{"id":778,"date":"2018-05-31T17:29:17","date_gmt":"2018-05-31T17:29:17","guid":{"rendered":"https:\/\/securitycurve.com\/?p=778"},"modified":"2018-05-31T17:29:17","modified_gmt":"2018-05-31T17:29:17","slug":"cyber-atomic-bomb-did-krutskikh-get-what-he-was-after","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=778","title":{"rendered":"Cyber “atomic bomb”: did Krutskikh get what he was after?"},"content":{"rendered":"

\"\"<\/a>Last year around this time, I wrote a thing<\/a> about Russia Foreign Minister Andrey\u00a0Krutskikh and his “cyber atomic bomb.”\u00a0 I’ll quote it again in case you don’t feel like going back and reading the original post.\u00a0 He said this at a 2016 conference:<\/p>\n

\u201cYou think we are living in 2016. No, we are living in 1948. And do you know why? Because in 1949, the Soviet Union had its first atomic bomb test. And if until that moment\u2026 the Americans were not taking us seriously, in 1949 everything changed and they started talking to us on an equal footing. \u00a0I\u2019m warning you: We are at the verge of having \u2018something\u2019 in the information arena, which will allow us to talk to the Americans as equals.\u201d<\/p><\/blockquote>\n

From time to time, I still wonder what he meant by that.\u00a0 Last year, I was on the fence about whether he was referring to the NSA cyber toolkit that Russia<\/del> The Shadow Brokers leaked or whether he was referring to something else — for example, the “weaponization” of social media.\u00a0 Since I wrote that, I’ve started to think he meant social media… the Shadow Brokers are largely quiet now, the NSA toolkit is out in the wild, and the hubbub has pretty much died down around it.\u00a0 He had to realize that this would be the end result of the Shadow Brokers release and, since no further materials have been forthcoming, it stands to reason that there aren’t any.\u00a0 The social media stuff still has ongoing fallout, it’s stayed relevant an in everyone’s face… So if it is going to be one or the other, it is more likely to be the second one.\u00a0 But if it is, I don’t think it was effective.\u00a0 Meaning, I don’t think Krutskikh got what he wanted to out of it.<\/p>\n

Before I tell you what I mean by that, note that I usually try to keep politics out of this blog, because seldom is it relevant to the workaday business of securing stuff.\u00a0 I’m sure ex-spook colleagues would disagree with that statement, but I’ve always been more of a “bits and bytes guy” vs. a “geopolitical threats and actors” guy.\u00a0 In this case though, it’s germane to the point… In case you’re worried, I don’t plan to espouse a particular position… but I do need to posit a hypothetical one to make my point.<\/p>\n

Caveat complete, what do I mean when I say that, if he’s talking about the election and social media’s impact on it, that he didn’t get what he wanted?\u00a0 Let’s start, for the sake of argument, from the assumption that Russia did swing the election.\u00a0 It’s not disputed (tinfoil hat wearers aside) that they were trying to…\u00a0 So let’s say, as James Clapper argued<\/a>, based on the number of votes and the economic scale of the effort, that they were successful.\u00a0What if that’s true?<\/p>\n

If we posit that Russia got exactly what they wanted, and we take the statement at face value that the ultimate purpose was to establish equivalency with the US in the cyber realm the same way that they did in 1949 with the bomb, did it work?\u00a0 The value to Russia from testing the bomb wasn’t that they could nuke people — if so, pursuing further development beyond the first few would have been inefficient since they never actually used it.\u00a0\u00a0Instead, the value was as a bargaining instrument – a tool to effect leverage.\u00a0 The knowledge that they had the technology available to them gave them power.<\/p>\n

This is absolutely not the case with weaponizing social media.\u00a0 Why?\u00a0 First, it’s not even the formal position of the US intelligence apparatus that there was an impact.\u00a0 There’s no “peer negotiating” when the person on the other side of the table doesn’t agree there’s anything to negotiate about, right?\u00a0 Private citizens such as James Clapper might think there was an impact… but since it’s not the basis for policy, that’s effectively irrelevant.\u00a0 Second, the bomb was an asset: once they had it, they had it.\u00a0 There were maintenance costs of course to keeping bombs around and in “launch ready” mode, but since the value is influence, the ongoing cost is incremental relative to developing the technology in the first place.\u00a0 Social media influence and the ability to wield it for a given outcome by contrast, needs to be more or less rebuilt every time there is some goal they want to achieve.\u00a0 It’s not an investment, it’s a resource sink that will cost the same every time you try to wield it.<\/p>\n

This is why I chose the image I did for this post… You’ll probably get where I’m going with it if you recall the plot of Dr. Strangelove.\u00a0 If not, what happened was the Russians has built a Doomsday device, but they hadn’t told anyone about it… Said in the words of the great doctor himself, “Of course, the whole point of a Doomsday Machine is lost, if you *keep* it a *secret*! Why didn’t you tell the world, EH?”\u00a0 The same is true here… to reach the goal that\u00a0Krutskikh said he wanted, someone (the US, Russia, or some other nation) would need to acknowledge that the capability exists in the first place.\u00a0 The US won’t because there are disincentives for anyone in elected office to do that, and were Russia to do so, they would lose the capability.<\/p>\n

Ultimately, it’s possible\u00a0Krutskikh was talking about something else entirely.\u00a0 In which case, the above ramblings are castles in the air.\u00a0 But if he was talking about this, I don’t think he was entirely right about what the impact would be.<\/p>\n

Note: image is public domain<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Last year around this time, I wrote a thing about Russia Foreign Minister Andrey\u00a0Krutskikh and his “cyber atomic bomb.”\u00a0 I’ll quote it again in case you don’t feel like going back and reading the original post.\u00a0 He said this at a 2016 conference: \u201cYou think we are living in 2016. No, we are living in […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[10,36,102],"class_list":["post-778","post","type-post","status-publish","format-standard","hentry","category-security","tag-atomic-bomb","tag-cyberwarfare","tag-russia"],"_links":{"self":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=778"}],"version-history":[{"count":0,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/778\/revisions"}],"wp:attachment":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}