Cyberwar debates

There has been some robust debate happening on a corner of the Internet. I’ve written before about some of my concerns about the rhetoric of “cyber” war in the past (Related pieces here and here), but recently I was compelled to write in to the Lowry Interpreter, commenting on a piece by cyber security expert Ian Wallace. Ian was discussing the coming age of cyberwarfare and new cyberweapons, and I expressed some skepticism as to exactly what these ‘things’ are, requesting some clarification.

His original piece is linked here and I’ve quoted my response below (which you can also read here).

“I found the recently published post by Ian Wallace another example of a somewhat frustrating article on ‘cyber’ warfare.

That there is some kind of ‘warfare’ taking place on telecommunications networks (outside of fictional networked video games) is increasingly becoming a taken-for-granted fact. Espionage, crime – sure – but warfare? Unless the definition of warfare has changed substantially, I’m still unsure how an actor might actually use the Internet to gain strategic or tactical advantages in the field of war. Yet articles like the one Ian Wallace has published indicates that there is, or there might be, such uses for the Internet .

Questions I’d love answered include: have there been recorded cases of states or non-state actors using networked technology for a strategic or tactical advantage in war? Or, in what circumstances can an actor gain advantage in war through use of cyber ‘weapons’ (whatever they might be) that couldn’t be gained using preexisting ‘conventional’ weaponry?

It seems to me that those advocating the existence of cyber war (or its possibility) do a poor job of articulating the utility of cyberspace as a domain of conflict outside of describing it in terms more relevant to espionage or crime. Call me paranoid, but the increasing rhetoric of ‘cyber’ warfare seems more about consolidating state power over the Internet than it has to do with actual important security concerns.”

Unexpectedly, the Interpreter published it and the original author wrote back with a much more detailed and, I think, better response via the Lowry Interpreter which is linked here. I particularly am drawn to this point

“How should governments deal with cyber acts that have a national security impact (espionage, sabotage and subversion, if you will) but which fall below the threshold of ‘war’, especially when the perpetrators are based overseas and often beyond the reach of law enforcement?”

…which I think is a very legitimate concern.

Other people have written in to share their views, such as engineer Tony Healy who opens up with a discussion of Stuxnet making some excellent points and pointing out some key challenges for security. For the record, I don’t disagree that cyber threats don’t exist, I’m essentially engaging in a argument of the appropriateness of the term ‘cyber warfare’.

To briefly clarify, I’m aware of the potential for using networked technologies to gain advantages in ‘war’ however I’m still skeptical as to the current level of utility networked technologies, or technologies or methods that exploit networks have over conventional methods of ‘doing war’. No doubt this viewpoint will change as technology gets even more advanced and integrated and perhaps after our view on what constitutes ‘cyber’ and what doesn’t as it still seems to me that ‘cyber’ is a blanket term used to describe acts of war that might use some aspect of newer technology.

The war over the Internet

If you leave the door open to your house, and someone enters and steals some items, you don’t say you’re at war. You’ve been robbed certainly, but you’re not in a state of war.

I completely agree with Sam Roggeveen’s sentiments over at The Intepreter regarding the cyber warfare rhetoric that is doing the rounds in both within Australian Government circles and also in the media.

While I have written about it before, I do find it very interesting that nation-states like the US and Australia can seemingly easily lay blame for network intrustions on the shoulders of nation states like China. Now I don’t expect for a second that they don’t have experts advising them on how networks like the Internet function, it is interesting how network connections from IP Addresses allegedly within China, become ‘Chinese Hackers’ and then morph into ‘China’.

While I’m not for a second claiming that Chinese security personnel are not engaging in a form of espionage (Citizen Lab in Canada is doing a lot of interesting research work on these issues), one should be aware that IT security professionals are well aware at how easy it is to spoof IP Addresses and route traffic through other countries on their way to other destinations. I frequently find that the articles on cyber-attacks and cyber war gloss over the question of how one knows where exactly an attack or network intrusion comes from.

Buzan’s and Waever’s ideas on ‘securitisation’ seem so obviously applicable here in the way cyberwar is being discussed, particularly within contemporary Australia politics. Call me paranoid, but my fear is that these alleged ‘cyber attacks’ are being increasingly discussed as existential threats in the hopes the government’s around the world can increase their control over the networked domain. We have seen with the likes of Wikileaks that the Internet doesn’t always exactly play nice with the interests of governments.

The reality of these attacks is, at least to me, that many of these network intrusions come down to poor IT infrastructure and security protocols domestically. Other nodes on the network exploit these weaknesses. Opportunity knocks. Don’t leave your doors open.


Perhaps of interest, here’s an address by IT Security expert Marcus Ranum talking about how the analogies of war don’t work in cyber space.

Some other commentary from around the web:

Cybercrime as a security issue.

robert-mcnamara-vietnam

I’m presently doing a bit of reading into the concepts of cyber warfare and international security. It’s a fascinating and fairly new field and my reading comes at a time when the Australian PM, Julia Gillard, has specifically articulated threats emanating from cyberspace as a security priority for Australia within the next decade. Gillard’s speech and the government’s subsequent paper has actually drawn quite a bit of international attention.

Personally, I find the idea of cyber warfare as a security issue somewhat controversial. No doubt that malicious Internet activity impacts many, many people, but does it impact nation-states to the extent articulated by many politicians and policymakers? The empirical evidence as well as the historical ledger seem a bit thin here, particularly when you consider the social and financial costs of other security issues (namely, the health of biosphere) are getting pushed aside for what may be a fashionable potential security issue in cyber warfare and cyber crime.

One thing that is obvious to me regarding the nexus between concepts of ‘security’ and the computer networks that power the Internet, is the lack of understanding of the nature of these networks and how they operate that many politicians and policymakers seem to demonstrate. Case in point is British MP Keith Vaz, a self-confessed technological ‘dinosaur’ and Chairman of the Home Affairs Select Committee, who have been considering the potential impact of malicious internet activity on the security of Britain. He was interviewed by Al Jazeera on cyber crime, and continually spoke about such activities in terms of malicious activity by nation-states before confusing the viewer by talking about non-state actors, including individuals.

He then continued on to frame cyber crime specifically in terms of fraud (such as stealing credit card numbers) as well as email hacking, and failing to articulate why exactly cyber crime or cyber warfare (whatever that may be) should be considered a security issue rather than a criminal activity. Not to criticise Vaz too much (fraud and cyber crime are a serious issue after all) but it does seem to me that politicians are fond of framing a hacker, individual or otherwise, as something that should require the full gaze of a state’s security resources, rather than let legal or other processes deal with these issues.

This strikes me as strange – how can the malicious and online actions of individuals, or even a large collection of individuals be equivalent to interstate warfare? This is where the whole cyber warfare as a pressing security issue falls down. Malicious cyber activity is probably better conceptualised in terms of globalised crime rather than an explicit and existential threat to human existence.

Thinking back to Gillard’s speech at ANU on cyber activity as a security issues recalls Buzan and Waever’s ideas of securitisation – where state’s talk about threats in terms of security in order to justify certain emergency measures. It’s actually the lack of boundaries, the lack of control on citizen discourse that may be a bigger threat to states and their governments rather than identity theft or hacker intrusion. The Internet allows open discourse and allows citizens to question the leviathan, and subsequently threatens their legitimacy. You can see evidence of that given the treatment of Julia Assange and the power of Wiki leaks.

Regardless, there seems to be more pressing security issues than cyber attacks. Ben Eltham’s New Matilda piece regarding environmental security gives a good Australian perspective.

There could be a day when my sentiments are proved wrong and where malicious cyber-attacks can be attributed as cause for loss of life or social disruption. I’m yet to see actual evidence of that yet, so I’m content to remain skeptical.

It’s funny, as I write this (though probably not funny for the people being effected); Bundaberg citizens are getting airlifted from their homes due to flooding cause by yet another extreme weather event. The cost of these events to Australia will be substantial, dare I say significantly more than computer crime. One gets the feeling that environmental security may have been put in the too hard basket, but that’s another consideration for another day.

Cyberspace, commodification and the history of me

408px-Objectivist1

A friend of mine recommended I watch the documentary “All Watched Over By Machines of Loving Grace”, a three-part series devoted to exploring the culture of technology, its evolution and its impact upon modern society.

The first episode, “Love and “ starts off by using Ayn Rand’s objectivism as a touchstone (never a good thing in my view) but breaks off into a variety of discussions on the rise of Silicon Valley in the 1980s and 1990s and, more importantly, the unleashing of western markets on the worldwide economy, where faith in market stability was hedged on the power of computer networks.

In the first episode it mentions an allegedly very influential essay on the nature of the individual in Cyberspace by Carmen Hermosillo, a denizen of early 1990s message boards, but also a essayist and research analyst. Composed under the alias ‘humdog’, she wrote a scathing critique of the early nature of Cyberspace, seeing it as another mask by which power, particularly political and corporate power, could wear.

The essay “Pandora’s Vox: On Community in Cyberspace” was published in 1994 and started with the following sentence:

“when i went into cyberspace i went into it thinking that it was a place like any other place and that it would be a human interaction like any other human interaction. i was wrong when i thought that. it was a terrible mistake.”

In one interesting passage, Hermosillo reasoned that her activities in Cyberspace resulted in her commodification. Her words and personal thoughts written on newsgroup pages owned by corporate networks could potentially be commodified. She did not own herself and she had made herself into a product yet derived no profit from her own words. Here is the telling paragraph:

“i have seen many people spill their guts on-line, and i did so myself until, at last, i began to see that i had commodified myself. commodification means that you turn something into a product which has a money-value. in the nineteenth century, commodities were made in factories, which karl marx called ‘the means of production.’ capitalists were people who owned the means of production, and the commodities were made by workers who were mostly exploited. i created my interior thoughts as a means of production for the corporation that owned the board i was posting to, and that commodity was being sold to other commodity/consumer entities as entertainment.

that means that i sold my soul like a tennis shoe and i derived no profit from the sale of my soul. people who post frequently on boards appear to know that they are factory equipment and tennis shoes, and sometimes trade sends and email about how their contributions are not appreciated by management.”

Immediately after comes a chilling realisation.

“as if this were not enough, all of my words were made immortal by means of tape backups”

Obviously Cyberspace has developed rapidly since 1994, but many of the ideas Hermosillo worried about in 1994 still seem like problems today, particularly in the age where social media is the one of the dominant forms of interaction on the Internet. It’s difficult not to think of what we’re giving away simply by existing on the likes of Facebook and Twitter. Us, as consumers, derive some enjoyment, leisure and occasionally financial restitution from operating on these large networks, but those who own or control these structures surely derive much much more.

One other personal concern raised after reading Hermosillo’s essay was the idea that my ‘immortal words’ could resonate henceforth, shaping my future identity in ways I may not be able to directly control. Questions begin to form in my mind – how can one detach themselves from their Cyberspace identity? Will Cyberspace warp or imprint a false impression of my own identity on current or future peoples? The impact of the Internet on history will be very interesting, and perhaps extremely concerning.

Hermosillo’s essay is great and contains much more interesting ideas than I’ve detailed here. Many of these ideas still resonate loudly today, some uncomfortably so.