{"id":178,"date":"2017-05-11T16:41:12","date_gmt":"2017-05-11T16:41:12","guid":{"rendered":"http:\/\/securitycurve.com\/?p=178"},"modified":"2017-05-11T16:41:12","modified_gmt":"2017-05-11T16:41:12","slug":"to-fix-cyberwarfare-check-your-politics-at-the-door","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=178","title":{"rendered":"To fix cyberwarfare, check your politics at the door"},"content":{"rendered":"

\"\"<\/a>I’ve noticed a trend. \u00a0Namely, that individual political inclinations – and the reservations that we have talking about politics for fear of treading on those inclinations – are having a “chilling effect” on accurate and thorough discussions in the community about adversaries and their tradecraft. At least this seems to be true as it pertains to election interference discussions specifically.<\/p>\n

Now, I can’t go into specifics, but I’ve been a party to at least a few conversations now where organizations or individuals have said that they can’t or won’t publicly discuss anything about election interference because of the political sensitivity of such as discussion and the blowback that it would create. \u00a0I think this is bad for the security research community overall — and really bad when it comes to preparedness for future cyberwarfare attacks.<\/p>\n

As an example of what I mean, check out this recent article over at the Register entitled “Just so we’re all clear on this: Russia hacked the French elections, US Republicans and Dems<\/a>“. \u00a0Now, if you read the “TheReg”, you’re probably not surprised by the tongue-in-cheek, purposefully provocative title. \u00a0The article itself is about connections between election interference (in the US and France) and Russia. \u00a0Is it going to rock your world? \u00a0Probably not. \u00a0But\u00a0take a look at the comments area<\/a>. \u00a0Vitriol ramps up quickly, but what really struck me was the number of people citing lack of evidence for the conclusion that some nation-state threat actor (e.g. Russia) was involved in electoral interference. \u00a0And that’s bad because it’s going to happen again. We need to be ready – no matter what party, politician, country, or creed is impacted. \u00a0The literal definition<\/a> of cyberwar is, “the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes<\/em>.” \u00a0Ergo, election interference is, by definition, cyberwarfare. \u00a0Why are we not preparing for that? \u00a0Because we’re scared of people getting upset? \u00a0Screw that.<\/p>\n

Here’s what I mean. \u00a0Would blowback like this happen if for example the Register published an article entitled, “Just so we’re clear, Russian criminal created and ran a massive botnet” (in reference to the Kelihos botnet<\/a> that we now know was orchestrated by a Russian criminal)? Would there be even a tenth of the comments? \u00a0Any denial that it happened in the first place? \u00a0No, right? \u00a0In fact, in the case of electoral interference, it seems to me that we have relatively more confidence about this than we do in the botnet example. \u00a0For the botnet, we have law enforcement telling us that it happened. \u00a0Over the course of analyzing security attacks and tradecraft for two decades, I’ve seen law enforcement make it’s share of mistakes. \u00a0But in the case of electoral interference, the intelligence community (via the NSA) has confirmed Russian interference in the French election<\/a>\u00a0— the DNI has confirmed it for the US<\/a>.\u00a0\u00a0So as far as the US Intelligence community is concerned, it happened. \u00a0 I’ve seen the intelligence community make fewer mistakes over the course of the years – at least in re: analyzing tradecraft – relative to law enforcement. \u00a0I won’t say it doesn’t happen, but usually by the time they’re done measuring twice and cutting once, what they conclude about this stuff tends to be pretty accurate. \u00a0Note that for the purposes of this discussion, I’m discounting the speculation that the entire US intelligence community has been compromised and are thereby untrustworthy themselves (i.e. the “They Live<\/a>” scenario).<\/p>\n

So this is a problem. \u00a0Because we need to be ready when it happens again. \u00a0We need to be ready for when it gets even more subtle, more automated, more sophisticated, and much harder to detect. \u00a0What we’ve seen recently so far is basically the DDoS of election interference – the most blunt, hardest-hitting, least subtle type of attack. \u00a0What’s happens when someone develops the APT of election interference? \u00a0Something more subtle that acts well below the radar.<\/p>\n

Everybody gets all fired up about critical infrastructure – and why shouldn’t they because of the seriousness that an attack against critical infrastructure can have – but election or other political interference is every bit as much a viable cyberwarfare tactic as attacks against critical infrastructure are. \u00a0We need to be able to openly discuss it when it happens without being scared off because of the political implications. \u00a0We need to use those discussions to fuel policy, to educate politicians and citizens, and to prepare. \u00a0Regardless of what your political party is – we need to address this head on. \u00a0Because it will happen again. \u00a0And it will be worse when it does.<\/p>\n","protected":false},"excerpt":{"rendered":"

I’ve noticed a trend. \u00a0Namely, that individual political inclinations – and the reservations that we have talking about politics for fear of treading on those inclinations – are having a “chilling effect” on accurate and thorough discussions in the community about adversaries and their tradecraft. At least this seems to be true as it pertains […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[36,92],"class_list":["post-178","post","type-post","status-publish","format-standard","hentry","category-security","tag-cyberwarfare","tag-politics"],"_links":{"self":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=178"}],"version-history":[{"count":0,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/178\/revisions"}],"wp:attachment":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}