Declaring Cyberwar On Russia Because Of The DNC Hack Is A Bad Idea
There's been plenty of talk, of course, about whether or not Russia did the hack that exposed various Democratic National Committee emails and other documents. While we've already pointed out that this shouldn't impact the newsworthy nature of the material leaked, it's still an interesting story. We've highlighted some reasons to be skeptical of the claims attributing the hack to Russia, but it does appear that more and more evidence is pointing in that direction. Thomas Rid, over at Vice, has a pretty good analysis of why much of the evidence points to Russia as being behind the attack, and the FBI is now apparently on board with that as well. While I'd still prefer more evidence, at least at this point, it should be admitted that there's quite a lot of evidence pointing in Russia's direction making it, at the very least, the most likely suspect.
But, then, of course, there's the question about what it means and what should be done about it. And we're seeing some hysterical responses. Over at Ars Technica, they have a "guest editorial" from a cybersecurity firm CEO, Dave Aitel, (who also is, of course, ex-NSA), more or less arguing that we should declare cyberwar on Russia over this:
Second, the idea that hacking into a political party's servers is "cyberwar" is a ludicrous exaggeration -- especially when their own security practices were suspect. As the ACLU's Chris Soghoian reminds us, it wasn't that long ago that our very own CIA director John Brennan found his personal email hacked by a 16-year-old. Was that a "cyberwar attack" as well? People are going to get hacked. It happens. Sometimes because they have weak security, and sometimes because the hackers are persistent and determined (no system is completely secure). That, alone, should never make it something that escalates to the level of "war."
Finally, beware of so-called "cybersecurity" firms continuing to beat this drum. Their entire business relies on keeping people freaked out about this stuff, including the idea that "nation state" hackers are trying to break into everything. They have lots of incentive to play up attacks and get people worked up about "war." "Cyberwar" (whatever the hell that means) is good for business for cybersecurity companies. In fact, some of those companies admit that the lessening of "cyber" tensions between the US and other countries is bad for their business:
Permalink | Comments | Email This Story
But, then, of course, there's the question about what it means and what should be done about it. And we're seeing some hysterical responses. Over at Ars Technica, they have a "guest editorial" from a cybersecurity firm CEO, Dave Aitel, (who also is, of course, ex-NSA), more or less arguing that we should declare cyberwar on Russia over this:
What occurred with the recently disclosed breach of the Democratic National Committee servers, and the dumping of stolen data on a WordPress site, is more than an act of cyber espionage or harmless mischief. It meets the definition of an act of cyberwar, and the US government should respond as such.This is insane for a variety of reasons, and hopefully no one is seriously listening to this. First of all, hacking happens all the time. In fact, as Ed Snowden points out, revealed documents show that the US itself has authorized the hacking of foreign political parties. So if Russian hackers possibly doing that to us is a "cyberwar attack" and it's the kind of thing we need to hit back on, then, uh, haven't we been committing "cyberwar" on tons of other parties via the NSA -- for which we, too, deserve retaliation?
Second, the idea that hacking into a political party's servers is "cyberwar" is a ludicrous exaggeration -- especially when their own security practices were suspect. As the ACLU's Chris Soghoian reminds us, it wasn't that long ago that our very own CIA director John Brennan found his personal email hacked by a 16-year-old. Was that a "cyberwar attack" as well? People are going to get hacked. It happens. Sometimes because they have weak security, and sometimes because the hackers are persistent and determined (no system is completely secure). That, alone, should never make it something that escalates to the level of "war."
Finally, beware of so-called "cybersecurity" firms continuing to beat this drum. Their entire business relies on keeping people freaked out about this stuff, including the idea that "nation state" hackers are trying to break into everything. They have lots of incentive to play up attacks and get people worked up about "war." "Cyberwar" (whatever the hell that means) is good for business for cybersecurity companies. In fact, some of those companies admit that the lessening of "cyber" tensions between the US and other countries is bad for their business:
None of this is to deny that nation state-level hacks may very well be happening. But let's keep things in perspective. Even if something like a "cyberwar" (again, whatever that means) happens, it's likely to be a lot less bloody than an actual war, and so much of the talk about this seems to be driven entirely by people who have a vested interest in promoting greater fear -- with little reason to suggest that, perhaps, this isn't a huge deal. In fact, perhaps a lot of this could be helped by simply employing better security practices and more encryption. But, you know, those kinds of solutions don't make headlines. "Cyberwar" does.Reminder: Cybersecurity firms like FireEye & Crowdstrike have a $$ incentive to keep nation-state hacking fears high pic.twitter.com/HIkSAGmEXg
- Trevor Timm (@trevortimm) July 25, 2016
Permalink | Comments | Email This Story