First things first: there is no cyberwar.[rssbreak]
No one country is attacking another, and no other country is retaliating. It’s just not happening.
That doesn’t come from just anybody either. Howard Schmidt, the new cybersecurity czar of the United States, said it last month.
But reaffirming that fact doesn’t stop the cyberpanic.
This week, University of Toronto researcher Ron Deibert, director of the Citizen Lab at the Munk School of Global Affairs, released a report on cyberespionage that warns of the militarization of the Internet.
His researchers, along with an Ottawa-based security firm, uncovered a “complex ecosystem of cyberespionage that systematically compromised” networks in India and other countries. China is mentioned in the report several times, though there is no hard evidence linking it to spying.
Deibert and his team point to Twitter (“Social media clouds have a dark hidden core”) and spam email (PDF flaws in email attachments were cited) as examples of vulnerabilities which allow the compromising of networks.
“Today, data is transferred from laptops to USB sticks, over wireless networks at café hot spots, and stored across cloud computing services whose servers are located in far-off political jurisdictions,” says the report, entitled Shadows In The Cloud: Investigating Cyber Espionage 2.0.
“Documents and data are probably safer in a file cabinet, behind the bureaucrat’s careful watch, than they are on the PC today,” it continues.
Deibert has built a career on respectable research, but I’m sorry, all this reeks of alarmism.
Like, come on. Café hot spots? PDF flaws? Email attachments? These are basic virus and spam mechanisms.
In the early days of the Internet, viruses threatened to end safe browsing. The same can be said of spam in the early days of email. But over time, security was developed to block both on easily scalable levels. Like for instance the smart filters powering Gmail’s spam-blocking program.
And as far as cloud computing goes, a bureaucrat is more likely to lose a document on the way to lunch than in a cloud computing system.
The needless mention of clouds and wireless cafés, implying that the open Internet represents a threat to national security, is pure innuendo and is not helpful.
You know what else isn’t helpful? The case being built against China, with some sort of pre-emptive measure implied. Ramping up this sort of sentiment never ends well. Ask the George W. Bush administration.
Internet espionage has occurred for decades, but evidence of national harm is missing. What will change now, in the fourth decade of the Internet? I mean, the “command and control infrastructure,” the use of sites like Twitter to dupe networks, has been around for years.
Governments absolutely have to reduce their online vulnerabilities. But Canada, despite the Citizen Lab report’s prediction, will not likely be “the next victim.”
If there is to be a policy on cyberespionage, the first order of business is to define it and clearly state a threshold: what constitutes espionage? The leak of information about Canadian visas in India probably wouldn’t qualify as a national security threat. Treat these cybercrimes as crimes, not acts of war.
Following the U.S. lead to create a head of cybersecurity would be a positive next step as well.
But first, begin information-sharing on security between the private sector and the public. It’s a natural solution to large-scale attacks.
There is much valuable information in this report, and much to be done on a national strategy on cybersecurity. But this flies too close to hype, rhetoric and panic to be taken all that seriously.
joshuae@nowtoronto.com
Twitter: @joshuaerrett
