Cyber Scene #68 - Looking Inward

Image removed.Cyber Scene #68 -

Looking Inward

 

The world seems to spin, like the widening gyre, in unexpected ways and speeds of late. The rapid expansion of NATO, poised to include Finland and Sweden in short order, was likely not even on pundits’ "next decade" list Russian President Putin has recently been cast as "the great unifier" of the EU, NATO, and their neighbors. Even Moldova is glancing westward.

But democracy and sovereignty begin at home. This Cyber Scene will first turn to what is happening within the Washington Beltway that influences these virtual tectonic movements. Ukrainian President Volodymyr Zelensky said on 22 May that the only way out of the war will be through diplomacy — in addition to a win for Kyiv on the battlefield. Meanwhile, a delegation of U.S. diplomats was traveling to The Hague on Sunday for talks with allies on "atrocities committed in Ukraine," the State Department stated. Starting with solid strategic planning, we will examine the "D" of "DIME" (Diplomacy, Information, Military, and Economic tools of statecraft).

Geography matters. The Finnish border matters, and so does the restart of the U.S. Embassy in Kyiv-. Foreign Affairs' Eliot Cohen, Professor and former Dean of the Johns Hopkins University School of Advanced International Studies and State Department Counselor to Secretary Condoleezza Rice, explores in "The Return of Statecraft" that even before the invasion of Ukraine, "…author after author has called for a new "X" article akin to the one laid written by diplomat George Kennan in these (Foreign Affairs) pages in 1947, which laid out the Cold War grand strategy of containment." Dr. Cohen notes that a solid strategy, for both international and domestic consumption, needs to be able to better anticipate as well as respond quicker to developments. He harkens back to Theodore Roosevelt as an exemplar of far-sightedness.

As noted last month, "The Hill" reported the resurrection of State Department's Cyber Office, already staffed. Although Dr. Cohen didn't call out cyber specifically, it underscores diplomacy here and abroad.

The 29 April Economist's "The Zoom where it happens" addresses the changes in how diplomacy is orchestrated with the immediate cause being the pandemic. But technology is advancing at an acceleration even T. Roosevelt might not have imagined.

The UN General Assembly opened in September virtually. U.K. official Jonathan Black says: "For a long time we've been talking about the advent of digital diplomacy. It has, really, now arrived." While the upcoming NATO summit and the G7 (or will it be G6 less Russia, as with Davos?) will be in person, technology has not slowed up the process. Ambassador Nicolas Burns (to China) states: "Diplomacy has not stopped; it's accelerated...." The article does note that Russia did slow down UN Security Council operations by insisting on physical presence, but the reduction of world-wide travel, as charted by the first 3 months of travel of the last 21 years of Secretaries of State, provides a sense of how incredibly useful digital connectivity for diplomatic purposes has become. Ultimately, diplomacy is moving toward a digital and physical hybrid.

The U.S. Justice Department, which is usually viewed as charging hackers, has taken the very opposite approach of late. Washington Post's Joseph Menn reported on 19 May that "good faith researchers with authorized access" who are attempting to identify security flaws will no longer be prosecuted according to "long-standing anti-hacking law." These researchers must be working primarily at improving safety on sites, programs, or devices rather than profiting personally from their discoveries. There are some exceptions—companies and even officials could still press charges, but most state prosecutors are likely to follow federal guidelines. Mr. Menn goes on to explore some examples of how the 1986 Computer Fraud and Abuse Act is now reinterpreted. While this is broadly good, some seek "better." Security experts said they would prefer that Congress overhaul the 35-year-old-law, since judges apply the existing law as they see fit and another Justice Department could reverse the policy.

On the other hand, some lawmakers want to tighten prosecution of cyber adversaries, according to the Washington Post's Joseph Marks and Aaron Schaffer on 19 May. A bipartisan group is particularly aiming at "…nations far inferior to the United States in military and economic might (which) can nevertheless batter us in the cyber domain."

Taking the lead are Rep. Elissa Slotkin (D-MI), formerly from CIA and the Pentagon, and Rep. Michael McCaul (R-TX), co-founder of the Congressional Cybersecurity Caucus. Their intent is to provide more robust "…rules of the road in cyberspace and the consequences for nations that violate them." This may include restrictions regarding international financial systems and trade.

An interesting note is that this is a bipartisan intervention: many members of the House of Representatives are in the middle of their mid-term primaries, and one third of the Senate is embroiled in mid-terms as well.

Another unusual element of inside-the-beltway activity which came to Rep. Slotkin's attention involves the Department of Homeland Security (DHS), according to the New York Times' Steven Lee Myers on 18 May. DHS has abruptly suspended its 3- week-old Disinformation Governance Board while Homeland Security Secretary Alejandro Mayorkas reviews breaking allegations. Mr. Myers' title captures this as "The Panel to Combat Disinformation Becomes a Victim of It." This is a delicate time, as the mid-term elections referred to earlier are prime targets for disinformation.

Per Politico's Andrew Desiderio as of 19 May, the Senate is ramping up to vote approvingly on Finland and Sweden's accession to NATO. Both countries are both EU members and NATO partners, often cast as more "accessible" than some current NATO members. They have 21st century commands of cyber, strong military, and solid economic standing. They deployed with the U.S. in Afghanistan even though they were not "Article 5-bound" to do so. The expectation is undoubtedly a strong U.S. Senate "yea." All 30 NATO countries must approve new members. Timing is critical, as Finland particularly, being threatened and sharing a border with Russia would not qualify for "Article 5" coverage by NATO until accession is finalized. In the "olden" days, this could take well over a year, but under these threats, Finland and Sweden are being fast-tracked.

In a very interesting perspective on timing raised by National War College Professor Dr. David Auerswald, as reported in the Atlantic, he agrees that the Senate will support Finland and Sweden as new NATO members as the Senators have done in the past, voting unanimously for 7 former Soviet Bloc countries in 2003. However, he addresses several reasons why the Senate might be bogged down in bringing a vote to the floor quickly. "It does not bode well," he avers. The Senators could insert provisos into the "advice and consent" to change administrative policy, or to pass a "ratification document" replete with "reservations, understandings, and conditions." Any of this foot-dragging could delay a vote until after the August recess. This could lead, he explains, to additional opportunities for Russia to manipulate public opinion through disinformation, increase military threats, or engage in petro-coercion. Dr. Auerswald does not cite cyberattacks, but Thomas Rid does.

With U.S. suits and boots on the ground, tracking cyber developments will likely be faster. And what would those be? Johns Hopkins University, in the 30 March video just released including Professor Thomas Rid at the School for Advanced International Studies, outlines five levels of cyber activity in this conflict. Tune into Dr. Rid's presentation (the second video) at 24:22 minutes. Consider this a pithier update to his New York Times article discussed in the March 2022 Cyber Scene. In priority order, the five levels are 1) digital hacktivism (more of a distraction); 2) a range of wiping attacks, six of which are publicly known; 3) command and control against Ukrainian-used satellites/bricking (disabling) many modems; 4) cyber operations by the Ukrainians this time releasing on 28 March Russian FSO officers' names, addresses, etc; and 5) real-time information regarding frictions between Putin and his Ministry of Defense indicating a failure of Russian counterintelligence.

And as reported by Wired's Andy Greenberg on 18 May, "WasteRussianTime.today" auto-dials enable the user to connect Russian officials to each other and listen in. This is also quite personal, so even hactivists on both sides, which was Dr. Rid's least worrisome cyber issue, can slide into psychological operations via cyber and have an impact.

All U.S. entities inside the Washington Beltway live in a cyber world, one way or another. And hybrid or not, , it becomes personal. 

Submitted by Anonymous on