Gen. Nakasone on US Cyber Command

Really interesting article by and interview with Paul M. Nakasone (Commander of US Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service) in the current issue of Joint Forces Quarterly. He talks about the evolving role of US Cyber Command, and its new posture of "persistent engagement" using a "cyber-persistant force."

From the article:

We must "defend forward" in cyberspace, as we do in the physical domains. Our naval forces do not defend by staying in port, and our airpower does not remain at airfields. They patrol the seas and skies to ensure they are positioned to defend our country before our borders are crossed. The same logic applies in cyberspace. Persistent engagement of our adversaries in cyberspace cannot be successful if our actions are limited to DOD networks. To defend critical military and national interests, our forces must operate against our enemies on their virtual territory as well. Shifting from a response outlook to a persistence force that defends forward moves our cyber capabilities out of their virtual garrisons, adopting a posture that matches the cyberspace operational environment.

From the interview:

As we think about cyberspace, we should agree on a few foundational concepts. First, our nation is in constant contact with its adversaries; we're not waiting for adversaries to come to us. Our adversaries understand this, and they are always working to improve that contact. Second, our security is challenged in cyberspace. We have to actively defend; we have to conduct reconnaissance; we have to understand where our adversary is and his capabilities; and we have to understand their intent. Third, superiority in cyberspace is temporary; we may achieve it for a period of time, but it's ephemeral. That's why we must operate continuously to seize and maintain the initiative in the face of persistent threats. Why do the threats persist in cyberspace? They persist because the barriers to entry are low and the capabilities are rapidly available and can be easily repurposed. Fourth, in this domain, the advantage favors those who have initiative. If we want to have an advantage in cyberspace, we have to actively work to either improve our defenses, create new accesses, or upgrade our capabilities. This is a domain that requires constant action because we're going to get reactions from our adversary.

[...]

Persistent engagement is the concept that states we are in constant contact with our adversaries in cyberspace, and success is determined by how we enable and act. In persistent engagement, we enable other interagency partners. Whether it's the FBI or DHS, we enable them with information or intelligence to share with elements of the CIKR [critical infrastructure and key resources] or with select private-sector companies. The recent midterm elections is an example of how we enabled our partners. As part of the Russia Small Group, USCYBERCOM and the National Security Agency [NSA] enabled the FBI and DHS to prevent interference and influence operations aimed at our political processes. Enabling our partners is two-thirds of persistent engagement. The other third rests with our ability to act -- that is, how we act against our adversaries in cyberspace. Acting includes defending forward. How do we warn, how do we influence our adversaries, how do we position ourselves in case we have to achieve outcomes in the future? Acting is the concept of operating outside our borders, being outside our networks, to ensure that we understand what our adversaries are doing. If we find ourselves defending inside our own networks, we have lost the initiative and the advantage.

[...]

The concept of persistent engagement has to be teamed with "persistent presence" and "persistent innovation." Persistent presence is what the Intelligence Community is able to provide us to better understand and track our adversaries in cyberspace. The other piece is persistent innovation. In the last couple of years, we have learned that capabilities rapidly change; accesses are tenuous; and tools, techniques, and tradecraft must evolve to keep pace with our adversaries. We rely on operational structures that are enabled with the rapid development of capabilities. Let me offer an example regarding the need for rapid change in technologies. Compare the air and cyberspace domains. Weapons like JDAMs [Joint Direct Attack Munitions] are an important armament for air operations. How long are those JDAMs good for? Perhaps 5, 10, or 15 years, some-times longer given the adversary. When we buy a capability or tool for cyberspace...we rarely get a prolonged use we can measure in years. Our capabilities rarely last 6 months, let alone 6 years. This is a big difference in two important domains of future conflict. Thus, we will need formations that have ready access to developers.

Solely from a military perspective, these are obviously the right things to be doing. From a societal perspective -- from the perspective a potential arms race -- I'm much less sure. I'm also worried about the singular focus on nation-state actors in an environment where capabilities diffuse so quickly. But Cyber Command's job is not cybersecurity and resilience.

The whole thing is worth reading, regardless of whether you agree or disagree.

EDITED TO ADD (2/26): As an example, US Cyber Command disrupted a Russian troll farm during the 2018 midterm elections.

Posted on February 22, 2019 at 5:35 AM • 37 Comments

Comments

PhaeteFebruary 22, 2019 6:04 AM

Sure...
And whine like a child when countries like Russia and China are "forward defending" and "persistent engaging".

Acting is the concept of operating outside our borders, being outside our networks, to ensure that we understand what our adversaries are doing.

Or spying on foreign soil as we commonly call it.
Coming from a general, i can partly understand.

If you only have a hammer, each problem looks like a nail.

tazer2000February 22, 2019 7:52 AM

"When we buy a capability or tool for cyberspace...we rarely get a prolonged use we can measure in years. Our capabilities rarely last 6 months, let alone 6 years."

It's not just about the ever increasing tech in warfare, but the tempo/speed in which new technologies and tactics are developed, studied and ultimately fielded. The first mover will always have the advantage. It will be this need to rush to develop new war tech to keep pace with our enemies that will lead to this dystopian/sci-fi future that will likely lead to our demise. Eventually, someones going to pick out one of those black balls from the invention bucket that Nick Bostrom warned us about. Atom bombs, AI, or most likely some other tech we never anticipated. Hell, just look into some of the work Stephen Wolfram is doing with knowledge based programming and exploring the "computational" universe; As a species, we're about to invent an invention machine. Oh, what fun that will be when all the superpowers have to try to out invent each other to compete and prevent their fall. Ever faster, ever diminishing oversight, less time to test and think through the unforeseen consequences because they'll have to field first and test later to keep the first mover advantage. lol.I try not to be a pessimist, but I just dont see a way out of this...

65535February 22, 2019 8:02 AM

The prior post on DNS top level scams involving switching A records for a brief periods of time and using bogus certificates is timely…almost too timely… and now Gen. Nakasone going full bore.

This makes me wonder who was actually doing the DNS A record scams and bogus certs. It was not some low level hacker.

I note that Talos withdrew their evidence “letter” posted in Russian… possibly because somebody actually checked for Russian grammer and spelling errors and found them leading to the Talos decision to remove it. Then Fire Eye and CroudStrike going after the 5-eye’s known emenies in the middle east… it makes me wonder.

[Gen. Nakasone]

“…Second, our security is challenged in cyberspace. We have to actively defend; we have to conduct reconnaissance; we have to understand where our adversary is and his capabilities; and we have to understand their intent. Third, superiority in cyberspace is temporary; we may achieve it for a period of time, but it's ephemeral. That's why we must operate continuously to seize and maintain the initiative in the face of persistent threats…”-Nakasone

Hum, how expensive is this?

“Solely from a military perspective, these are obviously the right things to be doing. From a societal perspective -- from the perspective a potential arms race -- I'm much less sure”-Bruce S.

That is what I am thinking.

Is another cold war abiet in the Industrial Telecommunications area really worth it for the average Jane/Joe? I doubt it.

Sancho_PFebruary 22, 2019 8:12 AM

To me this is a barrel of aggressive brainwash, I’m not ready to swallow that.
The easy peasy sounding ”We must "defend forward" in cyberspace, as we do in the physical domains.” is a huge mistake, deliberately or not, negating differences in space, time and distance between virtual and physical world.
Another attempt to glorify murder, only in the other domain.

Defense means defense, not invasion.

HumdeeFebruary 22, 2019 8:38 AM

"Defend forward"

Ahhh....so now we know where Kellyanne Conway has gone off too. Not quite as good as "alternative facts" but not bad, not bad at all. She can put her feet on the couch again.

asdfFebruary 22, 2019 8:43 AM


Defense means defense, not invasion.

Thank God the Progressives have not yet infiltrated the military. When they do, we are done for.

kiwanoFebruary 22, 2019 8:49 AM

"Why do the threats persist in cyberspace? They persist because the barriers to entry are low and the capabilities are rapidly available and can be easily repurposed."

...and why are the barriers to entry so low? because when CyberCommand discovers an exploit, they often choose to leave it open for their own exploitation, instead of ensuring it gets fixed, and raising the barrier to entry for prospective attackers :P

HumdeeFebruary 22, 2019 9:49 AM

@ROF.

There is nothing "coded" about it. It is lie, plain and simple. To defend means to wait for the other party to attack, that is how the word is defined. Now, it may be sound military strategy that "the best defense is a good offense" but if that is what they mean then that is what they should say rather than putting lipstick on the pig. Whatever happened to the "honor" in "duty, honor, country?" Seems that went out the door a long time again. Lie, lie, lie lie.

https://www.youtube.com/watch?v=kk88XZQNVQI

1&1~=UmmFebruary 22, 2019 10:17 AM

@Bruce Schneier:

There is a second article in the journal PDF that is not just worth reading but having a blog thread on.

It starts on page 58,

"Evasive Maneuvers : How malign actors leverage Cryptocurrencies", Col S.Dudley, et al.

It will make a few eyes open wide.

parabarbarianFebruary 22, 2019 10:31 AM

Shit is one hand; wish in the other: See which one fills up first. You can fight to win or you can fight to feel good about yourself.

Cowering behind the electronic castle walls -- even massive constructs like a virtual Great Wall or Maginot Line -- may feel safe and virtuous but they will not stand up to modern artillery. It is true that walls are useful in that they slow an attacker and even discourage the less motivated but it will not stop a determined foe. If your enemies are more determined and capable than script kiddies and basement dwelling wankers you're going to need more than defensive fortifications.

Impossibly StupidFebruary 22, 2019 10:38 AM

This'll be a fun one! ;-) I have to agree with the comments that call out the newspeakishness of "defend forward". All that mindset does is encourage our "adversaries" (suspiciously unnamed) to do the same. It's like this guy is prepackaging the talking points Russia or China can use when they access our networks with bad intent.

The whole idea of "persistent engagement" seems to be flawed. There is no reason we need to be "in constant contact with our adversaries". If someone attacks a server of mine, I drop them into my firewall. Fight over. Cyberspace is probably the best battleground when it comes to your ability to defend your home turf. But I suppose you can't keep taking more and more taxpayer money if you don't insist on wasting it on "defend forward" tactics.

Likewise, I disagree with the short-term thinking that results in surrendering to the idea that "capabilities rarely last 6 months". That's approaching the kind of private sector quarterly boardroom thinking that destabilizes a lot of companies these days. It's hard to respect any organization that would rather chase fads than think for itself. I don't want that in a military force; I want long-term planning with infrastructure investments. Stop adopting those solutions that you know aren't going to be good for 6 years (or whatever).

tazer2000February 22, 2019 11:08 AM

@ 1&1~=Umm

"Evasive Maneuvers : How malign actors leverage Cryptocurrencies"

Should be no surprise really...War science is to the point now, that we know warfare is most
effective when fought on as many fronts as possible; hence the doctrinal phrase "full spectrum warfare". These fronts can be almost anything but commonly, economic, cultural, ideological, agricultural, technological, biological, psychological, not just personal violence. Cryptocurrencies at a minimum serve the purpose of disruption of existing financial institutions. The outcome of this isnt known or can be; everything has its winners and losers. Cryptocurrencies will be just another component of a multi-storied house of cards that is the structure of civilization. Everyday being increasing destabilized by the rapid pace of technology. Im choosing not to debate technologies moral basis; not its "goodness or badness", only that it's ultimately a destabilizing force that causes large scale systems to ultimately collapse. I feel like the technological nerds are helping to rush us to the end, just as much as the politicians. Maybe we should but the breaks on this whole thing, shouldnt we?. Technology just makes complex systems more complex. Ever increasing numbers of variables begin to influence the system in ways that were not anticipated or predictable, eventually throwing the system into disorder. Stop dancing around the issue, at the heart of it, security is about promoting a sense of stability and predictability in our enviroment. On long enough times scales, the world is not stable or predictable. Laws of thermodynamics prevent "true" ultimate security.

1&1~=UmmFebruary 22, 2019 11:20 AM

'We must "defend forward" in cyberspace, as we do in the physical domains.'

Hmm, now what on Earth could that mean?

What was it Richard Armitage said just after 9/11 to Pakistani leader Pervez Musharraf, who later wrote about it in his book?

According to Pervez Musharraf, Richard Armitage indicated that unless Pakistan joined the war on terror, the United States would

    'bomb Pakistan back to the stone age'.

Not exactly original in fact more of a cliché by then, and is more usually attributed incorrectly[1] as being original to Curtis LeMay[2].

The problem with 'clichés' is that all to often the accurately reflect intentions. Thus,

Defend forward ~= bomb back to the stone age.

Which would be more or less in line with the policy espoused by the US of "Going Kinetic" for anything "cyber" that the US considers a threat. If you read the article from the same journal that starts on page 58 you will see that Col S.Dudley actually recomnends this over other Nations who decide nolonger to use the US Dollar as the Reserve currancy and try to bypass it with Crypto-currencies...

[1] As noted the quote was not original to Curtis LeMay in his,1968 book. Infact it appears LeMay plagiarized it from a column by satirist and humorist Art Buchwald, from the year before.

[2] General Curtis LeMay usually seen as the overly aggressive, frequently bad tempered, and usually scowling General in the US Air Force, who at one time had his finger on the button of the US Nuclear "bomber force". Gen LeMay apparently got that job because not only did he incinerate two thirds of Japan’s cities in World War II, he was considered by many to be "stark raving bonkers". Apparently this came about after LeMay expressed disappointment that US Pres Kennedy wouldn’t let him do the same to Cuba.

In his 1968 memoir Curtis LeMay suggested that rather than negotiating for peace with the North, the United States should go over to Hanoi and 'bomb them back to the stone age,' along with much of the rest of North Vietnam. Ostensibly by taking out factories, harbors, and bridges 'until we have destroyed every work of man in North Vietnam.'. Which others read as 'Wipe out the existance of all life' there (so genocidal as well as grumpy).

tazer2000February 22, 2019 11:41 AM

@Gerard

Privacy is pretty much on life support atm. lol. Notably, freewill and individual "agency" are on the line now. All those people we see on their phones staring at screens for 12 hours a day or so, just "locked" in; getting little dopamine "hits". Its really bad and scary to admit, but peoples ability to be away or off those devices seems to be under attack. On a lighter note: Be the last person not to get sucked into the technology vortex on the world...Own the world. lol

tobiFebruary 22, 2019 11:57 AM

Enemies do not stop expanding their abilities or attacking because the USA stop doing it. Rather, they'd be encouraged by how easy it is to expand their power.

The world is a dangerous place. Nations cannot just "be nice" to one another currently. We all want that but it's not in the cards today.

Trump gets this right. Talking nice is not what discourages aggressive behavior.

David RudlingFebruary 22, 2019 12:04 PM

@Bruce
Thank you for posting the link which I admit I would never otherwise have found.
As you said, the interview and article by Paul Nakasone are worth reading in their entirety regardless of whether one agrees or disagrees. The immediately following article by Frank Sanchez is also worth reading. As so often your blog does an important service to bring these rather niche articles to a much wider audience as the actions predicated on them will affect all of us - like it or not.

John DoeFebruary 22, 2019 1:30 PM

Although I may be wrong, I would observe that in general, though history, countries go to war with other countries. It's a theme. What's more, in general, countries go to war with their neighbours. The list is enourmous, and I can rattle a few off the top of my head for the sake of it - Ethiopia/Etitrea, France/Germany, France/England, USA/Canada, USA/Mexico, Chile/Argentina, China/India, India/Pakistan, etc, etc, and here I'm only refering to recent history, countries which currently exist.

Countries do go to war with non-neighbours, but much less often, and I would say the greater the distance, the less common war becomes. The number of wars between Canada and Eritrea is very low.

What I am thinking is that on the Internet, all countries are now neighbours.

tazer2000February 22, 2019 1:58 PM

@John Doe

yes. That seems a pretty safe assumption to make. But I think if we take it a little further and ask what is a country? My sense says its a region of land having agreed upon physical boundaries between different "tribes" of people. The internet as a "commons" space, changed all that obviously. We have a massively interconnected "world" economy, it should be obvious that slowly but surely a world culture/ideals/norms will come after. I think alot of the anger/anomosity/distrust and such that has seemed to intensify as of late is a direct result of this "birthing" process.

1&1~=UmmFebruary 22, 2019 3:22 PM

@tazer2000: John Doe:

"But I think if we take it a little further and ask what is a country?"

Perhaps it would be better to ask 'What is between countries and what law applies?'.

Even where there are land borders between countries, historically due to "uncertainty" there is usually a "gap". The classic movie trope of this was 'German border posts' where there was 30-50yards between the 'gates' for either country.

Oddly perhaps in general 'Maritime Law' tends to be in force or the guiding principle if there are no specific treaties. Because of this there is the landing rules. That is it is not sufficient for your vessel to be in a countries claimed waters to fall under their jurisdiction it remains under it's 'flag jurisdiction' for most things whilst underway. In other words there has to be more, technically even mooring does not bring a vessel under a countries jurisdiction either thus a vessel can be hove to, anchored, or even adrift as long as it is 'maned' (otherwise salvage rules etc come into play, one reason for this was the use of 'fire ships' as weapons of war).

The same is true for aircraft in many respects where even landing on a runway does not bring them under a countries jurisdiction. It's part of the reason why you have 'airside and landside' at an international airport similarly with ports that take international shipping.

You get to see such oddities when crew change vessels, whilst their feet are very much on a countries soil, in theory they are not in the country. This is important in certain countries where there is no right to bare arms or have in your possession certain types of firearm. It all gets a little complicated and there are several forms that have to be filled in and other rules. A general rule is all fire arms should either be locked up or parts of their firing mechanism should be locked up on board. This also includes things like flare guns, and all ammunition such as flares, rockets, fireworks and even smudge/smoke pots along with more conventional ammunition. Oddly though the rules on explosives tends to be laxer in many places...

How does a country decide how far it's waters extend? Well a long time ago it was decided by the sensible definition of the range of a cannon shot. If you were outside that range then you were in effect in what we now call international waters, though Nelson did muck things up when he developed a reliable way for cannon shot to bounce/skip across the surface of the sea.

These days it's much more of a political decision as can be seen with China and the South China Seas. Oh and in some places having passed through 'immigration' and having had your passport stamped etc does not actually mean that you have enteted the country. For convenience of both countries the immigration for country A can actually be in country B and the other way around... You see this with the likes of ferry ports and even tunnels and some airports.

But there are other points one being some countries claim rights they actually don't have, and they get away with it because there is little or nothing you can do legaly to get redress... They literally are behaving like 'pirates' or 'privateers' which has other implications (like the rights pertaining to the use of leathal force to repell them).

Oh and mad as it sounds maritime law is also assumed to apply on the moon and all other rocks of any size in the solar system...

All because the process of legislation and treaties os oh so slow and can take many decades. It's easier to just take an already agteed set of rules and say 'These now apply here as well'.

tazer2000February 22, 2019 4:06 PM

@1&1~=Umm:

So your asserting that borders are more a "fuzzy" agreed upon convention based upon many factors, most of which likely are complicated or at worst based on irrational notions? It was kinda hard to summarize your post to extract its "nexus", but this was basically what I got. If so, then I agree completely. Complicated matter, this whole "tribal" thing. As a survival and evolutionary mechanism, I get why we have to catalog, group and place externals into hierarchies, but at the end of the day, at a higher level of abstraction, none truly exist. But of course, we dont live in a perfect platonic world, so we're left to deal in worldly conventions. It's humanities curse, I fear...

WoFebruary 22, 2019 4:08 PM

I am concerned about Nakasone's mention of the antivirus community when talking of forging partnerships in the private sector.

Presumably the "antivirus community" involves antivirus software companies (among others). Antivirus software collects a great deal of information on the contents of customer computers.

1&1~=UmmFebruary 23, 2019 4:06 AM

@tazer2000:

"... many factors, most of which likely are complicated or at worst based on irrational notions?"

Complicated, dofficult to agree but generally not irrational at that point in history.

For instance one of the reasons for the size of "gaps" at border crossings is the length of vehicles... It sounds odd till you consider it means that a vehicle can not be in two countries at the same time. Then you realise at some point somebody tried to get an advantage by having a vehicle in two countries and you have the chance to research it's history. So things get implemented for reasonable reasons at the time, thus become 'accepted custom and practice' eventually to the point that most people have forgotten or never been told the reason.

Obviously the comming of steam and thus trains crossing borders a couple of hundred years ago started to make things rather more complicated, because they had different gages or quickly became just to long to carry on making the gaps wider. Even today border crossings and trains are still causing problems[1].

But the history of the gaps also includes a safety factor. Many don't realise it untill they think about it but woods and forests change size and shape, rivers move, even rocks crumble and we now know that continents move. Thus how do you decide where a border realy is in a way that will last for even a thousand years and might be ten thousand years the way humanity clings to 'conventions of the past'.

Even with our own back yards we get very bitter sometimes violent neighbour disputes where one person takes an inch or two away from someone else by replacing a fence or wall. I leave it to others imaginations as to what could happen if one country stole an inch or two from another, as they say 'Wars have been fought over lesser things'.

[1] To some extent all vehicles and vessels cause problems at borders especially when crossing them. Europe which has lots of old Sovereign States had a long history of trade disputes and protectionism, hence we have lots of quite deliberate technical differences. Not just obvious things like which side of the road you drive on effecting cars and busses but the less obvious 'communications' technologies such as signalling systems,

https://www.railway-technology.com/features/feature116419/

No doubt one of the fall outs of the current trade war between the US and China will be another failed attempt at protectionism by technical means at the border. The fracas over 5G is shaping up nicely along these lines. But like all previous attempts it's doomed to fail fairly quickly for a whole variety of reasons, not least of which is technology evolves faster than legislation, because it is proactive, whilst legislation is often at best reactive.

1&1~=UmmFebruary 23, 2019 4:18 AM

@tazer2000:

"But of course, we dont live in a perfect platonic world, so we're left to deal in worldly conventions. It's humanities curse, I fear..."

Yup that's the short and the long of it all driven by what is now called 'competitive advantage' and it's oh so fleeting at the best of times.

When you think about it the only true immortality most have is through our children and so on down the line of their children, as long as they survive they carry us with them in part.

1&1~=UmmFebruary 23, 2019 5:05 AM

@Rach El:

"In France we have a name for people like this"

Similar in other countries but often it's not printable ;-)

@Wo:

"I am concerned about Nakasone's mention of the antivirus community when talking of forging partnerships in the private sector."

You would be wise to be worried. There is growing evidence that there is already to much influance on AV companies by the 'Cyber-agencies' of various governments.

In fact it is likely that 'cooperation' has been 'purchased' one way or another, and when that has failed as we have seen more blunt edged methods are used.

When you consider just how invasive some AV company products can be on a system, you quickly realise they are all but malware in name.

So it is probably fair to conclude that no AV companies products can be trusted.

Which gives rise to a question of 'How do we connect to the Internet safely?' to which the answer is 'we can not'.

As others have noted the option of 'Get off the grid entirely' is not one that many can take. However society has the notion of 'Private and Public' spaces and faces. Such a divide can be applied as a mitigation for computer usage, thus a computer for private activities and a computer for public activities. But that alone is insufficient, you also need to practice good seperation of private and public activities.

Thus you need to ask questions about your online activities. Such as 'Do I have to do Online banking?' well the answer is clearly no, just a decade or so ago nobody did. Likewise 'Do I have to do Online shopping?' again clearly not, but there are real advantages to being able to do so. Which in turn gives rise to the question of 'How do I do it safely?' to which the current answer is you can not do so without some difficulty. But if you put in the work you can, much to the annoyance of card issuers, banks and clearing houses who realy do not want you to do things safely, because that means extra cost to them, hence the difficulties they quite deliberatly put up.

You can find with a little initial effort that you can make changes to the way you do things, that will keep your private and public computing faces seperate. Just as the majority learn to do for social existance it's initially hard then natural behaviour.

But there is a down side, which effects those who can not afford to effectively seperate their computing faces. It's not just financial pressure but more frequently employment presssure and even that of social services. As has been seen with the US Revenue system their cost saving by effectively forcing people to go 'OnLine' to use their services has caused a massive rise in fraud. But are the US Revenue going to sort this out? Not realy they show little sign they are going to go back to safer ways, or do more than hand wave over the security failings of their OnLine systems.

Gerard van VoorenFebruary 23, 2019 5:52 AM

@ John Doe,

"What I am thinking is that on the Internet, all countries are now neighbours."

And we can all sing Imagine at and before Christmas.

The problem is that although you are right, there are people who think, well... a bit different. People like that 4 star general of this topic, who is very bright of course, but at the same time I wouldn't trust him to buy one of his cars.

To be honest, I kind of (although there was this big belief in me) that I "trusted" the current POTUS, but it turned out that he is an ignorant fool, just like all the others
since 1945 (with the exception of Carter, who at least did and still does have a common sense).

So, I think that the problem is with the voting.

Petre Peter February 23, 2019 2:01 PM

Defensive capabilities don't need to be hidden the same way attack capabilities do. Because cyber weapons can be easy to hide, i believe that w/o international agreement on disarmament, offense will always lead defense in cyberspace. However, only US and Germany have VEP.

tazer2000February 23, 2019 9:27 PM

"So, I think that the problem is with the voting." -Petre Peter

Educated voting in a democracy IS a good thing.
Uneducated voting in a democracy is NOT a good thing.

For the most part, people are irrational. They would rather vote based on who they'd like to have a beer with at the local pub, then the rational level headed stoic. Remember that whole pussy-gate Trump non-sense (Grab em by the genitals)?. This type of rhetoric does indeed offend many, but it also excites many too. "I want to be part of team pussy grab", A lot of people are vulnerable to this type of manipulation. It really was pure genius on Trumps part (Most likely his son-in-law) to plat this card. I cant remember which but either Plato or his pupil Aristole disliked democracy for this very reason. The average person caught up in their own life, has little time between work and family to educate themselves about the in's and out's of societal issues. Hence, they advocated for more of a republic/representitive type governance. Based on the dismal failure of the current educational system, it sure looks like things are going to get worse before they get better...

John CarterFebruary 24, 2019 2:57 PM

Oh dear.

At what point does "Persistent Engagement" shade over into "war without oversight"?

Wesley ParishFebruary 25, 2019 4:15 AM

Behind China and Russia are the Iranians and North Koreans, who are unique in demonstrating both capability and intent to strike us in cyberspace.
This struck me for the following reasons:

Obama apparently worked out a modus vivendi with the PRC during his time in office
China abandons cybersecurity truce with US
https://themalaysianreserve.com/2019/02/20/china-abandons-cybersecurity-truce-with-us/

(I had a brief insight a few days ago: if Obama was trying to channel JFK, Trump is trying to channel Reagan. FWVVLIW)

He's just given us a brief list of the four nations the US considers their primary opponents. Or in other words, he's confessed that the US cybercommand is actively targeting them. But we know that the US targeted Iran with Stuxnet a few years ago; I don't know if Iran had targeted anywhere in the US before then. And we don't know if the US had targeted North Korea before the North Koreans (allegedly) targeted Sony.

In other words, he's alleging carte blanche for anything. (Israeli peace activists call this pretaliation - we know they'll react if we poke them so we poke them to get a reaction so we can poke them again ... )

1&1~=UmmFebruary 25, 2019 9:31 AM

@Wesley Parish:

"And we don't know if the US had targeted North Korea before"

When you look at the accepted history of the US-v-NK you will find the US did attack NK with stuxnet it's self. It was known at the time of the original stuxnet attack[1]. Back in 2015 the US finally admitted they had tried it and it had failed some years later,

https://www.theguardian.com/world/2015/may/29/us-stuxnet-cyber-attack-north-korea-failure

Both Iran and the apptly called 'Hermit Kingdom' of North Korea were developing not just the centrifuge technology independently but in a technology swap deal with each other. The US saw this as the only "route in" to the "Hermit Kingdom" right into the heart of the NK nuclear program. Where the US had no other real hope of getting, so they took it.

But importantly the US Intel on NK was apparently out of date by the time stuxnet was ready to be deployed. As NK had apparently moved on from a particular European manufactured Industrial Control System (ICS) and A.Q.Khan code, or their computer security was well above that of the US not just the Iranians. Which as stuxnet infections showed up around the Far East suggests either the US were also trying other routes or that stuxnet had somehow escaped in that area.

Thus shortly after stuxnet hit the news and became US MSM Prime Time, NK called the US for the weak hand it had played. NK very supprisingly called in the UN Inspectors to show them previously unknown halls of gleaming new centrifuges all working away, but would not let the UN inspectors anywhere near the control systems, as they knew how the US had got the malware into Iran (via UN inspectors thumb drives).

So yes without any doubt the US had cyber-attacked North Korea, and North Korea made it very clear to the US that they knew it, and importantly had repelled it. What is less clear is that this apparently goaded the US into a whole series of other attacks that went through China as well that likewise failed. This came back to haunt the CIA as Iran and China worked out the CIA supposadly covert agent communications system and used it against CIA 'methods' and more importantly 'sources' now presumed executed.

As for what North Korea may or may not have done in return by way of cyber-attack there is little that they could have done from their home soil. Because there were only two Internet paths into NK one of which was through China and it's safe to assume not just China but the Five Eyes SigInt entities were all over these two paths. Whilst that largely kept the US out of NK it also acted like a bottle neck keeping NK based cyber security personnel activities in NK. Thus the argument that NK have 7000 personnel in NK directly attacking the West etc is a little unlikely[3].

It smacks of good old US 'Cold War' appropriations tactics of claiming the Soviet front line forces were immense compared to those of the West by counting all Soviet personnel as 'front line' whilst only counting a few of the Wests armed forces as 'front line'. Brown University and the Naval War College in Newport, Rhode Island have an expert on the subject[2] from the Soviet perspective as the engineering trained Prof Dr Sergei Khrushchev's father was the Soviet premier he took Sergei around as a technical advisor to much that was secret development and also intelligence related.

The US has been shown to make either unsubstantiated or probably suspect if not false claims in the more recent past. Which should have become clear to all when those US IC 'False Flag' tools got revealed.

Back in Ronald Reagan's time and before when the US made a major diplomatic accusation it was backed by the evidence from the US IC entities also being shown. During the Obama terms accusations became common but they were not backed by evidence from the US ICs in any way. What we got was supposition from various supposadly independent computer security companies, that used each others suppositions untested to make further claims. Thus the whole claims were in effect a 'card house' with no reliable foundations at best. With a distinct probability the foundations were a compleate fabrication by use of the 'false flag' tools.

So we have little or no actuall evidence[4] that North Korea has done what the US and it's MSM claims. But we have the US actually confirming some small part of the attacks it has made against North Korea... Which if you think about it is a very odd situation to be in, which is why I guess some people have difficulty coming to terms with it.

But your suggestion of,

"we know they'll react if we poke them so we poke them to get a reaction so we can poke them again "

Is actually not new, the US war hawks have been trying to provoke North Korea with live fire war games, permanent occupation by US troops and technology in South Korea and various other seamingly wild accusations (GPS take over of SK aircraft, attacking SK banking systems and much more). All since the Korean War Cease Fire getting on for seven decades ago. Oh and remember during the Korean War when the US were pushed back virtually into the sea the commander in the field demanded nukes for use against the northern forces...

[1] Much of this is actually given in some detail on this blog at the time of the stuxnet attack becoming public.

[2] https://en.m.wikipedia.org/wiki/Sergei_Khrushchev

[3] Whilst it is possible NK has cyber-attack agents tucked away in other countries it would actually be very few not even a hundred let alone 7000 due to the support issues involved. Also you would have expected defections. Such attack skills would be highly valuable thus such agents are assured not just of a warm welcome from Western IC agencies for defecting, they would also have good job prospects as well. We would have got to hear about any such defections that the US war hawks or politicians became aware of as they have proved they just can not stop their gums flapping in public and burning assets is no problem for them.

[4] Not that you would realy expect anything other than vaguely indicative information from a technical only 'method' as it's so easy to fabricate. After all if you can break into a computer system to get evidence then anyone at or above your skill level can break in and plant that evidence, so it's value is actually minimal. What you realy need is HumInt 'sources' or similar. Often this needs 'boots on the ground' but there are other ways if your targets security is lax. Due to the US Politicos flapping their gums we know that both the Dutch and Israeli SigInt agencies were using the lax security to get, key strokes, audio and video from the computers that were being used to carry out various suspect activities. The fact that the laxness that allowed this HumInt to be gathered is very easily avoided is now known to the world so the US has 'burnt' those methods. Which is also interesting because it suggests that the US SigInt agencies were not using them otherwise they would not alow them to be burned...

bttbFebruary 26, 2019 2:57 PM

From https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html :

"The U.S. military blocked Internet access to an infamous Russian entity seeking to sow discord among Americans during the 2018 midterms, several U.S. officials said, a warning that the Kremlin’s operations against the United States are not cost-free.

The strike on the Internet Research Agency [IRA] in St. Petersburg, a company underwritten by an oligarch close to President Vladi­mir Putin, was part of the first offensive cyber campaign against Russia designed to thwart attempts to interfere with a U.S. election, the officials said.

“They basically took the IRA offline,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss classified information.

[...]

The disruption to the Internet Research Agency’s networks took place as Americans went to the polls and a day or so afterward — as the votes were tallied, to prevent the Russians from mounting a disinformation campaign that casts doubt on the results, according to officials.

[...]

The operation ... was led by Gen. Paul Nakasone [ Commander, U.S. Cyber Command and Director, National Security Agency ], who in July formed the Russia Small Group, made up of 75 to 80 personnel from CyberCom and NSA, which are part of the Defense Department.

[...]

The calculus for us here was that you’re just pushing back in the same way that the adversary has for years,” a second defense official said. “It’s not escalatory. In fact, we’re finally in the game.”

But other officials are more circumspect.

“Causing consternation or throwing sand in the gears may raise the cost of engaging in nefarious activities, but it is not going to cause a nation state to just drop their election interference or their malign influence in general,” said a third official. “It’s not going to convince the decision-maker at the top.”

The operation also was the first real test of CyberCom’s new strategy of “persistent engagement” issued in April, which involved continually confronting the adversary and information sharing with partners. CyberCom in fall 2018 sent troops to Monte­negro, Macedonia and Ukraine to help shore up their network defenses, and the Americans were able to obtain unfamiliar malware samples that private security researchers traced to the GRU, according to officials

The Cyber Command campaign also was part of what Nakasone has described in an interview with Joint Force Quarterly as “acting outside our borders, being outside our networks, to ensure that we understand what our adversaries are doing.”"

Shih-Chin YangFebruary 28, 2019 8:12 AM

Sadly, the war had already begun, even on an average site. It is naive not to act proactively. We could only hope that Atomic Bomb is not triggered, then everyone knows how danger cyberwar is.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.