Latest News Editor's Choice

Technology / Internet

The Politics of Cyber Security: A State of Anarchy?

by Bongani Mazwi Mkwananzi
03 Jul 2020 at 20:09hrs | Views
"Man is by nature a political animal" Aristotle.

The realm of electronic communication, viz-a-viz cyberspace has taken a complex turn into a murky, treacherous, if sometimes not a total ridiculously over-hyped arena of hyperventilating, hysterical nincompoops!

Ok fine! They are not all mad. Just that THE journos also got wind of the cyberspace threats and have hyped it up quite dramatically and in fashions that tend to be quite biased. Come on! "we've been having it!" as Vodacom's famous advert of the dictator used to proudly pronounce.

The Internet was initially created with inherent frailties. For goodness sake, this was initially used by a bunch of collaborators (No! l am not talking about any Zimbabwean military personnel here!). The US military through DARPA and a couple of universities created the inter-network as a resiliency focused communications mechanism which was initially used for resource sharing.

Politics the word is taken from the Greek word "polis", meaning the state or community as a whole. The concept of the "polis" was an ideal state and/or community propounded by the Platos and Aristotles of this world.

Human nature being human nature, suffers from a serious dichotomy. Wherein the first nature of a human is to be inherently "good" and trusting, its instinct and possibly societal instilled or base premise teaches the human to be self preservative.

Now let us turn to security. Having to self preserve, the human tends to think and act, whether as an individual or as a group who shares any interests, with foremost regard to his own interest - self perpetuation being the foremost.

Who Are We? Self‐interest presumes the idea of a "self" – that is, a conception of who one is and what their purpose is. In many economic applications, the maximand is clear. It is reasonable to assume households want to maximize their consumer surplus and producers their profits, although these assumptions are not always entirely uncontroversial. In the political sphere, the choice of what is to be maximized is much less evident: depending on context, honor, glory, reputation, respect, income, power, durability in office, and "good of the country" being all plausible.

How we evaluate different social states and judge whether they advance our "interests" depend crucially on how we define ourselves. We might view ourselves as a member of a social class ("middle class"), ethnic group ("white/black majority"), religion ("evangelical"), nation ("global citizen"), demographic cohort ("baby boomer"), profession ("educator"), or a myriad other possible identities.

Interests, in fact, are "one form of idea" as according to Béland and Cox. In international law, a parallel discussion pits "legal realists" who argue that behavior among states is determined exclusively or largely by national interests against scholars who see a significant role for norms of justice or law (Howse 2013; Goldsmith and Posner 2005).

International relations thus has contending general theories or theoretical perspectives. Realism, also known as political realism, is a view of international politics that stresses its competitive and conflictual side. It is usually contrasted with idealism or liberalism, which tends to emphasize cooperation. Realists consider the principal actors in the international arena to be states, which are concerned with their own security, act in pursuit of their own national interests, and struggle for power. Realists' emphasize on power and self-interest and often harbor skepticism regarding the relevance of ethical norms to relations among states. Realist' see national politics as the realm of authority and law, whereas they feel international politics, is a sphere without justice, characterized by active or potential conflict among states.

International relations realists emphasize the constraints imposed on politics by the nature of human beings, whom they consider egoistic, and by the absence of international government. Together these factors contribute to a conflict-based paradigm of international relations, in which the key actors are states, in which power and security become the main issues, and in which there is little place for morality.

Twentieth-century classical realism has today been largely replaced by neorealism, which is an attempt to construct a more scientific approach to the study of international relations.

"Realists, and especially today's neorealists, consider the absence of government, literally anarchy, to be the primary determinant of international political outcomes. The lack of a common rule-making and enforcing authority means, they argue, that the international arena is essentially a self-help system. Each state is responsible for its own survival and is free to define its own interests and to pursue power. Anarchy thus leads to a situation in which power has the overriding role in shaping interstate relations."

Insofar as realists envision the world of states as anarchic, they likewise view security as a central issue. To attain security, states try to increase their power and engage in power-balancing for the purpose of deterring potential aggressors. Wars are fought to prevent competing nations from becoming militarily stronger.

In talking about "interests" we are talking about predispositions embracing goals, values, desires, expectations, and other orientations and inclinations that lead a person to act in one way rather than another. In everyday life we tend to think of interests in a spatial way: as areas of concern that we wish to preserve or enlarge or as positions that we wish to protect or achieve. We live "in" our interests, often see others as "encroaching" on them, and readily engage in defenses or attacks designed to sustain or improve our position. The flow of politics is intimately connected with this way of positioning ourselves.

The Stuxnet attack on Iran by the USA and Israel is an example of states that share a common personal, military and economic interests (the two nations also share strong ties, as an overwhelming majority of Israelis have relatives and friends in the United States with whom they maintain close contact. In fact, the number of phone calls between Israel and the United States ranks as one of the highest per capita in the world.) ganging up against a perceived threat. The US. and Israeli governments intended Stuxnet as a tool to derail, or at least delay, the Iranian program to develop nuclear weapons. The Bush and Obama administrations "believed" that if Iran were on the verge of developing atomic weapons, Israel would launch air strikes against Iranian nuclear facilities in a move that could have set off a regional war. Operation Olympic Games was seen as a nonviolent alternative.

The Israeli experts are said to have built a replica of the Iranian Natanz facility in their Negev Nuclear Research Center in Dimona, a plant referred in 1986 by The Sunday Times as a strategic plant for the Israeli intelligence.

"The target of the attack was to modify the operation of high-frequency power drives made by Vacon and Fararo Paya. These drives were controlling the centrifuges that were enriching uranium."

Ralph Langner ventures to call the Stuxnet attack "History's first field experiment in cyber-physical weapon technology".

It should therefore be a priority for cyber defenders to understand the techniques and tactics employed by the joint USA/Israeli and Siemens threat actors equally well, if not better. While the attack was highly specific, attack tactics and technology are not; they are generic and can be used against other targets as well. One can read the very detailed technical details of the attack in a paper by Ralph Langner, a German expert on industrial control systems.

The anarchic state of Cyber weapons proliferation and their wanton disposal, release or unintended loss to the public domain brings another dimension about interests that l will talk about as we proceed. Retired General Michael Hayden a former head of the National Security Agency and was CIA director under George W. Bush said this about Stuxnet:

"This was a good idea, alright? But I also admit this was a really big idea too. The rest of the world is looking at this and saying, "Clearly someone has legitimated this kind of activity as acceptable international conduct." The whole world is watching."

The role played by commercial entities as was done by the vendor Siemens also brings to fore the collusion and/or coalition of groups with common beliefs and interests – despite possible negative commercial implications this may have. We have seen the Kaspersky, Cisco, HP, Lenovo, Huawei accusations of back door and exflitration sagas. The NY Times reported an intense collaboration of researchers from the Idaho National Laboratory at Idaho Falls and experts from Siemens. Inside the Idaho National Laboratory, US experts tested the Siemens PLC systems to discover security vulnerabilities to be exploited in Stuxnet attack.

Siemens only confirmed that its support was a routine effort to improve the resilience of its solutions against cyber attacks. Assuming that these tactics and weapons would not be utilized by follow -up attackers is as naive as the foul-cry now generally exhibited by the USA and its allies about alleged Russian, North Korean or Chinese attacks on its infrastructure. It is known that roughly 30 nations employ offensive Cyber programs, including North Korea, Iran, Syria, and Tunisia. It should be taken for granted that every serious Cyber warrior will copy techniques and tactics used in history's first true Cyber weapon and use other generally available tools and techniques.

The Ukrainian power grid attack and the Georgian attacks - which were a precursor to "invasion" by the conventional Russian forces shows how far the stakes have been raised in the Cyber Warfare Domain. NATO's article 5 officially declaring cyberspace a warfare domain and confirming that a Cyber attack on any of its allies would be considered as an act of war also raises the stakes and intensifies the "arms" race.

The anarchy is still in the "missing" consensus on the rules of engagement on Cyber War. The Geneva convention has always been the de-facto reference to rules of engagement and when a set of common interest groups decides on a solo set of rules, anarchy manifests in the international arena. The crux is sometimes in the "evidence" of perpetrator. Cyber threat actors have long been able to hide behind false identities and cover all trace and origination of illegal activity. We have seen the level of sophistication of these cyber-attacks increase exponentially in recent times, and so it will prove a considerable challenge for NATO to prove and defend on its new set of regulations against the wave of next-generation hackers, who are now armed with highly advanced and targeted tools.

In this whole murk and anarchy, comes the roles of propaganda.

"A lie told once remains a lie but a lie told a thousand times becomes the truth" Joseph Goebbels.

In true Goebbels style, the media has trumpeted a narrative that depicts some nation states as the nemesis. One is even reminded of an interview made to Russian Federation President Vladimir Putin by Megyn Kelly and the exchange just showed the general lack of understanding of "hacking" and cyber security technical matters by the hyperventilating media.

The interview took place in St. Petersburg in June 2016, after Kelly had moderated the St. Petersburg International Economic Forum, "Putin's signature event." Clips were played from the event that showed Kelly asking Putin in front of 4,000 guests about Russia's role in the hacking of the 2016 U.S. presidential election.

Did Russia hack the U.S. election, she asked, pointing out that U.S. intelligence agencies had found ample evidence, "fingerprints," that it had meddled.

"What fingerprints, hoof prints, horn prints?," he answered dismissively. "What are you talking about? … It could come from your home IP address, as if your daughter carried out the attack."

The DNC hacks can be said to be one of those tales even conspiracy theorists would not have dreamed of. Who hacked who and when and why isn't anyone asking why a whole Minister of State has an unsecured "private" server and all the other technical details cyber security professionals should be looking into?

The matter of "interests" comes starkly to the fore once again and narrative after interest serving narrative is served to the regurgitating public. Headlines like: "In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking" The New York Times.

"Russian government hackers penetrated DNC, stole opposition research on Trump" The Washington Post.

"What Russia's DNC Hack Tells Us About Hillary Clinton's Private Email Server" Forbes.

The New York times would give the Russian motive as "Initially, many analysts believed that Russia's goal was to sow confusion and undermine Americans' faith in their government — a common Russian tactic — rather than to steer the election's outcome."

Goebbels principles of propaganda parts 6 and 13 are just a classical example of how information dissemination has been used as a tool to manipulate the environment to suit one's interests. Principle 6 says:

"To be perceived, propaganda must evoke the interest of an audience and must be transmitted through an attention-getting communications medium." Questions arise as to who has control of what medium? Would one say the Americans have the conventional media – the CNNs, NY times, Foxes and similar? One then wonders who has control or slipped information to Wikileaks? Who stands to gain from a trove of damaging if not revealing emails? Whose interests are served when a WMD (forgive my exaggerations! - just excitement) type cyber weapons as is contained in the CIA Vault 7 leaks?

Propaganda principle 13 says:

"Propaganda must be carefully timed (1.) The communication must reach the audience ahead of competing propaganda (2.) A propaganda campaign must begin at the optimum moment."

Russia has been quoted many times talking of asymmetrical warfare. I do not insinuate anything, l merely am asking questions!

There are countless other acts between nations; including but not limited to the Australian communications, metal detection and mining technology firm Codan, whose metal detector blueprints are alleged to have been stolen by Chinese hackers to sell as cheap imitations into Africa. Once again Micheal Hayden is heard saying China's efforts against Australia had been primarily focused on "the theft of information, and really by and large the theft of information for commercial profit", activities which he said go beyond acceptable state-on-state espionage. The duplicity in the answer from a man who participated the worlds first Cyber-physical attack on a nation state is quite disingenuous! However the matter of anarchic tendency for "self-interest" without concern for ethics in the international arena is quite stark.

NBC news flighted an article about A Ukrainian group calling itself Cyber Hunta which is said to have released more than a gigabyte of emails and other material from the office of one of Vladimir Putin's top aides, Vladislav Surkov, that show Russia's fingerprints all over the separatist movement in Ukraine.

The true question starts to be: What is lie and what is truth in the Cyber security and warfare domains? Who is doing what to whom and to serve what interests?

In order to understand the day-to-day political dynamics of organizations and groupings, it is also necessary to explore the detailed processes through which people engage in politics. For this purpose, it is useful to return to Aristotle's idea that politics stems from a diversity of interests, and trace how this diversity gives rise to the "wheeling and dealing," negotiation, and other processes of coalition building and mutual influence that shape so much of organizational/groups life.

State/organization's politics is most clearly manifest in the conflicts and power plays that sometimes occupy center stage, and more fundamentally, politics occurs on an ongoing basis, often in a way that is invisible to all but those directly involved.

We can analyze politics in a systematic way by focusing on relations between interests, conflict, and power. Organizational politics arise when people think differently and want to act differently. This diversity creates a tension that must be resolved through political means. There are many ways in which this can be done: autocratically ("We'll do it this way"); bureaucratically ("We're supposed to do it this way"); technocratically ("It's best to do it this way"); or democratically ("How shall we do it?"). In each case the choice between alternative paths of action usually hinges on the power relations between the actors involved. Divergent interests give rise to conflicts, visible and invisible, that are resolved or perpetuated by various kinds of power play.

With man being a political animal who tends to look out for his interests and naturally self preserves. The rules of engagement in the cyberspace and particularly cyber security have never had more need to be defined, lest the state of anarchy perpetuates.

Source - Bongani Mazwi Mkwananzi

Get latest news by email: