Home » Other
Category Archives: Other
Americans really don’t get the Russians. We are a people who pride themselves on divided government, openness, and the exposure of corruption – almost to the point of obsession. The Internet has allowed those truly American attitudes an even greater sway in the its body politic. Now, everyone can be their own “loudspeaker of truth.” In Russia, the story is quite the opposite.
Russia has a 500-year history of oppression from their “leadership.” It started with Czar Ivan the Terrible and continues today under Czar Vladimir the First. Russia is country run by central control; a state that views opposition as criminal and traitorous. And one of the most important parts of state power is controlling what people “think” through the information they are provided.
Thanks to the Internet, the Russians can more easily manipulate information than ever before. And Moscow is now applying gleefully that ability to their overseas goals. Most recently, Moscow been accused by Washington of desiring to control and influence our Presidential elections. And to a limited extent, Moscow have succeeded by the very effort. In the domain of worldwide Internet, perception is reality.
This type of information manipulation for political result is not new. In the Cold War between the U.S. and Russia, perception was often reality. The United States used covert means to supply information to friendly overseas sources to reinforce its positions. Occasionally, such as in Vietnam, it even deluded itself and the American people into believing that a limited, winnable war was possible.
The KGB, Russia’s Cold War spy service, was expert at planting damaging information about the U.S. around the world. It was a way of undermining our influence and the perception of wrong doing was all that mattered in the war of minds. Sometimes it worked quite well and the damage persists to this day. For instance, it was the KGB that floated the idea that American experiments to dominate the Third World created AIDS.
And so it goes today. We deal with Russia relying on old habits reinforced and facilitated with new technologies. The Internet with its hidden corners of attribution is a hard place in which to fight rumor and innuendo. Instantaneous transmission makes it impossible to control or counter the initial message. The very fact the Russian are releasing information about American candidates is damaging to the perceived integrity of our elections. The idea they could fool with our vote count is even more upsetting to the legitimacy of an already spooked electorate.
So, the first game of perception management goes to the Russians. There will be a section of the U.S. population already unhappy with the election results that will forever believe the system is now vulnerable to massive rigging. The reality is that there are several thousand different voting systems – ranging from paper ballots to electronic voting gear rarely updated to the 21st century. Hacking on a mass scale is unlikely though some minor efforts may be made. But that does not really matter. Even a few hacking attempts could be enough to poison perceptions.
So, for this round, the Russians have won an American election. It will be up to a new Administration to make Moscow pay for this interference. The games have only just begun.
“The highest form of warfare is to out-think the enemy.”
“In all kinds of warfare, the direct approach is used for attack, but the oblique is what achieves victory.”
“If you do not wish to engage with the enemy, even though your defences are no more than a line in the ground, you can prevent them attacking by luring them away with a feint or a decoy.”
––Sun Zi, The Art of War
In advance of President Xi’s State Visit to Washington this week, White House officials in August previewed what was to be the first use of the powers created by an April Executive Order (EO) aimed at curbing unacceptable cyberactivity. The EO authorizes tough financial sanctions against those who benefit from a country’s illicit cyberactivities, for damaging critical infrastructure and computer networks in the United States and benefiting from the cyber-enabled theft of proprietary information, as these are the components of the U.S. private sector’s economic competitiveness.
At that time, the U.S. government was reeling from reports of the first of two attacks reliably attributed to the Chinese government; against the Office of Personnel Management and attacks involving sensitive health information at Anthem, attributed to Chinese government-directed attackers, and against Sony Pictures Entertainment, which involved physical damage achieved through cyber means and carried out through North Korea’s Internet link that passes through China. The EO added strength to an ongoing campaign by the President and his advisors either to change Chinese government behavior or hold the Chinese government to account for it.
Those White House officials left some ambiguity about the timing of sanctions relative to President Xi’s visit and whether sanctions would single out China or include other bad actors. They timed the leak well. Mere weeks before President Obama welcomed Xi to the White House it alerted the Chinese government to the embarrassing possibility that the sanctions would dominate the news around the visit. By leaving open the timing of sanctions, the White House provided the Chinese government with an opening to negotiate on those elements, sparing the Chinese leader the embarrassment of a sanctions announcement on the eve of the visit.
The Obama Administration, however, may not have prepared for the Chinese response very well. They should have re-read The Art of War.
The conversation between the United States and China on cyber has become an endless discordant loop since the beginning of the Obama Administration. The United States has complained that Chinese state-directed hackers have stolen commercially relevant information from U.S. firms; China has denied that such theft––or any inappropriate cyberactivity––has taken place. The U.S. government countered that denial by building a stronger and more detailed case against Chinese government conduct. In some instances, the private sector has also provided public evidence. Last year, in fact, the U.S. government indicted on charges related to their cyberactivities five Chinese officials (whom the U.S. will presumably prosecute should they present themselves in U.S. territory). Naming and shaming, the U.S. government has sought to convince China to come to the negotiating table and discuss how Chinese behavior should change.
This tactic has failed at the most rudimentary level: the Chinese government flatly denies conducting any form of inappropriate cyberactivity––a laughable contention, as nearly all states with capacity engage in some form of espionage in cyberspace––and blames U.S. networks for hosting the majority of illegal cyberactivities. More convincing evidence will not overcome China’s airy denials.
In spite of the absence of meaningful dialogue, the U.S. government has tried to expand the campaign to like-minded nations. To rally the international community against China’s bad cyberbehavior, the U.S. government earlier this year sought support at the United Nations (UN) for certain norms in cyberspace. But that move actually confused the issue. The norms tabled at the UN address obligations to refrain from damaging critical infrastructure and to provide assistance to countries that have suffered an attack; the U.S. government did not include a norm against cyberactivities aimed at stealing the sources of another country’s economic competitiveness. The effort at the UN, then, will result only in Chinese denials to a larger community; it has also distracted from the principal U.S. goal of minimizing cybertheft of the foundations for economic competitiveness.
The Chinese government seems to have absorbed the implicit shift in the U.S. UN submission away from cybertheft. According to media reports this week, U.S. and Chinese negotiators have agreed to some form of code of conduct related to the critical infrastructure-related norms to be announced as a deliverable of Xi’s visit. The Chinese government seems to have realized that the U.S. government might accept a general commitment to norms unrelated to cybertheft, combined with additional commitments to talk, in exchange for taking sanctions off the table. If the agreement discussed in the press is actually limited to norms unrelated to cybertheft, it would not constitute the progress that President Obama last week suggested would suspend U.S. consideration of sanction. In that case, the Chinese will have succeeded beyond any expectation. The United States is left with more words, further delayed action, and Chinese agreement that they will not engage in conduct… that they never acknowledged in the first place.
Would sanctions against Chinese individuals and entities have been a game changer in the ongoing battle over economic competitiveness? The record for unilateral U.S. sanctions changing bad behavior does not provide much reason to think it would, in and of itself, end Chinese cyberhacking. But sanctions would change the calculus for bad cyberactivities in ways that bilateral or international discussions cannot, by closing off valuable U.S. and multinational business and financial access.
The agreement that the two Presidents will make on Friday has to pass a very high bar to be acceptable: in exchange for avoiding sanctions and turning a potential embarrassment for President Xi’s visit into an opportunity for Xi to look like a statesman, the agreement must cover cybertheft and provide concrete means to verify those promises from the Chinese. If so, it may take some time to assess whether the agreement is more than words. Otherwise, President Xi has gotten a State Visit and avoided embarrassment. It will be far less clear what President Obama and the United States have achieved.
Adam Bobrow is the Founder and CEO of Foresight Resilience Strategies and a senior fellow with the GW Center for Cyber and Homeland Security.
The European Union now has a new Agenda for Security for the period 2015 to 2020. It specifies “three priorities for EU action” — terrorism and radicalization, organized crime, and cybercrime — based on the “level and complexity” of these threats, as evolved since the formulation and release of the previous Security Strategy for 2010 to 2014.
Among the “concrete actions” that are envisioned to address these threats within the EU are the following:
…the Agenda proposes to step up Europol’s role by setting up a European Counter Terrorist Centre as a secure centre for information exchange among national law enforcement authorities, building upon the successful experience of the Cybercrime Centre (EC3). …
To prevent radicalisation online, the Commission will launch an EU-level forum with IT companies to develop tools against terrorist propaganda.
…the Agenda aims to put in place effective measures to “follow the money”, by reinforcing the powers of financial intelligence units to better track the financial dealings of organised crime networks and enhance the powers of competent national authorities to freeze and confiscate illicit assets.
The next step is for the European Parliament and the European Council to consider and, potentially, endorse the Agenda (which emanates from the European Commission). The previous Strategy was criticized on the ground that, among other things, it failed to incorporate sufficient input from institutional stakeholders.
For more on the new Agenda as whole, see here and here. For further analysis of the new Counter Terrorist Centre, “with limited powers that will not amount to the equivalent of a European FBI,” see here.
As part of the effort announced last week to establish the GW Center for Cyber and Homeland Security, we have renamed the Center’s blog as Security Insights, located at http://www.securityinsights.org/. All previous posts from HSPI.org have been migrated to the new site, and we expect to post actively on the new site in the coming days and weeks.
Today HSPI published an Issue Brief entitled “Putin’s Russia: A Geopolitical Analysis,” co-authored by HSPI senior fellow Robert Dannenberg, together with Frank Cilluffo and me. Here’s a synopsis:
The speed and audacity of Russia’s annexation of Crimea earlier this year shook Eastern Europe and surprised the West. Yet the conflict in Ukraine is just one symptom of a much broader challenge, and one which the West has yet to recognize fully and respond to accordingly. Russian President Putin is much more of a revolutionary than people give him credit for being. In fact, however, he wants to reshape the world and reshuffle the international economic deck.
This Issue Brief examines events in Ukraine and beyond from a strategic perspective; and then offers a series of action recommendations intended to respond effectively to these geostrategic developments. Read the entire analysis at this link (PDF).