The new frontlines
Former intelligence officer discusses brave new world of cyber warfare
Remember “Big Brother is watching you” from George Orwell’s apocalyptic novel 1984? Well we’re there. If you browse the internet, scroll Facebook or have a cell phone, iPad, Alexa, GPS in your car, or even a refrigerator (yes, they have computers inside) it is a safe bet your activities are being monitored in some way.
Concerns of computer infiltration have dominated the news cycle in the past several weeks, and they will likely grow. In late 2017, the credit rating company Equifax announced it had experienced a criminal security breach that captured important information belonging to some 2 million Americans. The stolen data included names, addresses, Social Security numbers, dates of birth and, in some cases, driver’s license and credit card numbers as well as credit dispute information. That’s everything needed to open a credit account in your name, make false medical claims, and more. Unfortunately, this was not the first time and, as we now know, will likely not be the last time a cyber attack has or will occur. Remember the Sony and Target hacks?
However, the stakes are even higher than accessing people’s personal data. Such hacks could lead to a world-wide financial crisis and quite possibly endanger the lives of millions of people.
While this may seem like a stretch, when considering the series of cyber attacks targeting American and European nuclear power plants and water and electric systems, it doesn’t seem so far-fetched. It’s even more plausible when you consider who’s believed to be behind these attacks – Russia, North Korea and Iran, aka the sworn “axis of evil.”
“We now have evidence (Russia) is sitting on the machines connected to industrial control infrastructure that allow them to effectively turn the power off or effect sabotage,” Eric Chien, of the digital security firm Symantec, said in a recent New York Times article. That same article went on to say that American intelligence agencies have been aware of attacks on U.S. infrastructure since 2015 and the Department of Homeland Security and the F.B.I. first issued urgent warnings to utility companies in June 2017.
To be clear, this is a global war and not just against America. And the United States sometimes does the same thing. Gaining access into the vital networks of perceived enemies is now an integral part of preparing for potential conflict. For example, according to the 2016 documentary film “Zero Days” the U.S. hacked into Iran’s infrastructure before the 2015 nuclear accord, inserting a virus that could bring down power grids, nuclear enrichment centrifuges and control systems and other infrastructure.
Two years before the Equifax debacle, as most people are now aware, Cambridge Analytics, a British voter-profiling company working on President Trump’s election campaign, had access to profiles of 87 million Facebook users. That data got into the hands of Russian hackers who then used it to create phony personas and false news in an effort to sway opinions in the 2016 election.
To help put it in perspective, retired U.S. Navy Captain, intelligence expert and Durango resident Gail Harris will be presenting a talk, “Russia’s Foreign Policy,” next Tues., April 10, at the Durango Library. The lecture is part of the Foreign Policy Association’s Great Decisions Lecture Series. Founded in 1918, the FPA is a nonprofit organization dedicated to inspiring Americans to learn more about the world outside its borders.
Harris was the highest-ranking African-American female officer in the Navy at the time of her retirement in 2001. Her 28-year career in intelligence included leadership roles in numerous major conflicts including El Salvador, Desert Storm and Kosovo. As such, she was at the forefront of the Department of Defense’s Cyber Warfare unit and has extensive experience and expertise in cyber warfare.
In addition to writing for the Foreign Policy Association, Harris is the author of A Woman’s War, a senior fellow at the George Washington Center for Cyber and Homeland Security and a senior advisor for the Truman National Security Project. She also happens to be a DJ on KDUR on Wednesday evenings from 6-8 p.m.
Harris notes that the capability to access private citizen’s information, as well as that of corporate, government and entire infrastructure networks, has been available for years. A good part of the problem is the lack of collaboration between various organizations responsible for security. “There is disagreement among all 17 agencies as to the definition of cyber war and what defines an ‘attack,’” she says “We also need new definitions for privacy.”
Harris believes it would take a “Pearl Harbor” type of cyber catastrophe to mobilize our country and its citizens. It’s not that U.S. allies aren’t in the same situation or at risk, or that there isn’t anything being done about it. NATO, she says, has gone the furthest in defining cyber war ramifications. “But,” she continues, “We need to focus on the solution, not the problem.”
Too often, it seems, the public is out of the loop unless it affects them personally. “There has been a lot of info available for some time, but the public and media haven’t given it the attention it deserves,” she said. “Each year, the intelligence community puts out a Worldwide Threat Assessment. It’s a big deal and they brief Congress on the results. Each year, since about 2013, cyber has been identified as the number one national security threat.”
For Harris, the greatest danger is not from nation states, but from terrorist groups. Nations are aware of retaliatory capabilities, but, Harris believes, “terrorists just don’t care.”
Writing one year ago in her newsletter “GailForce,” Harris quoted Sen. John McCain, R-Ariz., then-chairman of the Senate Armed Services Committee, as saying, “Threats to the United States in cyberspace continue to grow in scope and severity. But our nation remains woefully unprepared to address these threats, which will be a defining feature of 21st century warfare.”
On a more personal level, the vulnerability of private citizens and the companies they work for has been compromised through virtual offices and employees taking work home. A long-time colleague of Harris’ is Bob Gourley, founder of Crucial Point LLC, a technology research and advisory firm. Among his outstanding credentials is his role as chief technology officer (CTO) of the Defense Intelligence Agency. He was also named by technology web publication Infoworld as one of the top 25 most influential CTOs on the planet.
Gourley acknowledges that many people are now leveraging advanced interconnected technologies at home. “In doing so,” he says, “they are introducing new risks to their personal privacy, and, at times, introducing new risks to the firm they work for.”
The remark suggests it is almost always in the best interest of employers to help employees understand how to bet- ter protect their personal information. Perhaps the first line of defense, continued Gourley, is to encourage employees to adopt an attitude of personal responsibility regarding home security.
Being diligent about how much information one shares on the internet or elsewhere is just a start. Being aware of the risks, the devices we depend upon for convenience and information, how our personal data is being used by others, is also important.
Harris warns that by repealing net neutrality protections, internet service providers such as Comcast, Verizon and AT&T, can pass on their customers’ browsing habits, who they exchange emails with, and other information, without the knowledge or approval of the consumer.
But all is not lost, and all it not outside our hands, according to Harris. She believes the power rests with the voters to ask for laws about the sharing of information, including re-instatement of the net neutrality rules.
“People need to demand laws,” she says.