The war over the Internet

If you leave the door open to your house, and someone enters and steals some items, you don’t say you’re at war. You’ve been robbed certainly, but you’re not in a state of war.

I completely agree with Sam Roggeveen’s sentiments over at The Intepreter regarding the cyber warfare rhetoric that is doing the rounds in both within Australian Government circles and also in the media.

While I have written about it before, I do find it very interesting that nation-states like the US and Australia can seemingly easily lay blame for network intrustions on the shoulders of nation states like China. Now I don’t expect for a second that they don’t have experts advising them on how networks like the Internet function, it is interesting how network connections from IP Addresses allegedly within China, become ‘Chinese Hackers’ and then morph into ‘China’.

While I’m not for a second claiming that Chinese security personnel are not engaging in a form of espionage (Citizen Lab in Canada is doing a lot of interesting research work on these issues), one should be aware that IT security professionals are well aware at how easy it is to spoof IP Addresses and route traffic through other countries on their way to other destinations. I frequently find that the articles on cyber-attacks and cyber war gloss over the question of how one knows where exactly an attack or network intrusion comes from.

Buzan’s and Waever’s ideas on ‘securitisation’ seem so obviously applicable here in the way cyberwar is being discussed, particularly within contemporary Australia politics. Call me paranoid, but my fear is that these alleged ‘cyber attacks’ are being increasingly discussed as existential threats in the hopes the government’s around the world can increase their control over the networked domain. We have seen with the likes of Wikileaks that the Internet doesn’t always exactly play nice with the interests of governments.

The reality of these attacks is, at least to me, that many of these network intrusions come down to poor IT infrastructure and security protocols domestically. Other nodes on the network exploit these weaknesses. Opportunity knocks. Don’t leave your doors open.


Perhaps of interest, here’s an address by IT Security expert Marcus Ranum talking about how the analogies of war don’t work in cyber space.

Some other commentary from around the web:

Cybercrime as a security issue.

robert-mcnamara-vietnam

I’m presently doing a bit of reading into the concepts of cyber warfare and international security. It’s a fascinating and fairly new field and my reading comes at a time when the Australian PM, Julia Gillard, has specifically articulated threats emanating from cyberspace as a security priority for Australia within the next decade. Gillard’s speech and the government’s subsequent paper has actually drawn quite a bit of international attention.

Personally, I find the idea of cyber warfare as a security issue somewhat controversial. No doubt that malicious Internet activity impacts many, many people, but does it impact nation-states to the extent articulated by many politicians and policymakers? The empirical evidence as well as the historical ledger seem a bit thin here, particularly when you consider the social and financial costs of other security issues (namely, the health of biosphere) are getting pushed aside for what may be a fashionable potential security issue in cyber warfare and cyber crime.

One thing that is obvious to me regarding the nexus between concepts of ‘security’ and the computer networks that power the Internet, is the lack of understanding of the nature of these networks and how they operate that many politicians and policymakers seem to demonstrate. Case in point is British MP Keith Vaz, a self-confessed technological ‘dinosaur’ and Chairman of the Home Affairs Select Committee, who have been considering the potential impact of malicious internet activity on the security of Britain. He was interviewed by Al Jazeera on cyber crime, and continually spoke about such activities in terms of malicious activity by nation-states before confusing the viewer by talking about non-state actors, including individuals.

He then continued on to frame cyber crime specifically in terms of fraud (such as stealing credit card numbers) as well as email hacking, and failing to articulate why exactly cyber crime or cyber warfare (whatever that may be) should be considered a security issue rather than a criminal activity. Not to criticise Vaz too much (fraud and cyber crime are a serious issue after all) but it does seem to me that politicians are fond of framing a hacker, individual or otherwise, as something that should require the full gaze of a state’s security resources, rather than let legal or other processes deal with these issues.

This strikes me as strange – how can the malicious and online actions of individuals, or even a large collection of individuals be equivalent to interstate warfare? This is where the whole cyber warfare as a pressing security issue falls down. Malicious cyber activity is probably better conceptualised in terms of globalised crime rather than an explicit and existential threat to human existence.

Thinking back to Gillard’s speech at ANU on cyber activity as a security issues recalls Buzan and Waever’s ideas of securitisation – where state’s talk about threats in terms of security in order to justify certain emergency measures. It’s actually the lack of boundaries, the lack of control on citizen discourse that may be a bigger threat to states and their governments rather than identity theft or hacker intrusion. The Internet allows open discourse and allows citizens to question the leviathan, and subsequently threatens their legitimacy. You can see evidence of that given the treatment of Julia Assange and the power of Wiki leaks.

Regardless, there seems to be more pressing security issues than cyber attacks. Ben Eltham’s New Matilda piece regarding environmental security gives a good Australian perspective.

There could be a day when my sentiments are proved wrong and where malicious cyber-attacks can be attributed as cause for loss of life or social disruption. I’m yet to see actual evidence of that yet, so I’m content to remain skeptical.

It’s funny, as I write this (though probably not funny for the people being effected); Bundaberg citizens are getting airlifted from their homes due to flooding cause by yet another extreme weather event. The cost of these events to Australia will be substantial, dare I say significantly more than computer crime. One gets the feeling that environmental security may have been put in the too hard basket, but that’s another consideration for another day.