Last week I attended the Second Worldwide Summit on Cybersecurity. Organized by the New York based East West Institute (EWI), it took place in London. I have never been to anything like it before. Impressive, scary and reassuring, all at the same time.
The EWI was created during President Reagan’s incumbency, with his active encouragement. It established a civil society platform which would allow leading thinkers and strategists on both sides of the Iron Curtain to engage in a dialogue.
Shrewdly the Reagan people had understood that Governments were too often encumbered by all kinds of unavoidable formal trappings. This made certain types of contacts with other sovereign powers very perilous. Alternatively they risked becoming too narrowly focused.
A non-governmental forum such as the EWI, by contrast, could be much more relaxed, generating the sort of context and texture which would help fill in the dots when formulating policy. Ideas could be floated, reactions judged, relationships formed. If anything went wrong or something outrageous was said it could all be easily disowned without anyone losing face.
At a pre-Conference Reception given by some of the UK people who work with the EWI I was greatly amused by a story told by one of the guys who was around when the EWI was first getting going. He and a colleague were tasked with putting out feelers in Moscow. The idea was to test whether or not the Soviets could see any value in an initiative of this nature. The initial response was wary but positive.
How did Hungarian Communists get mixed up in this?
The first meeting took place in the Headquarters of what was then the Hungarian Communist Party. Six people were in the room. The stakes were high. If the mission did not succeed the EWI would be stillborn and the challenge of how to open up informal channels would remain unsolved. Who knew what the consequences of failure might be, and not just for the careers of the foot soldiers who had journeyed to Budapest?
As our hero put it
Not only was I not at the meeting, before I went to it I made sure I had photographic evidence to prove I was somewhere else at the time.
Maybe John le Carré and Ian Fleming were right after all. This really was or is how these things work.
Enough of my schoolboy fascination with spies and high level diplomacy, back to the conference in London.
Despatch a missile instead
Could it have been merely a coincidence that the US Administration decided that last week was exactly the right time to issue one of their direst warnings ever about the potential threat to world peace coming from state-sponsored cyber attacks directed against them? If nothing else it certainly gave the EWI event something of an edge.
Pentagon spokesman Colonel Dave Lapan told the Wall Street Journal that if a foreign power were to use the internet, for example, to close down the US power grid, they would be wrong to assume the US would retaliate only in like cyber manner. Instead
maybe we will (send them) a missile
That was pithy, Dave, but I think we catch your drift.
The China Syndrome
Adding to the sense of drama at the conference, during it Google announced that a hack attack had been mounted on the Gmail accounts of senior White House officials. They said the attempted incursion appeared to have originated in China. The White House then issued a statement indicating these were exactly the sorts of thing they had in mind when they issued their earlier warning. It also emerged the White House believes that up to 100 foreign intelligence agencies had or were developing the capacity to mount internet based offensives against other states or their interests. Blimey O’Reilly!
Not unnaturally we got into a discussion of the problem of false flags. Referring back to the Google attack, could it have been another Government that orchestrated it to make it look like it had come out of China? Someone could even have assembled a team actually in China just to mount the operation, throw suspicion on the Chinese then get out. It might have been a Chinese criminal gang with no connections of any kind to Beijing or the Communist Party. It was all so much simpler at Thermopylae.
And there’s more
Things went from scary to scarier. A presentation given by Scott Charney will stay with me for a very long time. Charney is a Vice President of Microsoft in their Trustworthy Computing Division. He walked us through a subject I had never thought about before
Supply Line Integrity.
Not an obvious headline grabber
On the face of it supply line integrity is not the kind of title that would normally set the pulse racing. But it should. Here we were leaving behind the more familiar preoccupations which are unique to the operation of cyberspace and online systems. We were now also looking at interwoven challenges posed by how and where the hardware was constructed to make computers and computer-like devices work, along with the code for the associated firmware and other kinds of software.
Charney led us into the realm of industrial and military espionage. And sabotage. Nothing new, but when espionage and sabotage start getting mixed up with computers and global systems such as the internet they begin to take on entirely new dimensions. Scale changes almost everything.
Being able to immobilise a battlefield tank or blow up a railway line is not the same as being able to neutralise an entire weapons system. Shutting down an enemy’s banking or food distribution systems introduces a threat of a different order of magnitude. Yet such things might be possible if somewhere along the way the baddies had managed to slip secret code on to the motherboards or microchips you were using, or they had been able to tamper with the software that ran your systems.
And even if the other side couldn’t close down your systems, knowing exactly where everything was and what they were doing would give them a tremendous advantage.
At this stage of the proceedings I’m beginning to wonder about reviving my plans to take my family off to live on a remote island in the southern hemisphere. I was in the Boy Scouts once. I think I can still light a fire without the need for matches.
One hack attack won’t cause World War III
Now I agree that a war or a serious breakdown in world order would be unlikely to break out simply off the back of isolated incidents or hack attacks of the kind I have described so far. There would almost certainly be a bigger backdrop against which a whole range of events were playing out e.g. countries feeling pressured to secure a larger share of natural resources such as water, oil or minerals. There would therefore be lots of opportunities for everyone to pull back from the brink of any major face to face confrontation between the big players.
However, part of the calculation any military machine must make and (hopefully) share with their political masters, if they have any, is an assessment of the likelihood of winning and at what cost. Thus if you believe you can degrade substantial parts of the other side’s military and civil systems simply by unleashing a revamped version of Stuxnet, if you know the disposition of their forces and their likely moves in advance because you are inside their communications networks, it is certainly going to embolden you.
Here comes the Cavalry
Before we all start joining survivalist organizations, let me say that a very reassuring and impressive aspect of the EWI Conference was the display of brain power which clearly is being assembled and focused on trying to solve these problems. People from Russia, China, India and all points in between were there and talking. It was by no means simply a NATO support group. Thank goodness. More power to their collective elbows.
What has all this got to do with children and the internet?
So why am I writing about all this? It’s a little off my usual beat. However, as I sat there listening I was struck by a number of closely related thoughts.
The first and most powerful was clear: things were never meant to be this way.
The whole internet thing, the whole computer business that underpins it, is not rolling out smoothly according to some grand or carefully calibrated plan which was put together by omniscient demi-gods living in California. On the contrary another unintended and unforeseen consequence of the arrival of the internet has been to equip the dogs of war and put us all in peril. Thanks a lot.
Which gets me back to children, young people and the internet.
Absolutely I am not trying to suggest even for a minute there is any kind of equivalence between the likely source of the outbreak of World War III and the current travails we face trying to get a safer internet for children and young people.
But whenever anybody patronises you by talking about the importance of not stifling innovation by stepping in with regulation refer them to this blog.
Nobody has a monopoly of wisdom. This is not a profound or an original observation but it is one that rather jumped out at me as I listened to the possible range of consequences for the entire world of other people’s thoughtlessness or lack of foresight.
Genies can be put back in bottles
As the recent banking crisis also reminded us, big corporations can get things spectacularly wrong. We should all feel much more confident about speaking out and insisting that companies listen. If they don’t they cannot complain if we enlist our Governments to speak more directly to them on our behalf.
Moreover, and here’s another off-turf analogy, if a country like Germany can announce they intend to phase out nuclear power over the next ten years or so, please don’t anybody tell me there is nothing can be done about this or that defect with the internet or this or that application because the genie is out of the bottle.
Given the right configuration of circumstances I can see lots of sprites and other ethereal creatures being forced back in the glassware.