Thursday, June 27, 2013

President Obama Redefines Cyber Espionage

Charlie Rose recently interviewed President Obama regarding his latest discussions with Chinese leaders around cyber espionage: what is acceptable espionage and what is out-of-bounds.

BARACK OBAMA: Every country in the world, large and small, engages in intelligence gathering and that is an occasional source of tension but is generally practiced within bounds. There is a big difference between China wanting to figure out how can they find out what my talking points are when I’m meeting with the Japanese which is standard fare …There’s a big difference between that and a hacker directly connected with the Chinese government or the Chinese military breaking into Apple’s software systems to see if they can obtain the designs for the latest Apple product. That’s theft. And we can’t tolerate that [1][2].

This is really a thin slice of distinction. Philosophically, I understand the argument but I find it leaves a bad taste in my mouth when I try to think about how it will apply to the U.S. and the world when all of us try to apply it to everyday business. Does that add an eighth link in the Kill Chain [4]? After we notice the Chinese exfiltrating documents from our networks, do we have to assess whether or not the documents are talking points (which are OK as being in-bounds) or Intellectual Property (which is not OK because it is theft)? 

As we all know, espionage between countries has been going on since man figured out how to make governments. From the beginning, it has been something that a country does as a matter of course and something that a country expects its enemies and allies to do against them. But it has never been tolerated. If spies are discovered, their fate is normally not good. At the least, they are summarily banned from the country. At the worst, they are tortured and killed [3].

The Internet has made it possible to conduct espionage operations from a relatively safe distance. Countries still have to do that up close and personal stuff, but Cyber Espionage has really opened the door to almost-safe espionage. Until now, there has been no threat to a country that conducts these operations; no banishment of cyber spies and no torture or assassination. But if President Obama draws the line between intellectual property theft and other kinds of information stealing, you have to ask yourself what he is willing to do if somebody crosses the line.

The good news here is that World Leadership is starting to have the conversation. Five years ago, that would have been unthinkable. Besides this discussion, President Obama also agreed to share Threat Indicator information with the Russians and to establish a Cyber “Hot-Line” between the US cyber-security coordinator and the deputy secretary of the Russian Security Council [5]. Ironically, the greediness of the Chinese Cyber Espionage effort drove the attention of other world leaders to this topic. If the Chinese would have throttled back a bit on their voluminous cyber intelligence gathering machine, this topic might have stayed underwater for a long time. I have to believe though that having these discussions at a very high level can only result in a better world-cyber-security environment. This is just the beginning and we have a long way to go. Time will tell.

In the meantime, we have a new line. It is acceptable for a government to conduct traditional espionage via a cyber-tradecraft, but it is not acceptable to use that same cyber-tradecraft to steal intellectual property. I am still trying to get my head around that.

Sources:

[1] "President Obama Is Right On US-China Hacking," by Richard Bejtlich, TaoSecurity, 18 June 2013, Last Visited 27 June 2013

[2] "Obama: Blunt Conversation With China on Hacking," by Bloomberg TV, 18 June 2013, Last Visited 27 June 2013
http://www.bloomberg.com/video/obama-blunt-conversation-with-china-on-hacking-EvHIfGSCRsGYoAVpMiuCmA.html

[3] "Espionage and Covert Operations: A Global History," by Professor Vejas Gabriel Liulevicius, University of Tennessee, Last Visited 27 June 2013
http://www.thegreatcourses.com/tgc/courses/course_detail.aspx?cid=8922

[4] “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," by Hutchins, Cloppert, Amin, Lockheed Martin, October 2011, Last Visited 6 June 2013

[5] "US, Russia to Share Cyber-Security Data to Defend Critical Systems, Avoid Cyber-War," by Fahmida Y. Rashid, PC Magazine, 19 June 2013, Last Visited 27 June 2013

No comments:

Post a Comment