http://www.americanthinker.com/articles/2015/03/cyberliberty_depends_on_cybersecurity.html



March 7, 2015
Cyber-Liberty Depends on Cyber-Security

By Alan W. Dowd <http://www.americanthinker.com/author/alan_w_dowd/>

My colleagues at the Fraser Institute have just published a report
<http://www.fraserinstitute.org/uploadedFiles/fraser-ca/Content/research-news/research/publications/cybersecurity-challenges-for-canada-and-the-united-states.pdf>
examining the issue of cyber-security from an underappreciated but crucial
perspective, namely, the importance of cyber-security to liberty.

We all know the Internet was designed not with security in mind, but rather
openness and the free flow of information. This has been beneficial for
liberty. The no-barrier, global, connected nature of the Internet has
brought unprecedented levels of information and commercial exchange,
contributed enormous gains to individual prosperity, empowered individuals,
bypassed governments, and promoted and expanded individual freedom. Only in
recent years have people, businesses, industries, and governments come to
recognize the importance of protecting this critical sphere of activity on
which so much liberty, property, prosperity and security depends.

“Without a robust level of security,” reads the report, “the benefits of
the extended liberty provided by the Internet would dry up.”

Just consider some of the economic costs of cyber-espionage and other forms
of cyber-attack:

   - A 2014 study
   
<http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf>
   conducted by the Center for Strategic and International Studies (CSIS) on
   behalf of McAfee estimates the global costs of “malicious activity” at
   between $375 billion and $575 billion. To be sure, the CSIS estimate is
   imprecise. However, it does provide a sense of how this ungoverned zone of
   commerce, communications and collaboration is being exploited by bad actors
   to pursue nefarious ends.
   - Some 431 million people are victimized in cyberspace per year, and
   cyber-crime represents an economy “larger than the global black market for
   marijuana, cocaine, and heroin combined,” according to a report
   <http://jmss.org/jmss/index.php/jmss/article/view/463/459>from the
   Canadian Defence and Foreign Affairs Institute.
   - It costs an average of some $600,000 per firm to respond to each
cyber-security
   breach
   
<http://www.cerias.purdue.edu/assets/pdf/mfe_unsec_econ_pr_rpt_fnl_online_012109.pdf>
   .
   - Pointing to figures produced by the Commerce Department’s
   International Trade Administration that extrapolate export values into U.S.
   jobs, CSIS concludes
   
<http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime.pdf>
   that the high-end estimate of $100 billion in U.S. losses from
   cyber-espionage “would translate into 508,000 lost jobs… roughly a third of
   a percent decrease in employment.”
   - According to Gen. Keith Alexander, former commander of U.S. Cyber
   Command, 162 of 168 Fortune 500 companies surveyed report being victimized
   by cyber-attacks of some sort. But the scope and scale of the danger is
   much worse. In fact, “They’re the ones that know they’re being hacked...
   there are more than a hundred companies for every one that knows they’ve
   been hacked that don’t know they’ve been hacked.” In 2013, the U.S.
   government notified more than 3,000 companies
   
<http://www.washingtonpost.com/world/national-security/2014/03/24/74aff686-aed9-11e3-96dc-d6ea14c099f9_story.html>
   -- many of them defense contractors -- that their computer networks/systems
   had been compromised.

That brings us to the national-security costs and risks associated with
cyberspace.

In what has been called “Web War I,” Russian-orchestrated cyber-assaults
essentially cut off NATO member Estonia from the digital world in 2007.
Russia employed cyber-attacks to augment kinetic military operations
against Georgia in 2008 and Ukraine in 2014. And Russia has conducted
sophisticated cyber-espionage and intrusion into Western energy firms
<http://www.csmonitor.com/World/Passcode/2014/0701/An-anti-US-Stuxnet-Startling-attack-against-industrial-complex-revealed>
.

Iran’s Shamoon computer virus destroyed data on 30,000 computers linked to
the Saudi oil industry.

North Korea’s “DarkSeoul” attacks wiped clean the master boot records
(MBRs) of 32,000 computers at South Korea’s largest banks and broadcasting
companies. Worse, as McAfee reported in 2013, the attacks “were actually
the conclusion of a covert espionage campaign” aimed at military networks
and military units in South Korea. “The true intention of the DarkSeoul
adversaries,” according to McAfee, was “to spy on and disrupt South Korea’s
military and government activities.”

And then there’s China. According to a study
<http://origin.www.uscc.gov/sites/default/files/Research/USCC_Report_Chinese_Capabilities_for_Computer_Network_Operations_and_Cyber_%20Espionage.pdf>
conducted for the U.S.-China Economic and Security Review Commission,
China’s use of “computer network exploitation activities to support
espionage has opened rich veins of previously inaccessible information that
can be mined both in support of national-security concerns and, more
significantly, for national economic development.”

In 2013, information-security firm Mandiant pointed to “an army unit in
China” as the source of these attacks. The Mandiant report details a
cyber-campaign that has “penetrated the networks of at least 141
organizations.” The report concludes that a cyber-force within the People’s
Liberation Army (PLA) known as “Unit 61398” is conducting “extensive”
computer network operations. For example:

   - In a 2007 case, some 1,500 Pentagon computers were compromised by
   Chinese cyber-attacks.
   - Beijing has used cyber-attacks to infiltrate subcontracting firms and
   systems related to the development of the Joint Strike Fighter and C-17
   Globemaster.
   - Beijing exploited cyberspace to steal “user credentials” for more than
   150 NASA employees and gain “full functional control over networks at the
   Jet Propulsion Laboratory,” according to an investigation conducted by the
   U.S.-China Economic and Security Review Commission.
   - Unit 61398 launched “spearphishing” attacks -- a tactic using email
   that appears to be from a trusted source to gain access to a target’s
   computer -- against Westinghouse Electric, Alcoa, Allegheny Technologies
   Incorporated, U.S. Steel, the United Steelworkers Union, and SolarWorld.

Another concern with Chinese cyber-attacks stems from the close
relationship between the central government and China’s many state-owned
enterprises. For example, some U.S. officials suspect telecommunications
giant Huawei of placing a “bug, beacon or backdoor” into critical systems
that could allow for “a catastrophic and devastating domino effect…
throughout our networks,” as one congressman told *Foreign Policy* magazine
<http://foreignpolicy.com/2013/12/02/accused-of-cyberspying-huawei-is-exiting-the-u-s-market/>.
Hence, U.S. officials have tried to dissuade American firms in the defense
and telecommunications arenas from contracting with Huawei
<http://foreignpolicy.com/2013/12/02/accused-of-cyberspying-huawei-is-exiting-the-u-s-market/>.
In 2011, for instance, Washington blocked Huawei from building a wireless
network for emergency responders, and in 2013, Washington urged South Korea
to exclude Huawei from participating in a wireless-network project.

*Cyber-Defense*

The concepts of deterrence, military-to-military signaling, arms control,
and non-proliferation as developed in the kinetic, conventional, and
nuclear realms are not easily transferred to the cyber-theater.

Yet some military officials are urging policymakers to move in that
direction. “Our adversaries seek to operate from behind technical, legal
and international screens as they execute their costly attacks,” argues
Gen. James Cartwright, former vice-chairman of the Joint Chiefs of Staff.
“If we apply the principles of warfare to the cyber domain, as we do to
sea, air and land, we realize the defense of the nation is better served by
capabilities enabling us to take the fight to our adversaries, when
necessary to deter actions detrimental to our interests.” Toward that end,
Cartwright
<http://archive.defensenews.com/article/20120507/DEFREG02/305070004/Debate-Slows-New-U-S-Cyber-Rules>
has even suggested that Washington may have “to do something that’s
illustrative” in order to communicate U.S. seriousness.

To assist the warfighters in their deterrence mission, it may be helpful
for policymakers to let it be known that the U.S. would view a cyber-attack
on critical infrastructure in the same way as a traditional military
attack. It’s worth noting that Russian military officials have argued that
“the use of information warfare against Russia or its armed forces will
categorically not be considered a non-military phase of a conflict, whether
there were casualties or not.”

But because deterrence may not translate to cyberspace -- and the line
separating the virtual world of code from the real world of blood remains
blurry -- resilience is key.

“The operational concept best suited for cyber-security per se is
resiliency,” says the Fraser report. “Given that the nature of
cyber-attacks is still evolving and that attackers increasingly use third
and fourth parties to channel their attacks, and thus create false leads,
deterrence is more difficult… A better defence is the ability to sustain
one or more cyber-attacks and to be able to counter and restore defensive
capacity.”

This appears to be the path NATO has chosen. NATO’s 2011 cyber policy, for
instance, focuses on “prevention, resilience and defense of critical cyber
assets.”

How to detect, withstand, recover from and, if possible, stop illegitimate
activity in cyberspace while protecting legitimate activity -- all without
compromising the Internet’s open character -- is the challenge. According
to the Fraser report, “Overemphasizing security can restrict freedom and
stifle entrepreneurial potential… Conversely, cyber-liberty without an
appreciation of cyber-security presents rising commercial and governmental
costs as well as unacceptable threats to national security.” The choice is
not only liberty or only security. Liberal democracies must aim for both.

Among the recommendations urged by the report:

   - recognition of the need for security and hence a continuing role for
   national governments in securing cyberspace, just as they play a role in
   securing airspace and seaspace;
   - recognition that the sprawling nature of cyberspace, outsize reach of
   cyber-actors, and fluidity between defensive and offensive actions in
   cyber-security make difficult the application of traditional forms of
   deterrence;
   - recognition that cyber-security is best understood as gaining and
   maintaining maximum overall resiliency; and
   - recognition in Washington and among America’s closest allies (Canada,
   Britain, Australia, Japan, Israel, etc.) of the benefits each derives from
   deepening and widening cyber-security cooperation.

Long before there was such a thing as cyberspace, Adam Smith, the father of
free-market economics, noted that “the first duty of the sovereign” is to
protect society from “violence and invasion.” What serves as the launching
pad for violence or invasion -- land, sea, sky, space or cyberspace --
diminishes neither the danger nor the sovereign’s duty to confront it.




__._,_.___
 ------------------------------
Posted by: "beowulf" <[email protected]>
------------------------------


 Visit Your Group
<https://groups.yahoo.com/neo/groups/grendelreport/info;_ylc=X3oDMTJmYzFlcTNqBF9TAzk3MzU5NzE0BGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDdnRsBHNsawN2Z2hwBHN0aW1lAzE0MjYzNTkyMTU->


 [image: Yahoo! Groups]
<https://groups.yahoo.com/neo;_ylc=X3oDMTJlMzZwc2FrBF9TAzk3NDc2NTkwBGdycElkAzIwMTk0ODA2BGdycHNwSWQDMTcwNTMyMzY2NwRzZWMDZnRyBHNsawNnZnAEc3RpbWUDMTQyNjM1OTIxNQ-->
• Privacy <https://info.yahoo.com/privacy/us/yahoo/groups/details.html> •
Unsubscribe <[email protected]?subject=Unsubscribe>
• Terms of Use <https://info.yahoo.com/legal/us/yahoo/utos/terms/>

__,_._,___

-- 
-- 
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum

* Visit our other community at http://www.PoliticalForum.com/  
* It's active and moderated. Register and vote in our polls. 
* Read the latest breaking news, and more.

--- 
You received this message because you are subscribed to the Google Groups 
"PoliticalForum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to