North Korea is only part of the story about cyberthreats
The Globe and Mail
December 23, 2014
What should have been another mindlessly entertaining, forgettable holiday flick is now cyberfuel for a much bigger story.
That the Seth Rogan comedy, The Interview, with its Kim Jong-un assassination sub-plot would unleash the hacking of Sony Pictures; that the studio would cancel the picture; that the FBIwould name North Korea as the perpetrator; and that U.S. President Barack Obama would vow to“respond proportionately”; has moved it from Hollywood farce to national security crisis.
The first takeaway is the continuing menace posed by North Korea’s Kim dynasty.
Now into its third generation, this rogue regime is characterized by murder, mayhem and ongoing abuse of human rights. In addition to its cyberarsenal, it possesses nuclear arms. An erratic missile capacity means that it threatens Canada (making the case as to why we need ballistic missile defence).
Defining a “proportional response” to “cybervandalism” will be a challenge for the Obama administration. The hermit kingdom is isolated from global financial and commercial markets and there is already a slew of UN sanctions on it.
The Chinese – providing most of North Korea’s food and energy – are best placed to exercise leverage but they are complicit, in league with Russia, Syria, Iran and North Korea in mutual development of their cybercapacities. Earlier this year, the U.S. Justice Department indicted members of the People’s Liberation Army for corporate cybertheft. These activities included hacking into a Canadian company responsible for protecting North American pipelines and grid systems.
Like dandelions, cyberthreats continue to spread.
Intel Security’s McAfee Labs detect five new threats per second in mobile malware. Malware attacks surged 76 per cent in 2014. McAfee’s 2015 forecast estimates more attacks on mobile devices and the Internet of Things.
McAfee warns of long-term “stealthier information gatherers.” New players will look for new ways to disrupt and steal money. They warn that criminals are beginning to act more like state actors watching and waiting to gather intelligence.
Meanwhile there is continuing debate around technology, threat and privacy.
The revelations from U.S. whistleblower Edward Snowden around data harvesting, including the private conversations of German Chancellor Angela Merkel, have highlighted privacy concerns about security agencies’ overreach.
In a world of meta-data mining, we all leave a trail of behavioural patterns whenever we go on the Internet.
President Obama rightly described Sony’s decision to pull The Interview as a “mistake.” Bowing to intimidation, Mr. Obama said, is “not who we are.” For enduring satire, Sony executives should watch Charlie Chaplain’s The Great Dictator (1940), parodying Adolf Hitler.
But privacy is different from intimidation. Sony executives’ e-mails are salacious reading but should the media have publicized them? Adam Sorkin, creator of The West Wing, argues that the hackers – “demented and criminal” – do it for a cause, but the press do it “for a nickel.”
Business needs to protect itself and its customers. Credit-card information and intellectual property are main targets but the Canadian Security Intelligence Service warns state-sponsored attackers seek information to give their companies a “competitive edge” over Canadian firms
By design, the Internet is open, dynamic, transparent, interoperable and adaptable to continuous technological improvement. It accesses and ensures the rapid, seamless flow of data and information. Security and identity protection were secondary objectives and this, observed former U.S. deputy defence secretary Bill Lynn, gives attackers a “built-in advantage.”
Apple and Google have recently added encryption features onto their operating systems to make our phones and computers less susceptible to hacking.
They are programmed in such a way as to protect these same companies from decryption, even under court order, to the concern of the FBI and national security agencies.
Next year, the U.S. Congress will debate sun-setting key provisions of the Patriot Act allowing bulk data collection by the National Security Agency. We cherish our privacy but what if there is good reason to believe a terrorist group is planning another attack?
Cybertheft, cyberesponage and cybervandalism are going to get worse. The bad guys: terrorists, criminals and rogue states.
Governments and businesses need to act in tandem. Detecting, tracing and identifying sources requires constant vigilance. Deterrence depends on continuous innovation and collaboration between and amongst business and governments.
The standards of international law in time of war are laid out in the Geneva and Hague conventions addressing, for example, a ban on chemical and biological warfare. Groups like the Global Commission on Internet Governance are helping prepare the ground for international norms on cyberbehaviour .
Keeping cyberspace open and safe for commerce and personal use is vital but it won’t happen without constant effort.
A former diplomat, Colin Robertson is vice-president of the Canadian Defence and Foreign Affairs Institute and a senior adviser to McKenna, Long and Aldridge LLP