Cyber Scene #48 - From Digits to Global Cyber Wars

Cyber Scene #48 -

From Digits to Global Cyber Wars

Despite COVID-19 lockdowns at altitude the world seems to spin at an accelerating pace. The old adage, "for want of a nail, the war was lost" has its contemporary counterpart: "for want of a digit (or control of them) the war has started." In fairness, it seems rather the control of digitization that appears to be fueling, on political, economic and all other levels, the rise of the tech cold war. It continues to warm up on the geopolitical level as cyber permeates life in any climate.

This Cyber Scene will toggle between the cloud above us and the world at our literal fingertips.

In one's personal digitized world, many lives may have felt a cyber impact recently: the New York Times (NYT) reports that Google suffered an hour+ outage which seemed to affect customers of Google's cloud computing service, as well as several other services, on the US East Coast the evening of 24 September. A person, who had knowledge of the outage but not authorized to speak for Google, told NYT correspondents that a cyberattack had been ruled out. The services impacted included Gmail, YouTube, Google Drive, Google Meet and Google's search engine. According to NYT reporters Daisuke Wakabayashi and Michael Levenson, the outage "raised anxiety among people already tense about technology's role ahead of the Nov. 3 election and the heavy dependence on online services for education, work and entertainment during the coronavirus pandemic." In the Internet of Things world, your digit does not stand alone in time or space.

Moving into the future of our cyber-based economy, Barrons weekly edition of 21 September was brimming with insight into breaking records and crystal ball projections. Regarding the first, is "Wall Street snow in late summer." Snowflake is the "biggest Initial Public Offering (IPO) of a software company on record"; Snowflake had a putative value of $88B at the close of its first day. Barrons' Randall W. Forsyth goes on to explain that this is a further endorsement of the incredibly hot "megacap" tech world as seen by Wall Street.

Secondly, on 20 September Barrons interviews Ian Bremmer, founder of Eurasia Group (a highly regarded political risk consultancy firm) and also launcher of a digital media firm. Bremmer zeroes in on cyber: "Imagine that instead of a (health) crisis we were hit by a cyberattack of the same scale; that would have hurt most of the digital economy, the virtual economy, our trust in data, all of that." He goes on to say that what we should also worry about "overwhelmingly" is the point of no return the world has reached in the tech cold war.

Thirdly, adding fuel to the cyber fire, on 18 September Barrons' Mike Zimmerman interviews Nela Richardson, an Edward Jones investment strategist, who believes the Federal Reserve will launch a digital currency. She subscribes to digitization as a trend "...that has been amplified and accelerated by COVID-19." Federal Reserve Chief Jerome Powell actually hinted at this possibility in a hearing before Congress's Financial Services Committee on 11 February 2020. Since then, Fed Governor Lael Brainard provided an update to the Fed's progress on 13 August. We are already largely "cashless" and tactile with our keyboard to autopay credit cards, permitting no-touch spending.

Returning to space of the cyber variety, Lawfare (a blog associated with the Brookings Institute) discusses two studies released on 31 August treating cloud computing and cybersecurity in two distinctive approaches in interviews published on 21 September.

The first, the Carnegie Endowment for International Peace’s Cyber Policy Initiative report entitled "Cloud Security: A Primer for Policymakers," written by Tim Maurer and Garrett Hinck looks at defining the cloud, its evolution and market, and security incidents pointing to key issues. The Atlantic Council’s Cyber Statecraft Initiative similarly launched "Four Myths About the Cloud: The Geopolitics of Cloud Computing" by Trey Herr. The Atlantic Council’s report dispels "...four myths: a) that all data is created equal, (b) that cloud computing is not a supply-chain risk, (c) that only authoritarian states distort the public cloud, and (d) that cloud providers do not influence the shape of the internet." Lawfare asks all three authors to address five probing issues regarding the cloud and cybersecurity. These cover many areas, including:

• the rise of cyberattacks and inability of smaller organizations to rival large cloud service provider teams
• the misconception that migrating to a cloud solves all problems
• the messy future of governance over the cloud: large organizations are powerful but still suffer from fragmented in decision-making
• conflating existing cloud issues with emerging ones
• projecting next "great geopolitical flashpoints over the cloud," with the US and China battle as the point of departure and Russia, India and parts of the Middle East lying ahead.

Back to earth, the Economist's 1 September article, "The digitization of government : Paper travails" described how online governmental services, again accelerated by COVID-19 experiences, are expanding cyber, are trying to do so, or should be doing so. Examples include US and UK problems, such as the former's broken unemployment systems across many states and the latter's National Health Service being the biggest world purchaser of... fax machines. Neither country has a national digitized ID program, as opposed to France which does.

On 19 September, the Economist went further. Its report, "New global ranking of cyber power throws up some surprises" uses a Harvard University Belfer National Cyber Power Index to rank the top ten countries in the world according to overall score, offense, and defense. "That America stands at the top of the list is not surprising. Its cyber-security budget for fiscal year 2020 stood at over $17bn (billion)." The US and UK are #1 and #2 respectively on offense, but #4 and #8 on defense. The study notes that Israel is not on the overall or defense list at all, but most countries "shy away... from acknowledging their capabilities." Closing, the study cites former UK GCHQ Deputy Director Marcus Willett who concludes, with think tank colleagues at the International Institute for Strategic Studies, by saying that "although stealing things and disrupting networks is important, what matters most of the longer term is control of digital infrastructure...On that measure, only China is currently positioned to be able to make the jump to join us in the first rank." China is, indeed, already first in defense and second to the US overall according the Belfer study.

It should be no surprise that the US and China continue the tech cold war. In recent weeks, the future of TikTok, and sanctions against it and WeChat have captured front business and political pages. As of 20 September, as reported by the NYT team, the White House escalated the tech fight by barring Chinese-owned mobile apps WeChat and TikTok from US app stores. (This does not entail removing one you may already have.) Another phase would occur on 12 November. Meanwhile, as developments change rapidly, TikTok has chosen Oracle instead of Microsoft to be its US partner handling the Chinese firm's US operations. To better grasp the impact of these fast-moving events, Lawfare's Robert Chesney has parsed out a synopsis of the verdicts for TikTok and WeChat. The 12 November boom would be lowered not by the Department of Commerce but by the Committee on Foreign Investment in the United States (CFIUS), which is an interagency US component with oversight authority in estimating the national security risk of foreign investments in the US. Lawfare goes on to note that while some constraints are immediate, there are still others that allow time for negotiation.

While the judicial system writ large has been exceedingly busy, the Supreme Court (SCOTUShas not been looking at cyber issues recently as its October 2019 docket draws to an end.

As the US 2020 elections approach, Facebook has announced its decision to initiate a new phase of cyber security protection by banning political ads on Facebook and Instagram to avoid voter misinformation. This will begin 27 October and be in place until one week after the 3 November election. Facebook seeks to work against posts dissuading people from voting prior to the election and would also "quash any candidates' attempts at claiming false victories postelection by redirecting users to accurate information on the results," according to NYT's Mike Isaac.

Also bearing on the election, as reported by NYT's Zolan Kanno-Youngs, FBI Director Christopher Wray told the US House of Representatives Homeland Security Committee on 17 September that "We certainly have seen very active--very active(sic)--efforts by the Russians to influence our election in 2020."

On a lighter but conversely darkweb closing note, a massive international law enforcement effort dubbed Operation Disrupter resulted in 179 criminals across six countries including the US being arrested along with 500kg of drugs, $6.5M in cash and cryptocurrency netted as well. FBI Director Wray, noted that the takedown was due to a combination of traditional criminal activity and more sophisticated technology: recovering a backend server was key to "...an invaluable trove of evidence" according to Wired on 22 September.