Saturday, 31 July 2010

Cyberwar? It's a phoney war



30 July 2010


New Zealand Herald

The US is spending billions to combat an online threat that doesn't exist, reckons security veteran

IT MAY be cyberwar out there, but where are the casualties?

That's the question asked by a leading commentator on computer security, Bruce Schneier, who says the idea that nations have shifted hostilities from the physical world to cyberspace is nonsense.

Schneier, a Minneapolis-based author of several books on security and head of security technology at telecomms company BT, says it suits the US military to give the impression that cyberwarfare is being waged.

``I think there is a huge power grab going on,'' says Schneier, pointing to alarmist statements by past and present heads of the National Security Agency (NSA), which carries out electronic eavesdropping.

According to Schneier, hyping cyberwar is part of the justification for expansion of the US security establishment, whose growing roll call of counterterrorism and spying agencies was detailed last week by the Washington Post.

A two-year Post investigation found more than 3000 government organisations and private companies engaged in counterterrorism-related activities, homeland security and intelligence. Since 9/11, the Post says, their budget has more than doubled to at least US$75 billion ($102 billion). The NSA alone intercepts 1.7 billion emails, phone calls and other types of communications each day, the newspaper says, more than it could hope to make sense of. One of the US' new intelligence bodies, Cyber Command, began operations in May under NSA head General Keith Alexander, to ``plan, co-ordinate, integrate, synchronise and conduct'' military operations in cyberspace.

Some ascribe a different purpose to the new body, whose emblem features the usual bald eagle but also a 32-character alphanumeric code. Tech website Wired.com invited readers to decipher the code, which one wit declared stood for ``fear = funding''.

In fact, the code contains the body's mission statement, which is to ensure freedom of action for the US and its allies in cyberspace ``and deny the same to our adversaries''.

Schneier doesn't deny the need for Cyber Command. But he thinks Alexander and others are exaggerating the threat.

``All of this rhetoric is designed to say, `Let the NSA, let the Government, let the military take over cyberspace - cyberspace needs the army, not the police'.''

The military and police have very different rules of engagement with big implications for populations, in this case the online community.

``The police follow the rules and protect the population from a minority of criminals, but the military goes in and fights a war. ``When you call it a military threat, niceties like due process ... that protect people from police abuse, the military doesn't have those restrictions.''

Along with the suspension of rights that comes with wartime are the commercial opportunities for military suppliers. Schneier calls the burgeoning business of saving the US from cyberwar the ``security-industrial complex'', echoing President Eisenhower's warning of growth of a military-industrial complex at the start of the Cold War.

Schneier points to Mike McConnell, a former NSA director who now works for consultant Booz Allen Hamilton. McConnell wrote in the Washington Post in February that the US was engaged in a cyberwar - ``and we are losing''. He advocated re-engineering the internet, no less, so that perpetrators of online attacks could be better tracked. Booz Allen, Schneier says, is competing for the ``hundreds of millions of dollars of contracts'' that flow from talking up the threat. ``Follow the money. You don't make money by saying, `This is not a threat, don't worry about it'.''

The actual threats, according to Schneier, are different: cybercrime is the largest; cyber-espionage is another; traditional hacking, without a profit motive, is still prevalent and cyber-activism, often involving young people ``playing politics'' by attacking government and corporate websites and networks, is on the rise.

If there were a war, as McConnell claims, Schneier hasn't seen any evidence. ``That's just sheer lunacy - has anybody died? Evidence for war is usually pretty obvious, because they involve flattened cities, an army in your country.''

Schneier points out his comments are not made wearing his BT hat. Nor does downplay the cybersecurity challenge.

``It's hard, but it's not something you call in the military for.''

Anthony Doesburg is an Auckland technology journalist

No comments: