Tag Archive | Cybersecurity

Cyberwarfare and Public Accountability

One of the reasons that American presidents go to war – not a good reason, mind you – is known as the “Rally Around the Flag” effect.  When America gets involved in an armed conflict, whether as defender or aggressor, the president becomes more popular and more highly-approved, and often the conflict itself is accompanied by a burst of legislation unrelated to the war.  There’s a lot of debate over precisely how strong the effect is and what drives it, but the existence of the effect itself is one of the best-known findings of political science.

This could be relevant for the decision to embrace cyberwarfare.  Today the NYT reveals that the Obama adminstration was deeply divided over the question of whether to use cyberweapons to attack the Syrian government.  The NYT reveals the deep discussion over the strategic benefits and risks – but one that does not appear there is the potential effect on American public opinion.  Cyberwarfare is still visible to affected foreign players (and possibly friendly/neutral ones too) and America is strategically accountable for its actions in this sphere, but it can be plausibly denied in a way that bombers and paratroopers can’t.  If Obama had decided to go forward with attacks on Syria, he would have had to deal with the fallout from Syria and Russia, but it likely would have remained secret until the next Edward Snowden leaked it.

If cyberwarfare is normalized, more acts of national aggression will take place out of the public eye.  As a positive question – a question of facts – public opinion is a significant constraint on executive action.  As a normative question, people differ a lot on whether this constraint is a good or bad thing.  Perhaps the people stop wise Presidents from taking the actions necessary to protect the country; perhaps the people’s reluctance to go to war stops foolhardy Presidents from making dangerous leaps into conflict.

The growth of cyberwarfare will be a neat and potentially worrying test of who is right.

The NSA and the Electronic Umbrella

No one paying attention should be shocked that the NSA has placed “backdoors” in the firmware of hard drives and networking equipment. For those with less technical savvy, firmware is the low-level software that mechanically operates equipment: spin this fast, move the needle this way, and so on. It does point emphasize something the US government has long known: a government must maintain total control over its own supply chain for secure hardware. From the circuit boards all the way up to the high-level operating systems, everything must be totally secure from foreign intrusion. For the US and China, this is all well and good, and has been practiced for decades.

But what to do if you’re Canada or Taiwan? Both are active internationally, with modern militaries and hopes for regional influence. Neither has the infrastructure to affordably be maintaining an entire supply chain for secure hardware. That’s really difficult. Canada doesn’t have huge microchip fabs; Taiwan does, but they were founded by foreigners. Neither has the resources of an NSA to develop completely secure software for government use. The US and China have a hard time keeping secrets from each other; the Canadians and Taiwanese, and for that matter the Dutch and Vietnamese and Koreans should have approximately zero confidence in their secrecy. Only a few powers have the intellectual and infrastructural capacity for mostly-secure computing: the US, China, Japan, Russia and possibly the Europeans.

A hypothesis: the nature of electronic surveillance is a force tending towards tight power blocs. If you are Canada, you could try to start up and maintain a secure hardware environment no matter the cost and risks. But if you could guarantee your safety by using the NSA-approved gear…well, it might better to know the Americans are listening than merely suspecting the Chinese. If you’re a poor country relying on Chinese development aid, the choice is even clearer – take whatever the Chinese are giving you with open hands. You may have to toe the Party line, but at least the CIA won’t know about your plan to invade North Trashcanistan.

The electronic umbrella is similar to the Cold War’s nuclear umbrella, but more interesting. Nuclear weapons usage is drastic, infrequent, and incontrovertible. Electronic surveillance is commonplace, continuous, and deniable. In particular, targets tend not to know when they’ve been hacked. A known quantity of surveillance from friends might be much better than an unknown quantity from an enemy. As the implications sink in for the second-tier powers of the world, the borders of hardware and OS could end up just as clearly drawn as that of economic systems a generation ago.