For the past month or so a curious game has been going on in the world of rumor and uncertainty that passes for the intelligence community. At the heart of it is an attempt to force US President Barack Obama to put cyber security back to the top of his agenda and to usher in increased monitoring of the Internet.
Despite an initial promise of action and a demand for a report on the risks to the US technology infrastructure to be on his desk in 60 days, little in policy terms has been heard since.
Even more frustratingly for the computer-security community, Obama has also not filled the much-trumpeted post of cyber tsar. Melissa Hathaway, the White House’s senior acting director for cyberspace and the author of Obama’s 60-day review of cyber policy, had been widely tipped for the position — but four months ago she resigned, citing personal reasons for her decision.
This appears to have resulted in a turf war between the US department of homeland security, the military and the intelligence community with each competing for responsibility for the issue.
Now, in what is being seen as an attempt to jog Obama’s memory, stories about the US’s vulnerability to cyber attack, the threat it poses to its economy and the potential rise of cyber-terrorism have begun to appear on an almost daily basis.
Senior intelligence officials are suggesting that the US faces a massive risk to its power grid and communications infrastructure — claiming that if current vulnerabilities are exploited there would be enormous economic damage to the US.
“There has been a heightened awareness of our vulnerability to cyber attacks in the US and that has been building for over a year. People are saying: ‘Look at Lehman Brothers’ — if someone had taken out another banking Web site on the same day it would have been the straw that broke the camel’s back,” said Tom Reilly, a US director of ArcSight, a company set up by the investment arm of the CIA.
It draws 30 percent of its revenue from monitoring critical infrastructure for dangerous activity for US federal government agencies and NATO.
On the subject of the cyber tsar, Reilly said: “There is now a lot of impatience ... People are looking for an individual to be appointed to set policy direction and without that framework in place there is the possibility of duplication by agencies.”
The potential for exploiting the fragile confidence in financial institutions has not been lost on businesses.
“The recession has been a driver in awareness,” said William Beer, director of information security practice for PricewaterhouseCoopers. “For the first time, critical infrastructure vulnerability has made it onto the risk register. With Northern Rock we saw a cascade effect occurring as its systems went down ... and the fragility of systems is now seen as important to confidence.”
A particularly audible warning of cyber-terrorism has come from Steven Chabinsky, the deputy assistant director of the FBI’s cyber division. On Nov. 17, he told the Senate judiciary committee that the FBI was now investigating suspected al-Qaeda sympathizers who appear to be interested in launching attacks on critical communications infrastructure.
At the same hearing, US Associate Deputy Attorney General James Baker confirmed the Obama administration had been examining the need to possibly change the laws dealing with both technology and surveillance, in order “to better protect the nation from cyber attacks.”
Stewart Baker (no relation), a former assistant secretary of policy for the department of homeland security, said the concerns were legitimate.
“We have not seen a particular event that has justified this, but the fact is that our exposure to cyber attacks is growing and is growing particularly in power systems because of our move to Internet-based control systems,” said Stewart Baker, who added that the rise in reports was almost certainly an expression of those concerns. “News doesn’t happen without someone wanting it to happen. There is a sense in cyberspace circles that despite the talk that has occurred, and the concerns now being expressed, we are still not addressing the problems.”
Any answer to these problems will come with a hefty political and financial price tag and has no guarantee of eventual success.
“Some of the price will have to be paid in terms of privacy on the Internet, because we are not going to be able to find those wishing to attack us without increased monitoring. That can only be achieved by giving up some of the anonymity that we see on the present Internet,” Stewart Baker said.
Internet monitoring will be difficult to justify politically, because there is little evidence of attacks by terrorists on communications infrastructure — the main use of the Web by terrorist groups to date has been for fundraising, communication and propaganda.
“To attack critical infrastructure, terrorist groups have to have a cyber capability and the terrorists we know don’t,” said Peter Tippett, a noted security threat expert and vice president of intelligence and research for the computer giant Verizon. “Terrorism of cyber quality requires serious skills and another level of sophistication — it’s not just the use of hacking techniques. Our recent data breach survey and all of the information we have shows that in the vast majority of hacking attacks, the bad guys get there by accident.”
“I am confident that most terrorist organizations have a geek somewhere, but the organizations that have the sort of capability necessary to attack infrastructure are the usual suspects — Russia, China and Israel — and they are not the sort of organizations we think of as terrorists,” he said.
This isn’t a position wholly shared by Rohan Gunaratna, head of the Singapore-based International Centre for Political Violence and Terrorism.
“Terrorist groups at the moment prefer to harness the infrastructure, and the capability to mount successful attacks is still within the domain of government, but it is only a question of time before that capability starts to percolate to them,” said Gunaratna, a former White House adviser. “There have been power disruption events in Northern Australia and Canada, where responsibility was claimed by the Abu Hafs [al-Masri] Brigade [though they were not responsible]. The awareness of the vulnerability is being raised because groups are becoming more IT [information technology]-aware.”
Stewart Baker agreed with this possibility, though he also said that IT was treated with suspicion by terrorist groups.
“If a government wanted to experiment with its capability, it might want to use a proxy, but with cyberwarfare you want to have control, and turning over capability to another group is always difficult. This is not like a Stinger missile, you need specialized training — almost a whole career goes into building a cyber warrior,” Stewart Baker said.
“So far, al-Qaeda has been penetrated every time it has used electronic techniques — it knows the network is not your friend,” he said.
Peter Warren is the editor of the Future Intelligence Web site.
The gutting of Voice of America (VOA) and Radio Free Asia (RFA) by US President Donald Trump’s administration poses a serious threat to the global voice of freedom, particularly for those living under authoritarian regimes such as China. The US — hailed as the model of liberal democracy — has the moral responsibility to uphold the values it champions. In undermining these institutions, the US risks diminishing its “soft power,” a pivotal pillar of its global influence. VOA Tibetan and RFA Tibetan played an enormous role in promoting the strong image of the US in and outside Tibet. On VOA Tibetan,
Sung Chien-liang (宋建樑), the leader of the Chinese Nationalist Party’s (KMT) efforts to recall Democratic Progressive Party (DPP) Legislator Lee Kun-cheng (李坤城), caused a national outrage and drew diplomatic condemnation on Tuesday after he arrived at the New Taipei City District Prosecutors’ Office dressed in a Nazi uniform. Sung performed a Nazi salute and carried a copy of Adolf Hitler’s Mein Kampf as he arrived to be questioned over allegations of signature forgery in the recall petition. The KMT’s response to the incident has shown a striking lack of contrition and decency. Rather than apologizing and distancing itself from Sung’s actions,
US President Trump weighed into the state of America’s semiconductor manufacturing when he declared, “They [Taiwan] stole it from us. They took it from us, and I don’t blame them. I give them credit.” At a prior White House event President Trump hosted TSMC chairman C.C. Wei (魏哲家), head of the world’s largest and most advanced chip manufacturer, to announce a commitment to invest US$100 billion in America. The president then shifted his previously critical rhetoric on Taiwan and put off tariffs on its chips. Now we learn that the Trump Administration is conducting a “trade investigation” on semiconductors which
By now, most of Taiwan has heard Taipei Mayor Chiang Wan-an’s (蔣萬安) threats to initiate a vote of no confidence against the Cabinet. His rationale is that the Democratic Progressive Party (DPP)-led government’s investigation into alleged signature forgery in the Chinese Nationalist Party’s (KMT) recall campaign constitutes “political persecution.” I sincerely hope he goes through with it. The opposition currently holds a majority in the Legislative Yuan, so the initiation of a no-confidence motion and its passage should be entirely within reach. If Chiang truly believes that the government is overreaching, abusing its power and targeting political opponents — then
RSS