Earlier this month NPR’s Planet Money podcast had a session entitled, “A War Between States And Corporations,” where they interviewed Ian Bremmer (President, Eurasia Group). Mr. Bremmer is the author of The End of the Free Market: Who Wins the War Between States and Corporations? Near the end of the podcast Ian said something about the economy and internet security that really resonated with me.
“When you have hundreds of western multinational corporations that have seen industrial espionage, that’s been directly targeted at them through cyber attacks, massive unprecedented cyber attacks, that were either directly organized by the Chinese government or were known about and actively tolerated by the Chinese government on behalf of Chinese corporations -- that’s a pretty good description of a war.”
I’m inclined to agree because as he puts it...
“National security is no longer about tanks. National security is increasingly about economic well being, internet security, and issues that allow us to live on a daily basis. We’re not worried today about the soviets blowing us up with nukes, but we are worried that our kids to be able to enjoy a quality of life vaguely related to our own.”
Precisely. We want our children to have a good quality of life and the lack of internet security places that in jeopardy for all us. Historically economic failings, obviously not through cyber-war, played a role in the fall of the Roman Empire, the Soviet Union, and very nearly Greece. Our cyber-war, and it is a war, isn’t over in so much as that we haven’t lost our economy; nor solved the problem. What we citizens want, what we desire most (qualify of life), is facilitated through economic prosperity. To achieve this the U.S. needs entrepreneurialism and innovation. The latter is what enables business to grow and our economy flourish, which is exactly what our enemies want to steal from us, over the network, because they can.
“And, I see this as absolutely being a fundamentally conflictual relationship that is coming up between these corporations that are increasingly going to have to fight against other entities, economic entities, that are being supported by governments where there isn’t rule of law.”
Yes, how exactly can a western corporation, or any non-nation-state sponsored entity, possibly defend itself against such an adversary?
Legal and diplomatic remedies to enforce various cyber-crime laws is an option. Only this approach has proven all but completely ineffective. DoSing malicious network nodes has been suggested, but will certainly not deter let alone stop an advanced persistent threat. Increased attack distribution and subtlety is the result. The current WhiteHouse administration will not easily opt for conventional shock-and-awe warfare to target digital adversaries, even in occasions when we know names and locations. At least I hope not, although it may eventually come to that if we can’t find a way to succeed through technological means.
On the defensive side the U.S. government is simply not equipped to help businesses defend their networks or the applications above. GOV is out staffed and overwhelmed already trying to defend their own systems from classified data breaches. At best they may provide the private sector some welcome threat intelligence. If corporations desire security, not all do, and survival is optional, they must learn to adequately protect themselves against other corporations who may have the support of nation-states.
Adobe, Juniper, Symantec, Northrop Grumman, etc. recently received a warning shot in Operation Aurora, as did other named and unnamed corporations. A sure sign of the times. Bad guys want more than just money. They’re very keen on intellectual property, new inventions, source code, customer lists, contract negotiations, acquisition plans, product strategy, sales figures, names of employees and their friends & family, and so on. All of which is located on some computer, likely multiple computers, on the corporate network (or Facebook’s) accessible from anywhere the Internet.