Bruce Schneier speaks here on the concept of cyber warfare, the way it might impact the world, and explains why cyber war rhetoric is destabilizing.
The third threat I want to talk about is “The cyber war arms race”.
And by this I don’t mean the threat of cyber war. I mean the threat of cyber war rhetoric, and the effects of cyber war rhetoric. We are right now in the early years of a cyber war arms race, and it is fundamentally destabilizing. And it will get worse.
Lots of countries are building cyber war capabilities. There is lots of cyber war rhetoric out there. Do Google searches – you can search for not just ‘cyber war’, but ‘cyber Pearl Harbors’, ‘cyber 911’, ‘cyber Katrina’, my favorite is ‘cyber Armageddon’. And you will find articles talking about how vulnerable everything is, and how important it is for the military to get involved. And the military is getting involved: U.S., China, Russia, NATO, UK – all these countries are building cyber weapons. And we’ve seen some examples.
On the defensive side, there is lots of talk of the military taking over some forms of cyber security. Right now, General Keith B. Alexander is agitating in Congress, in the Senate that the NSA needs to be in charge of cyber security for the power backbone (electrical backbone), the Internet backbone. We are seeing some offensive capabilities: Stuxnet is the first example we’ve seen of a military-grade cyber weapon. And it’s actually quite impressive.
The ways arms races work is they are fueled by the ignorance and fear. You don’t know the capabilities of the other side, so you assume the worst and you build accordingly. The other side does the same thing. And the result is that cyber weapons start ratcheting up. And like nuclear weapons, this is destabilizing. It’s possibly more destabilizing, I mean it is certainly not as devastating, but there is more of a chance that the bad thing will happen.
Seymour Hersh – he is an investigative reporter for “The New Yorker”, has done a lot of writing about cyber war policy in the U.S. mostly, some in China. And his finds is that there are things being done in terms of preparing for cyber war that are potentially dangerous.
You remember, during the ‘Cold war’ we used to fly planes over the Soviet Union in an effort to get them to turn their air defense systems on so that we could map them and figure out the capabilities. Well, we are all doing that in cyber space. We are penetrating each other’s networks, we are looking for vulnerabilities, we are, as Hersh believes, leaving logic bombs that we might wanna trigger later. And this doctrine is known as ‘Preparing the battlefield’.
Now, this is worrisome. As you do these things, these vaguely offensive actions, there is always the chance that you’re gonna trip something by mistake, there is always the chance that your logic bomb you leave will go off, that you’ll do some damage inadvertently.
But this kind of stuff is happening, and it’s happening at a lower command level, they may not be as wise. I’d like to see the President sign off in all these operations. But that doesn’t seem to be happening.
What’s going on here? It is fueled a lot by military contractors – there is a lot of money here; by government; by military. And the result is going to be, again, less security.
So those are my three risks:
So, what does this all mean? For us it means that a lot of our serious Internet problems are not being worked on within our community. All of those examples are interest groups from the outside, trying to impose their solutions on us.
You remember the SOPA/PIPA – battle of the last year? That was an example of the entertainment industry trying to really destroy part of the Internet in an effort to save their business model. And the reason we’ve won that is not because we blacked out Wikipedia, and everyone couldn’t do their homework and they all complained to their congressmen. It’s because we had lobbyists on our side, big data: Google was on our side in that battle. So we’ve won that.
These arguments happen not in the tech community but in the political and the economic community. And there it’s more about power and money than being right. And that’s hard for us. We are used to technical excellence, we are used to figuring out the solution – that’s not the way it works out there.
And we really have to get savvy in politics if we are going to keep the Internet.
In the coming decades, the biggest threats to the Internet are not coming from criminals. They are coming from organizations who have seen the Internet and want to shape it the ways that we might not like.
This is ‘Layer 8’, this is ‘Layer 9’ – economical layer and political layer, and we need to get smart about it. There aren’t lobbyists for common sense, there aren’t lobbyists for technical excellence. The right won’t necessarily win. And if we’re gonna win – we have to fight. And the SOPA/PIPA was a great example of what we can do.