When approaching a national frontier, one usually finds a set of checkpoints – one for each nation, on either side of the demarcation point – to regulate traffic.
There are still some places (mainly in Europe) where there are no checkpoints on either side, but it would seem quite odd to encounter a border where one nation has strict controls on what moves in and out of the country, while the neighbor simply puts out a welcome mat. Yet this is how today’s internet increasingly works.
The United States is the country with the welcome mat, and we are discovering that unilateral hospitality comes at a high price. The Wall Street Journal reported last week on a vast Chinese cyberespionage attack on American (and undoubtedly other nations’) corporate data stored on commercial cloud services. Dubbed Cloud Hopper, the apparently state-sponsored operation was publicly disclosed in a limited way in 2016, when two Chinese nationals were indicted. (They are believed to be living in freedom in China.) The Journal article disclosed that the operation’s scope was far larger than has been previously reported, however. Authorities are not certain it has been stopped even today. The Journal cited data provided by the firm SecurityScorecard that indicated thousands of IP addresses around the world continued to report back to the hackers’ network as recently as November.
While Chinese data sits in comparative safety – and China’s people sit in comparative ignorance of facts contradicting the Communist Party line – behind that nation’s Great Firewall, large teams of government-supported hackers or contractors work to strategically target Western government and commercial data. Security firms have been tracking the group behind Cloud Hopper for more than a decade, the Journal noted. Unlike the criminals who operate in Russia and other former Soviet states, the Chinese are typically not motivated by short-term profit, but rather by long-term strategic objectives. This is nothing new, but reports of operations like Cloud Hopper throw it into newly stark relief.
A massive hack of the federal Office of Personnel Management continued for several years in the mid-2010s. The attack compromised sensitive personal information that was gathered in many cases during security clearance background checks. This has provided Chinese intelligence services with a trove of information they can use for blackmail, as well as other espionage and foreign-policy purposes, whenever they feel the need. The Chinese have also exploited computer vulnerabilities to target activists in Hong Kong and Tibet, and other dissidents abroad.
While Americans have spent the past few years obsessing about Russian meddling in our elections – an activity that, thus far, has had little if any discernible effect on election results, other than to provide fodder for partisan political grist mills – the economic assaults from that corner of the world are escalating in cost and disruption. Prior activity focused on gathering individuals’ financial account records and other personal data for use in financial frauds and for sale on the so-called darknet. Now the targets are frequently state and local government agencies, and major institutions such as hospitals, whose systems face ransomware attacks. The attackers themselves are almost never brought to justice by the lackadaisical and often corrupt law enforcement of their home countries. In any event, Russia does not extradite its citizens.
Notably, the Russians themselves recently tested a system to isolate their internet behind a national firewall, similar to the Chinese approach. This step would protect them from U.S. and other Western cyberattacks and espionage. We have such capabilities ourselves and have been known to use them – notably (and reportedly in collaboration with Israel) to disrupt Iran’s nuclear program. Iran and North Korea both severely restrict internet traffic coming into their borders, and both have mounted cyberattacks externally. The North Koreans are believed to be responsible for the theft and disclosure of Sony Pictures emails several years ago. They also may be part of the wave of global ransomware attacks, in a bid to evade international sanctions and generate hard currency.
The early dream of an open internet that promotes freedom, democracy and independent thought is not dead. It lives in places that offer a hospitable environment for it. But it has essentially been locked out of the countries I mentioned here, as well as some others. Those countries are our principal adversaries not only because they are our economic and military rivals, but because they view data theft as a strategic weapon and internet crime as a domestic industry. That is the world in which we live, and we have no choice but to deal with it.
We need a well-regulated internet border crossing. Or, if a different analogy works better for you, say we need an internet post office, where traffic is inspected for safety and legal compliance before we admit it into the country. We should develop the capability to close the border fence when needed. Just as we have the capability in the financial system to deprive bad actors of access to dollars, we should be able to completely isolate particular countries and those that trade data with them.
This is doubtless something that our adversaries already fear. Stoking distrust of our own security agencies, which would have to put such systems in place, is one of their best lines of defense. It is not one without factual basis or logical merit. Our intelligence agencies are far from perfect and have been known to misuse their capabilities for improper ends. But that does not place them remotely on the same threat level as the Russians, the Chinese, the Iranians and the North Koreans. We need to maintain perspective.
For now, the reality is that working online leaves individuals and organizations vulnerable, especially to hackers backed by government resources. Lt. Gen. Paul Ostrowski told the ArmyTimes that the Army is considering taking some defense contractors offline entirely to keep classified information safe. “If you’re on the net right now, you’re vulnerable," Ostrowski said. An internet border crossing could mitigate some of this risk.
There would be real costs to disrupting data communications, especially with a country as economically important as China. But that’s the price of self-defense. Any sensible multinational company will learn to live with whatever system we devise. In the meantime, there is probably no reason why any community hospital or motor vehicle office needs to receive data from, say, Russia or Belarus. We should have a robust internet traffic system in place that isolates them, or at least allows them to isolate themselves, from connections to places where such traffic is apt to be ill-intentioned.
Of course, the immediate reaction to any such limitations will be for bad actors to try to use friendly countries as an intermediate staging ground for attacks. A robust defense system will need international cooperation. Otherwise, it will mean restrictions on traffic to and from places that do not inherently require such limits. We need to be prepared to work with friends who are willing and to impose restrictions on those who are not.
Right now we have an undefended internet frontier, through which nations who closely guard their own data borders attack us on a continuous basis. This system does not work. We should not allow it to survive for very much longer.
Posted by Larry M. Elkin, CPA, CFP®
photo by Flickr user DennisM2
When approaching a national frontier, one usually finds a set of checkpoints – one for each nation, on either side of the demarcation point – to regulate traffic.
There are still some places (mainly in Europe) where there are no checkpoints on either side, but it would seem quite odd to encounter a border where one nation has strict controls on what moves in and out of the country, while the neighbor simply puts out a welcome mat. Yet this is how today’s internet increasingly works.
The United States is the country with the welcome mat, and we are discovering that unilateral hospitality comes at a high price. The Wall Street Journal reported last week on a vast Chinese cyberespionage attack on American (and undoubtedly other nations’) corporate data stored on commercial cloud services. Dubbed Cloud Hopper, the apparently state-sponsored operation was publicly disclosed in a limited way in 2016, when two Chinese nationals were indicted. (They are believed to be living in freedom in China.) The Journal article disclosed that the operation’s scope was far larger than has been previously reported, however. Authorities are not certain it has been stopped even today. The Journal cited data provided by the firm SecurityScorecard that indicated thousands of IP addresses around the world continued to report back to the hackers’ network as recently as November.
While Chinese data sits in comparative safety – and China’s people sit in comparative ignorance of facts contradicting the Communist Party line – behind that nation’s Great Firewall, large teams of government-supported hackers or contractors work to strategically target Western government and commercial data. Security firms have been tracking the group behind Cloud Hopper for more than a decade, the Journal noted. Unlike the criminals who operate in Russia and other former Soviet states, the Chinese are typically not motivated by short-term profit, but rather by long-term strategic objectives. This is nothing new, but reports of operations like Cloud Hopper throw it into newly stark relief.
A massive hack of the federal Office of Personnel Management continued for several years in the mid-2010s. The attack compromised sensitive personal information that was gathered in many cases during security clearance background checks. This has provided Chinese intelligence services with a trove of information they can use for blackmail, as well as other espionage and foreign-policy purposes, whenever they feel the need. The Chinese have also exploited computer vulnerabilities to target activists in Hong Kong and Tibet, and other dissidents abroad.
While Americans have spent the past few years obsessing about Russian meddling in our elections – an activity that, thus far, has had little if any discernible effect on election results, other than to provide fodder for partisan political grist mills – the economic assaults from that corner of the world are escalating in cost and disruption. Prior activity focused on gathering individuals’ financial account records and other personal data for use in financial frauds and for sale on the so-called darknet. Now the targets are frequently state and local government agencies, and major institutions such as hospitals, whose systems face ransomware attacks. The attackers themselves are almost never brought to justice by the lackadaisical and often corrupt law enforcement of their home countries. In any event, Russia does not extradite its citizens.
Notably, the Russians themselves recently tested a system to isolate their internet behind a national firewall, similar to the Chinese approach. This step would protect them from U.S. and other Western cyberattacks and espionage. We have such capabilities ourselves and have been known to use them – notably (and reportedly in collaboration with Israel) to disrupt Iran’s nuclear program. Iran and North Korea both severely restrict internet traffic coming into their borders, and both have mounted cyberattacks externally. The North Koreans are believed to be responsible for the theft and disclosure of Sony Pictures emails several years ago. They also may be part of the wave of global ransomware attacks, in a bid to evade international sanctions and generate hard currency.
The early dream of an open internet that promotes freedom, democracy and independent thought is not dead. It lives in places that offer a hospitable environment for it. But it has essentially been locked out of the countries I mentioned here, as well as some others. Those countries are our principal adversaries not only because they are our economic and military rivals, but because they view data theft as a strategic weapon and internet crime as a domestic industry. That is the world in which we live, and we have no choice but to deal with it.
We need a well-regulated internet border crossing. Or, if a different analogy works better for you, say we need an internet post office, where traffic is inspected for safety and legal compliance before we admit it into the country. We should develop the capability to close the border fence when needed. Just as we have the capability in the financial system to deprive bad actors of access to dollars, we should be able to completely isolate particular countries and those that trade data with them.
This is doubtless something that our adversaries already fear. Stoking distrust of our own security agencies, which would have to put such systems in place, is one of their best lines of defense. It is not one without factual basis or logical merit. Our intelligence agencies are far from perfect and have been known to misuse their capabilities for improper ends. But that does not place them remotely on the same threat level as the Russians, the Chinese, the Iranians and the North Koreans. We need to maintain perspective.
For now, the reality is that working online leaves individuals and organizations vulnerable, especially to hackers backed by government resources. Lt. Gen. Paul Ostrowski told the ArmyTimes that the Army is considering taking some defense contractors offline entirely to keep classified information safe. “If you’re on the net right now, you’re vulnerable," Ostrowski said. An internet border crossing could mitigate some of this risk.
There would be real costs to disrupting data communications, especially with a country as economically important as China. But that’s the price of self-defense. Any sensible multinational company will learn to live with whatever system we devise. In the meantime, there is probably no reason why any community hospital or motor vehicle office needs to receive data from, say, Russia or Belarus. We should have a robust internet traffic system in place that isolates them, or at least allows them to isolate themselves, from connections to places where such traffic is apt to be ill-intentioned.
Of course, the immediate reaction to any such limitations will be for bad actors to try to use friendly countries as an intermediate staging ground for attacks. A robust defense system will need international cooperation. Otherwise, it will mean restrictions on traffic to and from places that do not inherently require such limits. We need to be prepared to work with friends who are willing and to impose restrictions on those who are not.
Right now we have an undefended internet frontier, through which nations who closely guard their own data borders attack us on a continuous basis. This system does not work. We should not allow it to survive for very much longer.
Related posts: