In response to news that the secret records of more than 22 million Americans have been breached, possibly by attackers from China, you may have heard the loaded term being used to describe the unprecedented attack.
“Why are we ignoring a cyber Pearl Harbor?” a conservative columnist asked.
F-Secure Security Advisor Sean Sullivan joined other experts in explaining that while the Office of Personnel Management hack was a very big deal, it’s hyperbole to call it an act of war.
Sean argues that the term cyber war should be limited to cyber weapons that cause actual physical damage. It would have to break the so-called “kinetic barrier“.
There is no international treaty that defines online rules of engagement but he points to NATO’s Tallinn Manual on the International Law Applicable to Cyber Warfare, which attempts to apply existing laws to cyber warfare.
Cyber attacks present an even more vexing challenge in attributing the author of an attack than stateless terrorism. But regardless the author, any cyber attacks on a hospital, for instance, would be illegal under existing law.
Sullivan sees the OPM hack as more likely to be part of another governmental activity that predates the internet: espionage.
“Espionage can be a part of warfare, if you think they’re gathering that information for military defense purposes,” he said. “Or it can be counterintelligence.”
He suggests the OPM hack data could be used to find which Americans are, for instance, not working on diplomatic mission and thus might be intelligence. He notes that former NSA contractor Edward Snowden briefly worked at a U.S. embassy. The lack of a background check in that instance could suggest that he was working as a spy under a false identity.
There’s a difference between war and warfare, Sean notes.
“It could be China is interested in defensive capabilities,” he said. “It’s an aspect of warfare. It’s not war.”
If it were to transgress to the level of war, the results would be severe.
“We can assume that China is a rational actor,” Sean said. “It wants world power without wrecking the world economy. Military posturing is more likely.”
He suggests that the U.S. should be much more concerned about the protection of all of its digital data.
“I guarantee you that the IRS’ records are just as vulnerable,” he said, suggesting that the one thing that may be keeping taxpayers’ records safe is the government’s tendency to rely upon dated technology like magnetic tape.
And at least some powerful U.S. officials agree that more must be done to secure America’s private information. But don’t expect them to be satisfied with the same sort of restricted networks the private sector relies upon.
A bipartisan coalition of senators are backing new legislation that would give the Homeland Security secretary the authority “to detect intrusions on .gov domains and take steps similar to what the National Security Agency can do with the Pentagon,” according to Roll Call.
Ah, so more powers for the NSA.
Isn’t that always the endgame these days when the language of war being tossed around?
[Image by U.S. Naval War College | Flickr]
To commemorate F-Secure’s 30th year of innovation, we’re profiling 30 of our fellows from our more than…
July 12, 2018