Radical Instrument

IT is changing the exercise of power. Radical Instrument is picking up the signals.

Posts Tagged ‘Russia

CYXYMU and “the nuclear option”

leave a comment »

There’s been enough said about the specifics of the Facebook/Twitter/LiveJournal outage last week connected to attacks on Georgian blogger “CYXYMU.” net.effect offers a detailed analysis of the politics involved, but I’m not so sure of Evgeny Morozov’s belief that this represents an effective step forward in the silencing of dissent. Read the net.effect piece, but consider the following as well –

1.  Are sites like Facebook, et. al., really going to generate “terms of service censorship” to delete users who become targets of cyberattacks due to free expression? I’m not so sure. There are certainly enough people who can identify (and amplify) when such considerations go into effect, and I’m not convinced that explicit censorship wouldn’t reverse the explosive growth of these sites, or open up an angle for new competition. Then again, maybe that’s simply achieving the same effects…

2.  When you attack a site with 250M users, like Facebook, you’re naturally going to attract undue attention to a situation that otherwise wouldn’t have been given another thought. I’m not convinced that won’t lead to greater political blowback at some level for Russia (even if in no way connected to the attack), even if it’s something as simple as a more aggressive cybersecurity policy (remember, there’s still an ongoing debate between the U.S. and Russia about cybersecurity).

3.  Why assume a static architecture? “Terms of service censorship” would be easy, certainly. But I’m not so sure that this attack hasn’t just handed over a new set of creative ideas – not to mention funding – on how to make the platforms more robust. A big maybe. But there’s clearly a public good issue that works to the advantage of folks like CYXYMU. Even with “terms of service censorship,” attacks like these – because they inflict damage on the network as a whole – are still likely to focus efforts on how to protect the network as a whole, which ultimately benefits individual cyber-dissenters. Imagine for a second that this were an actual military attack against an entire city, just because that city was home to one vocal individual. Even if you kicked that individual out, wouldn’t the chance of a future, similar individual be incentive enough to improve your defenses against a similar attack?

Written by Mark

August 9, 2009 at 9:58 pm

Posted in Technology

Tagged with , ,

Principles for defining cyberwar – a modest proposal

with 2 comments

After re-reading yesterday’s link from Wired, I’m more convinced that it’s time to set a more precise definition for “cyberwar,” before the term gets further muddled, misused, and manipulated by politicians. These aren’t necessarily new – the issue’s been under debate in military legal circles since at least the mid-’90s – but hype and consequences seem to be outracing the debate.

Principle #1:  A better definition of “cyberwar” should seek to inhibit rather than encourage war. Let’s start with the idea that “cyberwar” will include a set of acts, perpetuated through information systems, that by themselves legitimate an armed response. If we hope to limit armed conflict – and preserve the Internet as a forum for dialogue – we have a responsibility to keep the set of acts constituting “cyberwar” to a carefully limited domain. Which means…

Principle #2:  It isn’t cyberwar unless it’s war. References to the “digital Pearl Harbor” scenario – some of which are oddly reminiscent of Y2K fears – tend to paint a picture of cybercrime on a massive, anarchic scale. Take this excerpt from a 2000 article in the Air & Space Power Journal. It’s worth quoting in its entirety:

“One step higher in the conflict spectrum is the situation where a government agent actually denied services, corrupted data, or placed alternate data in the target country’s computer system, resulting in a shutdown of that country’s infrastructure assets (loss of power, utilities, air traffic control, etc.) potentially causing chaos and death in the target nation. We have now undoubtedly entered the arena of offensive Information Warfare (IW). Although no bombs or missiles have been dropped or launched, the target country has suffered actual, tangible damage. It would be difficult, indeed, to convince the targeted country that they were not under attack. Most likely, the “victim” state would believe that they had the authority (and perhaps a “duty”) to defend themselves under the authority of Article 51 of the U.N. Charter. Surely most victim countries would perceive this as an “act of war,” “use of force,” or “act of aggression,” or whatever terminology they decided would best serve to justify their retaliatory action. Academic debate of semantics would abruptly end when news programs could broadcast images of the tangible results such as aircraft wreckage, starving city dwellers, hospital intensive care units without power, riots, et cetera, and negative attention would turn toward the aggressor state.”

The word on which this excerpt turns is in the third line:  “…potentially causing chaos and death…” It’s a dangerous qualifier. It does seem sensible to include within the realm of “cyberwar” those acts which cause death and chaos, as long as we can precisely define chaos in terms of state sovereignty. But that word “potentially” tends to loosen the causation link between the act and the consequence. “Potentially” takes us away from [U-boat blockade = British starvation] to [financial system disruption = starvation], which I’m not convinced is the same thing. A definition of cyberwar that loosens causation – that, in other words, cannot demonstrate a direct, causal relationship between an intentional cyber-act and a violent outcome – blurs the line with cybercrime, and thereby makes the potential for war easier. Which implies…

Principle #3:  Cyberwar should be attributable to cyberwarriors. Laws and conventions governing war require uniforms and markings. Military vehicles are marked as such, clearly distinguishable from, say, civil ships and aircraft. The more difficult it is to separate criminal acts from a legitimate use of force, the greater the opportunity for misattribution and retaliation…and the greater the temptation for states to engage in illegitimate uses of force.

This last point seems quaint – certainly, there’s a lag between laws and conventions defining war, and the technology used to wage it. But isn’t that the point? John Arquilla of the Naval Postgraduate School has pointed out that the Chemical Weapons Convention offers a solid precedent for restraining a “cyber arms race,” a race which will take on velocity if we can’t get our definitions under control.

Minor addendum, part I: With reference to principle #2 – and Arquilla’s own belief in the potential for a cyber 9/11 – is it really sensible to develop terms around the scenario of an act that’s limited purely to information systems? It’s unconvincing. Such an act, even if possible to the description outlined above, doesn’t seem rational. It would likely leave most military forces intact, which means that the attacked state would preserve significant potential for a very real and damaging response. A more likely scenario seems one in which a “digital Pearl Harbor” is accompanied by an actual Pearl Harbor…in which case the digital side is just a secondary accompaniment to a very real act of war.

Minor addendum, part II: As Arquilla also points out, Russia (“ironically”) has been advocating an agreement to govern cyberwar for 13 years. This NY Times article from June highlights the differences between U.S. and Russian stances.

Written by Mark

July 29, 2009 at 10:17 pm

Posted in Military & Security

Tagged with ,

Where Internet attacks come from

leave a comment »

On the eve of a possible “D-Day” for the Conficker worm, there’s new data out from Akamai underlining the point that not all Internet attack traffic originates in Russia or China, despite articles about “GhostNet” and the like. For Q4 2008, Akamai’s data suggest the top originating country for attack traffic was the U.S. (23% of traffic), with China a few percentage points behind (19%). Akamai does note that this represents a shift from previous quarters in 2008, in which the U.S. played second to China or Japan.

What Akamai’s study offers is some perspective and perhaps a question. The figures merely point out that Internet attack traffic is not so much a function of any national characteristic except Internet penetration. To be fair, the study doesn’t show where the constitution of attack traffic may vary across countries – which attacks have tacit state support and which are merely criminal. But that in and of itself raises the question as to whether the greater threat to any single country’s Internet infrastructure, over time, is from other countries (i.e., the “digital Pearl Harbor” scenario) or from the sheer volume of always-active cybercrime. It’s a decent bet to suggest that the recession will give more impetus to the latter.

Written by Mark

March 31, 2009 at 10:46 pm

Posted in Technology

Tagged with , ,