Former National Security Agency (NSA) Tailored Access Operations (TAO) Officer, and the Chief of Outreach at the Army Cyber Institute at West Point, Dr. Michael Klipstein appeared on Episode #85 of Task Force 7 Radio this week, with host George Rettas, president and CEO of Task Force 7 Radio and Task Force 7 Technologies. The topic of discussion was information operations including why they are so easy to conduct by Nation States, and how they have become so dangerous to the National Security of the United States.
Rettas and Dr. Klipstein discussed why cyber security has become one of the top national security issues that most western countries face, how the United States has taken a stand of "Defending Forward" and what that means in terms of U.S. Cyber policy. Dr. Klipstein also talked about how the Russian Government has excelled at information operations, what lessons they have taken from China's long term strategy; how hostilities via the Internet are creating new "norms" across the globe; how SouthCom is approaching cyber security operations; and how the United States and its allies should be sharing intelligence information.
When Did Cyber Security Become Such A Big Problem?
According to Klipstein, if you start looking at the White House Council of Economic Advisers report that come out last year, they're estimating that somewhere between $57 and $109 bn dollars worth of theft happened in the US economy last year alone. “For those of us working in cyber operations, there's no surprise in that. Our adversaries have realized that cyber space is an asymmetric space that has supplied a militarily advantageous entity. And so for them, it's much easier to operate in cyber space to gain intellectual property, to stunt the US efforts, etc.”
The biggest thing is, they do it without attribution. In the US we've realized that cyber operations are more than just a way to collect intelligence: That we can use these also for augmented kinetic wartime, and potentially used as their own line of effort.
So just think about this one for a moment said Klipstein: What if a nation could be made to capitulate to an adversary without any troops, tanks, or planes leaving their home station? That would be a really powerful message. In some places that is possible because so much of what that nation holds dear is tied to the internet.
Rettas then asked if that is possible right now — can other countries actually hold some countries hostage just by a cyber attack, and basically make them capitulate?
“We started seeing some of this stuff happening in 2008. When you start looking at Georgia and when you start looking at Estonia, a lot of these nations have a lot of their critical infrastructure to include things for their personnel, whether it's voting, whether it's for maintaining your identity, diver's license, etc., all connected and done online. You do not go into a physical place and do it. It's all done online,” said Klipstein. “So if you can handle that kind of an attack, more power to you. But even in the United States, imagine this: What if somebody crashed Wall Street? What would that do to the American public?”
Information Ops Front And Center In Cyber Space
Cyber operations, which was once called CNO, was considered to be a pillar of information operations. The paradigm shifted once cyber became a little bit more well-known and money was attached to it.
“So now that we're starting to go back to that old paradigm because we realize that there's a huge overlap between cyber space operations, information operations and electronic warfare — that one, they're mutually supportive of one another; and two, that they are actually delivery mechanisms for one another,” explained Klipstein.
See Related: “Nation-State Security Trends Report 2019”
When you look at the top 20 Facebook pages managed by the IRA (which is the Russian troll farm) those 20 pages generated over 38 million likes, over 20 million shares, and over 3 million comments. The top page alone received over 6 million likes. The Russians played both sides of the special interest groups for multiple issues such as African American justice, immigration, white supremacy, and others. It's quite easy to start dividing a nation or a populace when you start playing both sides of the fence like that noted Klipstein.
For example, one of the criminal examples Klipstein teaches at Columbia is Facebook's largest Black Lives Matter page, which was in fact “run by a middle aged dude in Australia,” Klipstein said. “He acquired over $100,000 in donations and had over twice the number of followers as the legitimate site. Think about that for a moment. So if he actually wanted to divide a society, he had a stronger position to do it than the actual Black Lives Matter website did in the movement. He could have ignited a firestorm. So criminals are in a position to start doing this also for their own purposes.”
A Sudden Sense Of Urgency
Typically, the US has had a narrative of “we're here to bring freedom and democracy, and it's always been through a US lens. Well not everyone wants the US version of freedom and democracy,” according to Klipstein.
“So on a larger scale, we have used information operations as effectively as we could have when we're dealing with either partner nations or adversaries. We need to tailor our messages to fit the situation at hand so when we work with another partner nation or a nation we are trying to reconstruct, we have a message that resonates with them, to their value system. When we speak to our adversaries, we have a message that resonates to them and their value system, and keeps them from doing things that they want to do.”
The US hasn’t declared a red line in the sand for cyber space operations, so how much money has to be sold before it is an active war? We do not know that, but the bottom line is that with each administration, that value calculus changes a little bit.
Russia not only aims to achieve its objectives without force, but they also have taken a very long-term approach to this. They have also taken a cue from some other nations, specifically Iran and China.
[inlinead-1]
“If you're a security advocate and you think that the United States Government should have keys to read encrypted communications and things of that sort. Do you think that your opinion changes if you think about the Chinese government reading your communications instead of the United States Government?” asked Rettas. “Some of these people out there probably say, ‘Who cares about me? I am not even important. I don't have anything important to say.’ What do you think the reaction's going to be?”
Klipstein said, “I've had this conversation with some of my family members actually, and so my family members may not have anything important that the Chinese will care about per se, but what if my family member is then masqueraded by the Chinese to perpetrate fraud, crimes, whatever the case may be? Or their device is then used to break into other places or to create a DDoS? Just because that little device that's in your pocket makes telephone calls, it's still a computer that sends out the same amount of data as what your laptop or a server can.”
So the takeaway according to Klipstein and Rettas is, “Everybody should care.”
Where Do We Go From Here?
“What's the way forward in your opinion, the best way with all these security threats that we're looking at, with all these very complicated and sophisticated issues about Chinese infrastructure, and along with our allies, and apparently even with some telecoms here in the United States, what are the next steps? Where do we go?” asked Rettas.
In Klipstein’s opinion, “The US needs to work more as a whole society effort across government and industry. Therefore, the private sector sees far more than what the government sees as far as threats and attacks and vulnerabilities. As a society, we need to work more hand-in-hand with one another. When I say that, as government and the private sector.”
He added, “You got to remember, so in the private sector, they hold the vast majority of holdings within power generation, telecommunications, banking, and other big sectors that keep America moving forward. And so we as government, specifically the DoD; 1. Don't have the numbers to protect all that stuff; 2. Don't have the authorities to protect all that stuff. And that's fine. There are other government agencies for that. But DHS is shorthanded also. All of us are shorthanded. There is not enough of us to go around period. Said. Done. So to protect America and America's interests, we need a whole society effort.”
See Related: “4 Ways To Defend The Enterprise From Nation-State Attacks”
The ‘Task Force 7 Radio’ recap is a weekly feature on the Cyber Security Hub. To listen to this and past episodes, click here.