The trouble with a gentleman’s agreement is that any semblance of gentlemanly conduct goes out the window when it comes to espionage. Furthermore when it comes to electronic espionage, all bets, it seems, are firmly off the table.
This is the difficult situation that has emerged in recent years in the world of international relations and spying. Back in the Cold War, when electronic espionage was a much simpler affair that usually consisted of wire line taps or remote recording and monitoring, there was something of a gentlemen’s agreement between the main protagonists, the United States and the Soviet Union. This agreement meant that there were certain things that were allowed and certain things that were not. For example, governments did no generally spy on or harvest data from private companies. Even after the end of the Cold War and the break-up of the Soviet Union, these sensibilities prevailed and the patterns of practice persisted. That was until China became the economic powerhouse that it is and began to use covert means to get access to technical information on everything from power generators to car design and source code.
This is the issue that was at the heart of a Bloomberg Business Week article recently (http://url.ie/hjsv) that bemoaned China’s unwillingness to abide by the established protocol for government electronic espionage. Even as the US made chiding remarks for China’s supposed state sponsored role in attacks on the likes of Google, Yahoo and Intel, China responded by saying that the US was in no position to talk as it pumps even more resources into its own efforts in the area through an organisation called Tailored Access Operations (TAO) within the National Security Agency (NSA).
The NSA was originally set up, the article points out, for signals intelligence back in the day, and has matured into the kind of electronic espionage that has featured so highly in the media of late. The TCO within the organisation now gathers up to 2 petabytes of information an hour from foreign "data at rest" sources. What this means is that the TCO does not necessarily wait for information to be transmitted before it goes after it-it goes and finds it wherever it rests, on hard drives, in servers or in whatever repository it is stored.
This has led the Chinese government to defend against any efforts to persuade it from its own practices to say look at yourself before criticising us.
So, what does one do when the old gentlemen’s agreement goes out the window? Well, trade sanctions are one strand, but as we have seen, there is now a greater backlash and not just inside government circles.
China has as a country tried to use espionage, say many commentators, to further its economic development. So, instead of spending decades developing technologies from scratch, say in computer networking, it goes out and reverse engineers an existing solution, or as many accusations say, it simply goes and hacks into a prominent network company and steals its designs. Chinese companies then leverage these technologies to bring to market competitive offerings that are cheaper than the competition.
It all sounds like a good idea, but then it dawns on people that if such technology was stolen in the first place, what compunction might a state have in putting back doors into network switchgear or the like, potentially giving access to all sorts of things. Well, none it would appear, in the interpretation of some.
The US had already made some moves to stop Chinese hardware manufacturers from supplying hardware for certain government applications. The bill passed by Congress in May stipulates that certain entities, such as NASA and the Department of Commerce, cannot purchase hardware from certain foreign entities, such as Huawei and LTE, without specific permission.
It seems as if the Chinese government-sponsored efforts to give the country’s telecommunications industry a leg up have actually led to two of its most prominent players, Huawei and ZTE, losing out as their reputations suffer"
This trend has trickled down to commercial entities too, and it was reported by English IT news site The Register (http://url.ie/hjsy) that the US carrier Clearwire is preparing to remove all Huawei kit from its infrastructure on security grounds. It has also been reported that Sprint will follow suit.
But now other countries are going further. India has also now (http://url.ie/hjt0) banned telecommunications manufacturers from importing Chinese-manufactured components. The move was in response to a hacking attempt on India’s Ministry of Defence.
It seems as if the government-sponsored efforts to give the country’s telecommunications industry a leg up have actually led to two of its most prominent players, Huawei and ZTE, losing out as their reputations suffer.
But there is a further complication in all of this, as many dub the situation a cyberwar. Ever since it turned out that the Stuxnet malware was part of an orchestrated campaign carried out, most likely by Israel, but with software and operational support from the United States under what has been called "Operation Olympic Games", security and industry pundits have been talking about cyberespionage and cyberwarfare. However, a security veteran and chief security officer for Tenable, Marcus Ranum, insists that the term warfare is misapplied.
Despite the level of sophistication being touted in the various descriptions of operation and incidents being reported, Ranum maintains that anyone talking about cyberwar is actually trying to enlarge their own influence. The security guru argues that there is no basis of comparison between physical warfare and what has been termed cyberwarefare as the risks, actions and criteria for winning are not in any way comparable.
Ranum argues specifically that the old axiom of warfare, that a conflict can be won by making it too costly for an opponent to persist, cannot be accomplished in cyberspace.
All of this leaves governments in a precarious position. The barrier for entry into cyberespionage is very low. In comparison with training agents, maintaining spy satellites or surveillance aircraft, the cost of setting up and running a cyberintelligence unit is negligible. However, if it is done badly, it can backfire spectacularly, as the Chinese have found to their cost. But as is also pointed out in the Bloomberg article, one nation may disguise its efforts by using the tools and techniques of another to cover its tracks, further muddying the waters.
Any government that does not have a cybersintellignce unit would be foolish, any government that has a bad cyberintelligence unit may be even worse, but what is sure is that in this world, old rules do not apply, anything and anyone one is fair game and if you think that your nation has not been a target, then you have failed to detect that attacks.
Subscribers 0
Fans 0
Followers 0
Followers