Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter.
The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber weapon” relate these terms to “attack,” framing the conversation in terms of acceptable responses to “attack” (namely, “strike-back,” “hack-back,” or an extreme interpretation of the vague term “active defense”).
Here, we will discuss two problematic issues: first, we illustrate the misuse of the terms “cyber war” and “cyber weapon,” to raise awareness of the potential dangers that aggressive language brings to the public and the security community; and second, we address the reality that could exist when private citizens (and/or corporations) want to act aggressively against sovereign nations and the undesirable results those actions could produce. We discuss these topics through the lens of the recent furor around the cyber incident at the Democratic National Committee.
On June 14, 2016, news broke about an intrusion into the computer systems of the DNC. Crowdstrike, the company hired by the DNC’s lawyers to investigate the intrusion, immediately blogged and spoke in detail publicly about it. (Publicly speaking about this kind of work is unusual because contractors hired by law firms are typically under attorney-client privilege and restricted by NDA from speaking about a possible criminal act.) In the weeks following the incident, a variety of voices in the cybersecurity community began calling the incident problematic and some call it an act of war.
The Washington Post quoted Crowdstrike’s Sean Henry: “You’ve got ordinary citizens who are doing hand-to-hand combat with trained military officers,” while Inc. quotes the company’s Dmitri Alperovitch: “This is the first time since the Revolutionary War where you have Americans fighting governments on U.S. soil. We are doing this in cyberspace, unlike in the Revolutionary War, but it is serious nonetheless.”
While there is no doubt the DNC intrusion was serious, there are several problems with these analogies and subsequent line of argument.
Invoking the Revolutionary War is problematic. It was a war of independence, where colonies of an empirical seat of power broke free of unjust domination by establishing a Constitutional Republic. At the time of the Revolutionary War there was not yet a sovereign U.S. government (the creation of the United States was the revolutionary act). Today, the United States is the sovereign government, and it alone has the authority to “fight on U.S. soil” against another sovereign.
Private organizations and/or individuals may be experiencing intrusions from alleged nation-state actors while in the US, but these activities are more like crimes or espionage than war. The Revolutionary War is not an appropriate analogy to someone breaking into a political party’s servers to steal documents. This is not the first time (according to Crowdstrike’s own statements) that these same actors have compromised hosts in U.S. territory, nor the first time that U.S. Presidential campaigns have potentially had their computer systems compromised.
Next Page: Conflating Crime with Acts of War