal but the implications may be global.
Tech-tonic Impact
Is it, as Barron's journalist Leslie P. Norton opines on 25 October, "...the end of the world as we know it?" She interviews Ian Bremmer, founder of the highly respected Eurasia Group consultancy which provides geopolitical analyses and regional risk assessments to contemplative folk/agencies/countries who/which seek expert advice. In the context of the shift of political, economic and even military clout away from the trans-Atlantic region, Bremmer notes:
"...technology increasingly doesn't serve the purposes of liberal democracies. It has moved from undermining authoritarian states to supporting them, as the data revolution (enables) surveillance data and social media. These things make the U.S. weaker and more divided, and make China and other authoritarian states stronger. That's exactly the opposite from what technological advances achieved 10 years ago."
As one steps back to digest this and the other subjects, Bremmer addresses issues such as the incubator role of the U.S. in the development of technology, and awaits the publication of Eurasia Group's Top 10 Risks list. He closes by saying that the biggest short-term risk for global investors is that "You don't think of the U.S. driving global political risk. That's changing."
Which Way Do We Go?
How do tech giants deal with the increasing desire of countries to censor speech online? In "The Splinternet: Net Loss" of 9 November, the "Economist" examines how authoritarian countries are restricting on-line postings, whereas until lately the internet has functioned according to "techno-libertarian assumptions." Britain's health minister believes that tech giants like Facebook and Google share a "duty of care" as do lawyers and doctors. The article probes this attitude vis-à-vis U.S. First Amendment freedom of speech issues. Where should the line be drawn, and how can tech giants do both?
Two theoretically unrelated articles in the same issue explore different examples of these seemingly insoluble issues. One, entitled "Sexual Disinformation: Naked Untruth" looks at how European women--a Finnish journalist, Russian critics regarding the Skirpal case in Britain, and others across six European countries--are disproportionately "singled out for vile abuse for political ends." Facebook and WhatsApp were noted as platforms.
With regard to political ends, a second article entitled "Lie-posting" takes to task both Facebook and its U.S. critics for not thinking clearly. It takes a brief historical look at America's political history, noting that no politician after George Washington has "...felt the compunction to never tell a lie." It calls to the stand two American heros: John Adams and Alexander Hamilton. Both have well-deserved reputations as visionary founding fathers, but they are also known for their testy personalities and flippant accusations. First comes John Adams, whose campaign slandered Thomas Jefferson: the two, early friends, did not work well together in mid-life and only reconciled in their final decades and near simultaneous deaths (4 July 1826). As for Hamilton himself, this Federalist writer-in-chief and creator of today's enduring U.S. treasury and banking system took easily to dueling verbally with rivals as a result of sometimes inaccurate slanders. Predating the instantaneous high-tech delivery systems of the 21st century now evolving at warp speed, the issue of "lie-posting" has existed in earlier expressions since the birth of America, and certainly beforehand. It has just become far more challenging to handle equitably and honestly as volume and velocity flourish worldwide.
Regrets, He Has a Few
The New York Times devotes its entire 17 November Magazine to some internet regrets which Bill Wasik in the NYT lead article terms "both dreams and nightmares" and a future viewed from "as many angles as possible." He opens with Mark Zuckerberg's presentation at Georgetown University on 17 October entitled "Standing for Voice and Free Expression," the reception of which might cast him as unpopular. Wasik interpreted the speech as hinting that the status quo might no longer be possible. He discussed China's exportation of an internet bearing different values and holding six of top ten internet platforms.
The magazine goes on to explore the promised many angles of the internet, past and future, across many articles. Looping back to managing lies, slander and fake news generally, another article explores the role of censorship in conveying truth. China's super apps, the impact of Youtube on teens, and how tech giants are now at an "uneasy stalemate" regarding global domination. The article includes projects for the status quo model of revenues per capita ($616) in 2022 and the AI-driven accelerator model ($21,522) in 2030; the staggering total revenues are $198 billion in 2022 and $7.1 trillion in 2030.