9 August 2016

Cyber issues from the Aspen Security Forum


August 4, 2016 

This year's Aspen Security Forum that took place last week featured top government officials and experts who candidly talked about key security issues facing the United States and its international interests. In light of the recent Democratic National Committee hack and its effect on geopolitics, here is a roundup of critical cyber issues discussed during the forum:

The blame game

Director of National Intelligence James Clapper said at last week's four-day forum that the United States is not ready to make a call on attribution regarding the DNC hack. Clapper noted there are some usual suspects out there — but in using the regular protocol and process, they aren’t ready to make a public call yet.

Patrick Walsh, senior vice president with iSight Partners, said: “When the malware is reviewed and looked at closely, the forensics associated with it follow patterns. These are advanced, persistent threat actors that are involved. They’re sophisticated in terms of what their capabilities are and the way they’re introduced into the environment.

“We’ve described this as APT 28 and 29 in terms of the actual malware involved, but that’s only a microscopic inspection of malware that doesn’t get to attribution because there’s no context associated with it. So we don’t know the broader sets of questions, which the audience is very interested in.”

According to Jay Healey, a senior research scholar at Columbia University School of International and Public Affairs, the national security architecture all along said going into a campaign was not out of the ordinary — it was an absolutely valid geopolitical intelligence operation as the U.S. does the same thing. Once the emails were released, however, the issue went beyond espionage and into covert action, Healey said.

The level of confidence that the Russians were in these systems is extremely high, he said, but whether or not Russia released the emails is a lesser degree of confidence — theoretically it could have been a group unaffiliated with Russia.

Game changer

Panelists at the forum were asked whether the DNC hack and the broader issue of influencing elections is a game changer. Some said there is an ongoing investigation and that interference in elections is troubling, but for the most part government officials declined to offer many details.

The DNC hack was a game changer because it is forcing the system to change in a short amount of time, according to Walsh.

He questioned whether Congress or the executive branch is well-suited enough to study this issue, hold hearings and respond.

Response

White House homeland security and counterterrorism adviser Lisa Monaco said the government has evolved in its attribution and response processes. She cited the Sony hack, attributed to North Korea, as an example.

“That, I think, allowed us to utilize a series of best practices that we’ve built up and it kind of came together in the Sony situation. And what we did there was rely on the investigative agency [FBI] … pool their knowledge with the rest of the intelligence community, work very rapidly, I think, both to, and this is important, share very quickly. I think within 24 hours of them being on the ground in that investigation they were able to, and we as a government were able to share information back out about the malware that had been used,” she said.

Monaco also discussed the government’s process after an incident occurs. First, she said, they try to bring in all arms of the government together to answer what is known, how it’s known, what the confidence level is and what has been done. She noted that the attribution question is different from the “why” question. “We need to separate the questions surrounding this issue, which is attribution, and who did it is one question; what did they do; and for what purpose is another. And what I would say is if this is an intrusion for the purpose of stealing information not to inform intelligence or inform their own governmental decisions, but in order to coerce and take coercive action and undertake information operations and influence operations, that is a different type of activity,” she said.

“If this were China, I might react differently,” Healey said of Russia’s alleged hack of the DNC. “The way the Chinese have come at us and the way they’ve responded to our counteractions has been very different from the Russians. The Russians have been very, very aggressive.”

Using a baseball analogy, Healey said the president needs to consider brush back pitches to get the Russians or others to “back away from the plate.”

U.S. cyberspace adversaries

Clapper believes Russia, and more specifically its president, Vladimir Putin, is paranoid about revolutions and others such as the United States undermining his authority.

“I think it’s their approach is they believe that we’re trying to influence political developments in Russia, we’re trying to affect change, and so their natural response is to retaliate and do unto us as they think we’ve done unto them,” he said, adding it’s not surprising that they would behave that way.

“For me, Putin is somewhat of a throwback, not to the communist era but more of a throwback to the czar era, and I think he thinks in those terms. The Russians have, are now and will continue to employ methods and approaches and techniques below direct military confrontation to fulfil that vision of being a great power on a co-equal bias with us.”

NATO's supreme allied commander for Europe and the commander of the U.S. European Command, Gen. Curtis Scaparrotti, described Russia’s actions as short of conflict.

“We see the activity in cyberspace, we see influence in Europe in terms of political parties funding some misinformation to build facts on the ground that really aren’t true. … I believe that it’s a part of their [Russia's] doctrine,” he said. “In essence, when you look at the range or spectrum of conflict, it begins with activities below the threshold of conflict in order to set conditions and perhaps even be successful in their objectives without even approaching a conflict.”

Clapper said philosophically, this isn’t much different than what occurred at the height of the Cold War — influencing political discourse on both sides.

China has exploited cyberspace to satisfy is “rapacious appetite” on commercial, trade and business, according to CIA Director John Brennan.

“Whether or not now they’re not doing it as much, whether they’re being more careful when they do it — because I think there was a bit of sloppiness on the part of some of them and that’s why they were caught,” Brennan said. “But one of the real challenges in the cyber realm is that a lot of times these nation states or countries will use a couple of cut outs so it’s two or three hops before you get back to the intelligence agency, whatever it’s doing, and say, ‘Ah ha,’ but it’s attenuated so it’s much more difficult for attribution purposes.”

On China, Brennan added: I do believe that we have seen less incidents of these types of attacks but I don’t know whether or not it is a result of their [China] realizing that it’s tarnishing their national brand and it is hurting them commercially, politically and economically or whether or not they’re just getting better in terms of being able to hide their fingerprints on this. So I think the jury is still out on it.”

In that regard, many experts have discussed how the cyber environment is rapidly changing and actors are becoming increasingly more sophisticated.

“The question was asked yesterday: Are attacks as prolific or are they getting fewer attacks but a lot more devious and a lot more difficult to detect? And I would offer that the level of stealth of operating in this space has increased dramatically,” said Sean Roche, associate deputy director for digital innovation at the CIA. “That’s because there’s been a, I’ll say, a community of learning. Again, this is a community either on the bad side and on the good side that share. They naturally share; this is a very collaborative community.”

No comments: