Thursday, February 22, 2018

Spookware

Today I'm listening to Brandon Valeriano, Donald Bren Chair of Armed Politics, Marine Corps University. You can do that yourself here:


He makes some good points and has some good questions regarding a few clear things, in particular, that our US-focused understanding may be making it hard to see the real shape of the effects of cyber power projection, and likewise, that as a community we focus too much on the Megafauna operations such as Stuxnet.

In particular though it's funny to hear him talk about how limited the effects of cyber operations are, while the entire first page of the NYT today, and every day, is about a successful Russian cyber operation.



This, in a nutshell, is where I thought Brandon's previous book ran into trouble and it's evident in the current talk. Policy and law communities like to split the spookware set of disciplines into very clear buckets. This is espionage, this is sabatoge, etc. But this is like trying to say what's Karate and what's kickboxing and what's Kung-Fu but you're doing so in the UFC cage, and someone is currently punching you in the face!

When we forward deploy NSA people into war zones and provide total coverage across an entire populace's telecommunications for our Marine units, is that cyber power projection? In a way, the final part where you kick down the door and shoot someone is the boring part, right?

Again, he says with China that their policy of stealing technology (and M&A deals) through cyber "does not work" and that they've given up. Which frankly is exactly what they wanted us to think.

Maybe a more accurate description was that it DID work and they are now pivoting to protecting their lead? They have more AI research happening than we do now. Basic science research now happens in Shanghai and Beijing as the US draws back on funding it. Their Quantum detectors are amazing and revolutionary, if hard to understand. Why wouldn't they want a new norm against economic cyber espionage after fifteen years of running the table?

Also, let me point out that Brandon's usual comments on "Cyber weapons being one use tools" are just weird. Exploits can be reused, and are rarely caught, but you do run that risk, and implants get caught eventually, but are often re-tooled and re-deployed. And methodologies, listening points, and all the other things that go into cyber power projection are not "one shot". I'm honestly not sure where he comes from here. But he does keep saying it! Maybe after he reads this post he will write why he thinks that. I know it's part of his logic regarding the desire of nation states to hold back on escalatory cyber attacks, but it's not strictly true in any important way. I feel like someone from TAO told him this at a dinner party over drinks and he really hung onto it.

Ok, so as you finish the talk I know he's not going to be able to support his larger thesis in 20 minutes, but it's so hard to hear someone say that cyber power projection is NOT a revolution of nation state conflict and that it cannot cause disruptive effects on a mass scale. Also, it's clear that everyone is now focused on influence operations enabled by cyber, and are going to be completely surprised at cyber's next metamorphosis. :)










No comments:

Post a Comment