Cyber warfare will be battleground for next U.S. president

U.S. cyber capabilities strong; next commander-in-chief may need to deploy them

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

When pres­i­den­tial can­di­dates Hillary Clin­ton and Don­ald Trump debat­ed America’s cyber war capa­bil­i­ties last week, the glob­al cyber­se­cu­ri­ty com­mu­ni­ty strained hard to read between the lines.

The Demo­c­ra­t­ic can­di­date, in par­tic­u­lar, allud­ed to a notion rarely dis­cussed in pub­lic forums: that Uncle Sam does, indeed, pos­sess a very big cyber stick and is pre­pared, at any moment, to wield it as necessary.

We are not going to sit idly by and per­mit state actors to go after our infor­ma­tion,” Clin­ton declared. “Our pri­vate-sec­tor infor­ma­tion or our pub­lic-sec­tor information.”

Relat­ed video: Deploy­ing mil­i­tary cyber tac­tics against a retailer

Nation-state-backed cyber bom­bard­ments con­duct­ed by Chi­na (OPM hack; Oper­a­tion Auro­ra ; Titan Rain) and Rus­sia (DNC hacks; Esto­nia shut down;Ukraine hack) have been wide­ly cov­ered by main­stream media. By con­trast, not very much has sur­faced about U.S.-backed cyber oper­a­tives counter punch­ing, or even going on the offensive.

The one exam­ple Clin­ton might have drilled down on, had she been asked to elab­o­rate, is Stuxnet. It would be fas­ci­nat­ing to hear her assess­ment, or Trump’s for that mat­ter, of the mali­cious com­put­er worm wide­ly believed to be a joint Amer­i­can-Israeli cyber oper­a­tion to sab­o­tage Iran’s nuclear pro­gram. (I high­ly rec­om­mend Kim Zetter’s metic­u­lous­ly report­ed, well-writ­ten book account: Count­down to Zero Day: Stuxnet and the Launch of the World’s First Dig­i­tal Weapon.)

Ded­i­cat­ed gov­ern­ment cyber branch

In fact, the NSA has an offen­sive cyber branch referred to as Tai­lored Access Oper­a­tions unit. Ref­er­ences to TAO have sur­faced over the past cou­ple of years thanks to the efforts of jour­nal­ists like Zetter, as well as hack­tivists asso­ci­at­ed with Wik­ileaks and, of course, one Mr. Edward Snowden.

Ryan Trost, ThreatQuotient chief technology officer
Ryan Trost, ThreatQuo­tient chief tech­nol­o­gy officer

In this day and age, I can almost guar­an­tee that most mod­ern coun­tries have a ded­i­cat­ed mil­i­tary branch whose mis­sion is to devel­op and exe­cute offen­sive cyber capa­bil­i­ties,” says Ryan Trost, chief tech­nol­o­gy offi­cer at secu­ri­ty ven­dor ThreatQuo­tient. “The U.S. is no dif­fer­ent and most like­ly does pos­sess a more advanced capa­bil­i­ty, far beyond what most of us are aware of.”

Trost tells me that Amer­i­ca “can cer­tain­ly put a hurt on if need be.”

Should “the cyber,” as the Repub­li­can pres­i­den­tial can­di­date refers to it, come into focus again in the race for the White House, both Trump and Clin­ton prob­a­bly would be wise to tem­per their com­men­tary, some secu­ri­ty experts believe.

Hold down rhetoric

Sec­re­tary Clinton’s com­ments mak­ing sure oth­er nations real­ize our stronger capa­bil­i­ties in cyber space is a pol­i­cy path that could lead to esca­la­tion,” warns John Bam­benek, threat sys­tems man­ag­er of Fidelis Cyber­se­cu­ri­ty. “Unlike phys­i­cal con­flicts, cyber con­flicts can esca­late in unfore­seen ways and have large unin­tend­ed consequences.”

John Bambenek, Fidelis Cybersecurity threat systems manager
John Bam­benek, Fidelis Cyber­se­cu­ri­ty threat sys­tems manager

Bam­benek says the glob­al com­mu­ni­ty real­ly has no inkling of “what it would look like when two devel­oped pow­ers with exten­sive cyber capa­bil­i­ties go toe-to-toe in a hack­ing match.”

It would not sur­prise me if a pot­boil­er plot revolv­ing around the U.S. and Chi­na pulling trip­wires to knock out each other’s pow­er grid is under devel­op­ment by some spy-thriller author, or Hol­ly­wood scriptwriter. “Unlike tra­di­tion­al mil­i­tary war­fare, attri­bu­tion in cyber attacks is dif­fi­cult, so imme­di­ate response would be prob­lem­at­ic,” Bam­benek says.

Let’s hope that our top polit­i­cal lead­ers under­stand that the ram­i­fi­ca­tions of all-out cyber war­fare could cause pro­found dis­rup­tion. Maybe not as dev­as­tat­ing as a nuclear holo­caust. But poten­tial­ly some­thing close.

Mean­while, each time a net­work out­age strikes a Wall Street exchange, or shuts down flight ops at a pair of air­lines for days at a time, or dis­ables the reser­va­tion sys­tem of a top-tier hotel chain, one has to won­der if the rap­tors might be test­ing the fences.

Ramp­ing up offense

As much as world lead­ers shake hands and sign treaties, it is pret­ty safe to assume offen­sive capa­bil­i­ties con­tin­ue to oper­ate and even advance at a decent pace,” Trost says. “Coun­tries would nev­er claim respon­si­bil­i­ty, but every once in a while the inter­net will hiccup.

I believe it’s a nation state’s offen­sive team flex­ing mus­cles and assess­ing how the inter­net will respond, in case it ever comes to that point.”

More sto­ries relat­ed to cyber warfare:
Sub­ma­rine data leak points to ‘eco­nom­ic warfare’
A cyber war might be clos­er than we think
Report: Russ­ian cyber spies part of mil­i­tary move against Ukraine



Posted in Cybersecurity, Data Security, Featured Story