The coming private cyber 'war'
Will U.S. companies, fed up with getting hacked and not getting the government backup they want, launch cyberattacks against foreign actors – and would that qualify as “warfare”?
The next war might not be a “war” at all.
The nature of cyber warfare – and whether the U.S. government would even be among the combatants – was one of the foremost discussion topics at the NextGov Prime conference Sept. 10.
“When people talk about ‘cyber war’ … 90 percent of the time they mean ‘cyber crime,’” noted Emma Lovett, a Royal Australian Air Force squadron leader on exchange with the Pentagon. She added that she had a “happy dance moment” when President Barack Obama refused to call the hack of Sony Pictures an act of war last year.
Broadly speaking, people are too quick to deploy the “war” word, she argued.
“If it’s just theft, it’s theft,” Lovett said. “If it’s espionage, it’s espionage. Neither of those are war.”
Homeland Security Department cybersecurity strategist Antonio Scurlock echoed her assessment, noting that “undesirable” outcomes do not equal “attacks.”
War or not, increasing escalation is bound to produce some kind of response, and as the U.S. government struggles to defend itself, private companies can’t rely on protection from Washington.
“Most companies have realized that the federal government is not coming to their rescue in the cyber sense,” said journalist Shane Harris. “They are essentially on their own against organized criminals in Russia, against state-sponsored hackers in China, against groups like Anonymous, and sort of the various threats out there that might be trying to steal their data or take out their systems.”
Harris is the author of “@War: The Rise of the Military-Internet Complex,” and said that in the course of researching his book, he was constantly struck by how on-their-own American companies seemed to be.
For her part, Lovett urged companies not to strike back in the cybercrime sphere.
“INTERPOL already exists and it’s fully aware of cyber as a realm,” she said. Companies shouldn’t “hack back” against adversaries, since they’d essentially be “paying their own teams to become criminals.”
If American firms start hacking foreign rivals in retribution, they’ll be giving up what it means to be American, the Aussie Lovett said.
“You’re good,” she said to the American audience. “You stand for truth, value, justice, valor.”
It all comes down to trust, she argued, and sharing information with law enforcement to bring hackers to justice.
“We’re not going to get anywhere by thinking each corporation is an island,” she said. “Internationally, you have a lot of friends that want to help you solve these crimes.”
Harris disagreed.
“Companies are not just going to keep taking this,” the journalist warned. “If the government is saying to them, ‘We can’t really protect you, and we’re not necessarily going to go on the offense for you,’ I think it’s only a matter of time before you see a company take matters into its own hands and essentially go on the offense and take the fight back to the hackers.”
Will that fight take the form of U.S. companies hacking foreign firms, or even hacking foreign governments?
All sorts of combinations are possible, Harris said. “We’ve never really seen a conflict like that as country.”