The current consensus in the cybersecurity realm is that the government and private industry need to improve cooperation and information sharing. Shane Harris examines the pros and cons of this approach in his book @War: The Rise of the Military-Internet Complex. The book takes the reader on a historical journey behind America’s cybersecurity policies and through this journey points out the unintentional consequences of the government’s defensive and offensive cyber tactics. Shane Harris relied on his work over the years as a Washington journalist and think tank covering national security and cybersecurity to write his book, and his sources include unclassified material, interviews with those with access to classified material, as well as classified material revealed by Edward Snowden. The book covers a number of important topics on cybersecurity, namely, the developing relationship between the government and the private industry, the damaging effects on national security caused by NSA’s attempts to protect our nation, and the potential for non-conventional cyber warfare.
Relationship between Private Industry and Government
According to Harris, the US government views protecting whole industries as the best way to protect cyberspace. In order to serve this mission, the government first determines which industries are the most at risk, then contacts companies in those industries to share information about hackers targeting them. The goal is for companies to incorporate this information into their own defensive strategies. Many times the government issues temporary security clearances to CEOs of companies to initiate these conversations.
However, according to Shane Harris, US corporations do not necessarily welcome government cooperation in the realm of cybersecurity. Many companies have their own cybersecurity divisions or hire consultants that specialize in cybersecurity. Moreover, there is a constant revolving door between intelligence agencies and corporations. Take the example of Keith Alexander, the former director of the NSA who has started his own cybersecurity consulting business.
Cooperation is further frustrated by the disparate interests of each entity: the company wants to protect the company while the government wants to gather information to prevent future attacks (and use for their own offensive needs). To make matters worse, NSA’s tactics often backfire and weaken security interests.
NSA Tactics Backfire and Weaken Security
Harris avoids taking a side when it comes to the NSA privacy debate, but he does examine the effects of NSA cyber policies on national security. According to Harris, the NSA has developed certain cyber strategies that undermine the very security of the technology they seek to protect. For instance, the NSA has paid companies not to fix some vulnerabilities so that they can gather information about the hackers exploiting those vulnerabilities. While this might be helpful for the intelligence community in the long-run, this strategy has led to the destruction of company resources in the short-term.
Another NSA tactic that has back-fired involves malware that the NSA has installed on foreign computers. According to Harris, the NSA has implemented spying devices in at least 85,000 computer systems in 89 countries. The issue is that the malware is installed in commercial technology used across the globe, including within the United States. The idea is to manipulate vulnerabilities that can only be exploited by the NSA, but this idea backfires when the countries targeted discover the vulnerability and exploit the vulnerability to attack or spy on us.
Potential for Non-Conventional Cyber War
In the final chapter of @War: The Rise of the Military-Internet Complex, Harris summarizes the present state of cyber affairs and speculates on how the future may unfold. Harris comments on how countries that are unable to compete with the United States by way of conventional warfare may find equal footing through cyber warfare. Throughout his book, Harris focuses on the example of China, a country whose cyber force is five times larger than the United States. In addition to describing how cyber tactics can be used in a non-conventional war, Harris describes the non-conventional damages that result from a cyber war. China has used cyber attacks on American corporations to steal their commercial data and proprietary trade secrets to give Chinese corporations an edge in the global marketplace.
In addition to the above topics, Harris discusses the use of cyber tactics to turn the tables in the Iraq war, the roadblocks preventing companies from “hacking back” when hacked, as well as various examples of times when the US government has used offensive cyber measures.
Can we compare America’s current cybersecurity policies to Eisenhower’s Military-Industrial Complex? Harris thinks we can. For a historical analysis of the developments leading up to America’s current cybersecurity policies, as well as an in-depth look at some of the unintentional consequences of our past and current cyber policies, @War: The Rise of the Military-Internet Complex by Shane Harris is an excellent read. Click here to access the book on Amazon.
Leave a Reply