Cyberspace Cooperation

The Global Cooperation in Cyberspace Initiative seeks to reduce conflict, crime and other disruptions in cyberspace and promote stability, innovation and inclusion.

Learn More

A Measure of Restraint in Cyberspace

In a report introduced by Nobel Peace Laureate Mohamed ElBaradei, the EastWest Institute urges all parties to commit themselves to making civilian nuclear facilities off limits for cyber attacks. 

A Measure of Restraint in Cyberspace: Reducing Risk to Civilian Nuclear Assets, released today at the Munich Security Conference by EWI President John Mroz, proposes four specific steps to limit the use of cyber weapons during peacetime. 

According to EWI Senior Vice President and former Homeland Security cyber official Bruce McConnell, “Given the potential risks to humanity and the planet, nations should refrain from attacking civilian nuclear assets using cyber weapons. It’s a concrete step to advance peace in cyberspace.”

McConnell and EWI co-authors Greg Austin, Nadiya Kostyuk and Eric Cappon argue that the four steps will insulate these peaceful assets from attack while a more comprehensive approach to the cyber arms race evolves. Anatoly Streltsov of Moscow State University’s Information Security Institute writes the report’s afterword, which includes additional recommendations.

“The EastWest Institute takes a refreshingly direct approach, drawing on the successful experiences of global arms control negotiations in non-cyber arenas,” ElBaradei, former director general of the International Atomic Energy Agency, states in the preface. “I recommend this report to the delegates of the 2014 Nuclear Security Summit in The Hague this March.” 

_

Return to EWI Now

Greg Austin Writes on U.S.-China Information Warfare

Greg Austin, professorial fellow at EWI, writes for The Globalist on "Terabyte Leaks and Political Legitimacy in the U.S. and China." While information leaks have historically been a source of political power, a new breed of massive cyber leaks poses global risks. 

Read the full piece here on The Globalist

Terabyte Leaks and Political Legitimacy in the U.S. and China

What the brave new world of global information warfare means for political and business elites everywhere.

The “leaking” of information is a time-honored tactic to undermine the legitimacy of a political opponent or a policy. Sir Winston Churchill relied on it during the run-up to World War II to attack what he saw as weak British responses to German rearmament.

Ever the master of using information and disinformation, he would use question time in the parliament to reveal morsels of secret information. As part of an embarrassment strategy, these were drawn from UK intelligence assessments of Germany’s military build-up and from UK policy planning documents.

At another level, the sustained control of information has always been viewed as central to political power. The totalitarian governments of the 20th century were among the best practitioners. The term propaganda came to symbolize this technique of political control of information.

Leaks and global governance

In such a governance frame, the idea of a strategic leak has always been one of a slow trickle of pieces of information. Meanwhile, the event itself or the process in question was unlikely to undermine the power of a determined state propaganda machine.

But now the old style of a steady flow of bit-by-bit “leaks” may be passing into history. Welcome to the brave new world of avalanche-like leaks, where the unauthorized release of secrets has moved from a trickle to a virtual flood.

And now, that flood has even biblical proportions. Wikileaks has been a manifestation of the changing times. All that is required is having a suitable platform to release those occasional floods of secret information.

In publishing 251,287 diplomatic cables from the U.S. government, the Wikileaks website provided a sustained embarrassment to the United States.

Wikileaks is passing into history

While there were temporary setbacks, the leaks did not shake the government to its core—or bring about the end of any political career. The total file size of the entire package of leaked cables was less than two gigabytes (2 billion bytes).

But Wikileaks is passing into history. By comparison, on some estimates, Edward Snowden took from the NSA 2,000 times as much information (4 terabytes, or 8 trillion bytes).

This did shake the United States government to the core. It did so not because Snowden revealed unusual activities that were not previously contemplated. The surprise lay in the scale of activity for which the U.S. government was fingered. That stunned people around the globe, foreigners first and, remarkably, American citizens later.

Leaks and legitimacy

The terabyte leaks of Snowden raised serious questions about the capacity of the United States government at a high political level: Can it contain the enormous technological potential of its own machines as well as the officials and managers who operate them?

The issue is not just one of basic constitutional rights. It also immediately raises questions of the moral legitimacy of government. The contest over whether Snowden’s acts were heroic or traitorous speaks to the depth of his impact on the legitimacy of the Obama administration.

That was June 2013. Within just seven short months, the wheel has turned again. The numbers have become even more staggering and the political environment around information security has become more chaotic as a result.

As the absolute size of the “leaks” is growing, it seems there will be growing threats to political legitimacy not really imaginable in earlier days.

China’s Snowden moment

Just as Wikileaks shook the US government to its core, China is now facing a similar seismic event.

This has been particularly visible in reports this week analyzing 2.5 million leaked files from offshore tax havens in the British Virgin Islands and the Cook Islands.

The leaks in question occurred more than a year ago and led to rapid adjustments in many tax jurisdictions to close loopholes highlighted by particular cases in the leaked documents.

But the sheer volume of the material meant that it has taken a team of more than 50 journalists worldwide over a year to start to see the totality of the files in a way that speaks very directly to bigger issues of political legitimacy.

As one might expect of journalists, to address the way these leaks threaten political legitimacy, they chose a prime news target: China’s ruling Communist Party and its wealthiest entrepreneurs.

In these tax havens, the International Consortium of Investigative Journalists (ICIJ) has identified 22,000 separate clients residing in China (including Hong Kong) who held offshore accounts. These are included in a database accessible through the ICIJ website.

The “red nobility” goes fishing

Their reports on China this week highlight the wealth and offshore trading of China’s “red nobility”, descendants or relatives of former or current Chinese leaders. There are no smoking guns revealed in the ICIJ reports on China so far, but there is no doubting the political sensitivity of the leaks.

To be sure, China’s internet censors have blocked all access in China to the database webpage and almost all access to the reports.

International media have correctly pointed out the link between this sort of information leak and the cases in 2012 of reports on the personal wealth of the extended family members of Wen Jiabao (then the Prime Minister) and Xi Jinping (then the named successor as Communist Party Secretary General).

Yet, the bigger story is not in the specifics of even these two notable families, but rather in the new phenomenon that the ICIJ database and its information sources represent.

Credibility at stake

Even if the Chinese offshore accounts are not illegal, many will be in some way connected with corrupt activity. Either way, the available data is so extensive and so unfamiliar to most Chinese citizens that it puts the credibility of the entire Chinese ruling elite in play. It does not matter whether this is elaborated in broad daylight or not.

Behind the scenes in China, the leaders have moved aggressively to shore up cyber security arrangements affecting their personal lives. But all indications are that this is an exercise doomed to failure.

There is now no single issue more sensitive in China than internet reporting on the leaders. Nor is there a topic of more public interest which, depending on your viewpoint, may either be curious or predictable for a formerly very closed society.

To counteract that imminent threat, China’s leadership has tried the route of technical surveillance by any means and of anyone.

Internet terror, anyone?

The term “internet terror” is used in newspapers in China to describe the practice of using leaked information to affect political careers and personal lives. The leaders now know that it affects them, and their hold on power, as well.

They fear the near certainty that there is a Chinese Edward Snowden out there who will deliver an even greater information catastrophe to them.

They also fear that one day soon, the U.S. intelligence community, with its massive cyber surveillance capability, will link up with investigative journalists or other activists to publish sensitive information about the leaders on such a scale that the Community Party itself will be discredited almost overnight.

They have images from 1989 in their minds: the Tiananmen protests and the collapse of Communist Parties in Eastern Europe. Now they fear the next wave of resistance will occur online.

Indeed, the U.S. government in 2010 offered funding for Falun Gong internet activity against the Chinese government.

Welcome to the info wars

These considerations give rise to a possible process of action and reaction. This mix of insecurity and conjecture could possibly lead to an information war.

The Chinese Foreign Ministry has already called into question the motives of the ICIJ, meaning a presumption that they are trying to dismantle Party legitimacy in China. As the terabyte leaks affecting China’s political class accumulate, the leaders’ insecurity will also increase.

One thing is for sure: The international information wars are moving to new levels. Issues of ethics and legitimacy long considered settled are now at risk in novel ways either because of the very large scale of leaks themselves or the scale they can take on through new internet-based media.

In the end, we may hope that liberal democracy—as in rule by the people in an atmosphere of personal freedom—can be the ultimate victor. But those who study the new technologies and politics, including in China, do not see that as inevitable.

Photo Credit: JoshuaDavisPhotography

Baer Reviews Cybersecurity and Cyberwar: What Everyone Needs To Know

EWI Fellow Merritt Baer reviews the new book Cybersecurity and Cyberwar: What Everyone Needs To Know, by Peter W. Singer and Allan Friedman, as a guest blogger on Think Progress

In writing Cybersecurity and Cyberwar: What Everyone Needs To Know, authors Peter W. Singer and Allan Friedman do what few cybersecurity and war scholars do: They tie together the history of the generative Internet, and its foundations in curiosity and experimentation, with the politico-military cyber security community housed in government. They connect the dots between technological traits and their insecurities. And they tell the stories of the people, not just the machines.

In the book, Singer and Friedman break down to building blocks what Internet and the World Wide Web are made of, then use those to build back up to sophisticated concepts and information.

“[T]oo often,” they write, “we bundle together lots of unlike things” that simply happen in or relate to cyberspace. In one illustrative point, the authors quote a “high Pentagon official” using the phrase “all this cyber stuff.” Even those responsible for enacting cybersecurity—or educating others in it—do not distinguish between different types of cyber activities when they talk about cybersecurity. But the variety of things that fall under the ‘cybersecurity’ umbrella is staggering, ranging from mundane email spam to nation-state level intellectual property theft, from dissidents in online message boards to organized larceny.

Indeed, so much has been written about and speculated on when it comes to cyberwar, but we have not agreed on what cyberwar will look like when we see it. Despite the doomsday hype we lend to cyber attacks, we haven’t seen the most potent form of cyber violence. Not a single person is dead from a cyber attack. “Cyber terrorists” are not simply terrorists who use the Internet, just as using electronic medical records does not make one a “cyber doctor.”

Singer and Friedman turn to one particular cyber attack to make this point. Stuxnet—the sophisticated cyber weapon that targeted Iranian centrifuges while also reporting back to the operator that all was functioning as usual—operated on a fair amount of “ethicality,” the authors point out.

Its worth noting, of course, that Stuxnet infected computers in more than ten countries including the United States. Some of its effects seem to have been sufficiently targeted, but we don’t know the extent of potential effects. And Singer and Friedman do point out that future cyber weapons would possibly not be so “ethical.”

At its core, Cybersecurity and Cyberwar makes the point that cybersecurity risk is human risk. Singer and Friedman show that cybersecurity is not to be compartmentalized, and vulnerabilities spring from the same characteristics that make a technology useful. It doesn’t always play out as the developer creating something, a hacker to penetrating it, and law enforcement or government shutting it down. Some security vulnerabilities were discovered by curious, well-intentioned explorers, and some patches were created by the hacker community. The Morris Worm was famously created by a Cornell grad student trying to find out how big the Internet was.

 

Arise Review Interviews Bruce McConnell on Cyber Surveillance

Bruce McConnell, senior vice president at the EastWest Institute, discussed recent U.S. cyber surveillance developments on Arise Review. McConnell shared his thoughts on the NSA, Edward Snowden, constitutional rights and President Obama's response regarding spying concerns. 

"We expect governments to provide safety, security and stability, but government today is one of the main sources of insecurity and instability in cyberspace."

Source
Source: 
Arise News: Arise Review

Resetting the System

The EastWest Institute has released a new discussion paper, Resetting the System: Why Highly Secure Computing Should Be the Priority of Cybersecurity Policies, which calls for a radically new approach to countering the vast and still growing array of today’s cyber threats.

Authors Greg Austin, professorial fellow at EWI, and Sandro Gaycken, senior researcher in computer science at the Free University of Berlin, outline specific steps to be taken to protect Internet infrastructures around the globe.

“We call for a new ecology of cybersecurity. It is based on the disruptive concept of highly secure computing, which relies primarily on much stronger passive security measures, independent of attack attribution,” they write. “This approach also helps to preserve freedom and privacy.”

Austin added: “The time has come for government and commercial customers to work with industry to set much higher standards for the security of software products, computers and IT services to reduce the potential exposure of citizens and businesses to serious intrusions on privacy or high risk damages.” 

According to Gaycken, “Highly secure computing could help ease the tensions created by the current prevalent active defense approaches of several leading countries. We have to find a new common path.” 

To start on that new path, governments need to work together more than they have up till now. “They should cooperate internationally to realize this new paradigm quickly and before high-end cyber attackers inflict more serious damage,” the report concludes.

Resetting the System offers bold recommendations, but admits that the necessary changes are expensive and the traditionally free, mostly unregulated market may balk at some of them. Governments can create the incentives for this new approach to cybersecurity, but the private sector will need to take the lead in implementing them.

To download the report, click here. To comment on the report, click here.

_

Writing for CIO Insight, Karen Frenkel summarizes the key findings of Resetting the System in an engaging slideshow. Click here to view. 

Greg Austin advocates Resetting the System in The Globalist

Return to EWI Now

Businesses, Governments and Consumers Must Work Together to Secure Cyberspace

Cybersecurity demands cooperation from all sectors and all users, said leaders from businesses and governments at an EastWest Institute dinner in Dallas. A panel of experts called on all parties to share information and coordinate efforts to reap the benefits of the digital economy while avoiding its dangers.

"Cybersecurity is the responsibility of everyone," said Teri Takai, California's Chief Information Officer. "The most critical threat is us. We have to be sure that we're using the technology correctly and we're protecting it."

A crucial issue is attribution, according to Michael Dell, Chairman and Chief Executive Officer of Dell, Inc. "We have an enormous number of bad actors who are able to be completely anonymous," he said. "Can you think of any secure system where people can operate anonymously?"

Both public and private sectors have a critical role to play to secure cyberspace, the panel suggested. "Industry has a responsibility to share its best practices," said Melissa Hathaway, former Acting Senior Director for Cyberspace on the U.S. National Security Council, while Dell stressed the need for public sector leadership. "It's not a decision for any individual or a business to make," he said. "It's a societal decision."

Phillip Reitinger, Deputy Undersecretary at the Department of Homeland Security, emphasized the need for a longer-term focus on the issue. "I fear that we're going to let the urgent overtake the critical," he said, arguing for a thoughtful, sustained cybersecurity initiative.

Dell echoed the need to avoid knee-jerk policies. "It's important not to demonize the technology," he said. "The vast majority of people using the Internet are good people."

Panelists agreed that the consequences of inaction are dire. "If we let our attention waver for a second, we will be in a world of hurt -- now and in the future," said Reitinger.

Pages

Subscribe to RSS - Cyberspace Cooperation