Wednesday, October 19, 2016

Biden's Cyber Threats Guarantee Cyber-Attack Proliferation

By Philip Barton and Rachel Ehrenfeld @ American Center for Democracy

Last week, the Obama administration officially charged Russia with hacking into the servers of Democratic presidential candidate Hillary Clinton,  her aids, and the Democratic National Committee. It offered no evidence. The announcement declared a "Cyber War" on alleged enemies, and tasked the CIA to initiate a "wide-ranging "clandestine" cyber operation designed to harass and "embarrass" the Kremlin leadership." On NBC's "Meet the Press" Vice President Joe Biden declared the Obama administration "is contemplating an unprecedented cyber covert action." However, the policy that offensive cyber war was the US mode of engagement has been in place already for five years.


US Cyber Attack Imminent: Biden threatens Putin with 'retaliation'

The Administration has intensified this "cyber war" consistently during the Obama second term. But like military operations, more engagement has led to a proliferation of cyber wars and cyber warfare actors. The official policy that 'cyber war equals war' was issued by the White House in 2011 in the final, published strategy, which stated that: "When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means - diplomatic, informational, military, and economic - as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests."

In December 2005, the US Air Force declared a new mission:"to deliver sovereign options for the defense of the United States of America and its global interests - to fly and fight in air, space and cyberspace." This policy of state-sponsored cyber warfare became institutionalized in 2006, when Marine General "Hoss" Cartwright proposed to President Bush to launch Operation Olympic Games against Iran. To disrupt its network of uranium enrichment centrifuges at the Natanz facility, the Gen. proposed using an Israeli-US designed industrial controller virus called Stuxnet. This attack was made public only in June 2013, when the Justice Department security leak investigation was exposed. However, the computer security industry learned of the virus in mid 2009, when it leaked into the internet and an early decoder, Ralph Langner, called Stuxnet "a playbook (which has) legitimized a new form of industrial warfare." Not surprisingly, South Korea and England created cyber-warfare unit in 2009, China established its own units in 2010, and other nations in the subsequent years.

Cyber-warfare targeted additional critical infrastructure resources during the summer of 2012, when Saudi Aramco and Qatari RasGas production controllers and system management computers were wiped clean by a virus called "Shamoon" of unattributed origin.

Late that fall, Secretary of Defense Leon Panetta warned of a Cyber Pearl Harbor in a New York dinner as he detailed the utter devastation of Shamoon. But, interestingly, Panetta warned that the Shamoon incidents "renewed concerns about still more destructive scenarios that could unfold" against both the US Government and American companies - "imagine the impact an attack like this would have on your company." In August 2012, Panetta asserted a major change in U.S. defense policy. This included new rules of engagement for cyberwarfare, which extended the Pentagon's role to defending private-sector computers against a major attack.

The coincidence of this leak investigation and the announcement of a "global" cyberwarfare policy by the Chairman of the Joint Chiefs Martin Dempsey, is uncanny. According to the New York Times reported: "globally, new regulations were needed to govern actions by the world community in cyberspace. He [Dampsey] said that the Chinese did not believe that hacking American systems violated any rules, since no rules existed." At this stage, Dempsey segregated cyber intelligence and cyber warfare (the "dual-hat" structure) but, without fanfare, declared "defensive blocking" operations would be complimented by offensive operations, if so ordered by the President. This diktat, of course, is a violation of the War Powers Clause, Article 1, Section 8, Clause 11, which empowers ONLY Congress to declare war. Remember, in 2012-2014, the Chinese were the cyber-enemy.

But the Stuxnet investigator, Ralph Langner, explained at a Brookings Institution speech that, "Cyberweapons proliferate by use, as we see in the case of Stuxnet, Several months or weeks or a year later, the code is available on the Internet for dissection by anyone who has the motivation or money to do so." Indeed, over the past five years, banks and other financial institutions have been flooded with viruses and hack attacks, and much of this malware is being securely downloaded from supposedly secure sites to client computers (2m attacks on bank accounts, 800M overall attacks in 2015, according to Kaspersky Lab). In 2012, Kaspersky found a cyber surveillance virus designed to hack banking transactions, stealing login information for social networks, email and instant messaging in the Middle East - specifically targeting Lebanon's BlomBank, ByblosBank, Credit Libanais, Citibank and eBay's Paypal online payment system. Researchers confirmed that this virus was conducting surveillance on banking transactions and being used to steal money out of targeted accounts. This new virus called Gauss , related to Stuxnet, Flame and Duqu, yet a more sophisticated, state-sponsored cyber-espionage tool. Researchers from the security software manufacturer Symantec Corp, confirm Kaspersky Lab's summation that Gauss is related to previous government-created cyber warfare viruses.

Kapersky Lab stated: "After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory.' All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations."

And now the threat is systemic. Kansas City Federal Reserve President Esther George stated last week that the whole payments system is under risk and she warned that the growing threats were undermining public confidence in the system. "We must keep pace with the rapidly evolving and expanding risks that threaten the payments ecosystem." But According to WIRED, the breaches are already exposed. For example, hackers stole $81M from the New York Federal Reserve in February 2016 through the SWIFT international payments network (the banking system's backbone).

In reaction to Biden threatening a cyber attack, Russian President Putin remarked, that such threats do not "meet the standards of international communication... Too bad that based on the current [US] internal political problems, Russia-US relations are being sacrificed. This actually destroys international relations in general."

Stay tuned. ```

*Philip Barton MBA, CFA is an ACD fellow and Rachel Ehrenfeld is the Director of ACD

No comments: