Black Hat-DefCon round-upU.S. "cyber flank" exposed

Many points of attack and no topographical boundaries make a difficult-to-defend flank // Source: defensetech.org

Former U.S. spy master and retired general Michael Hayden warned last Thursday that the U.S.“cyber flank” was exposed and it was losing clout to influence rules of war on the Internet. “Our flank is totally exposed,” Hayden said at the Black Hat computer security gathering in Las Vegas, comparing the U.S. tactical position on the Internet to a battle of land troops. “If tomorrow they show up on that flank they are going to roll down.”

Black Hat founder Jeff Moss equated the situation to the nuclear face-off between superpowers during the cold war years of his childhood. “You could wake up any day and get nuked, but you got up every day and went on with your life anyway,” Moss said.

AFP reports that Hayden dodged giving his assessment of the threat level on the Internet, saying people were abusing the term “cyber war” by applying it to anything unpleasant that happens on the Internet.

The former head of both the CIA and the top secret National Security Agency (NSA) dismissed the idea of labeling online espionage as acts of war since it is standard practice between nations. “If you understand the meaning of war to include intelligence gathering, sure there is cyber war,” Hayden said. “We don’t call sucking out information an attack. That’s exploitation. States do that all the time.”

The retired general said he was in “absolute awe and wonderment” at the Chinese cyber espionage campaign but that they were certainly not the only nation doing it and the United States is “actually very good at this.”

There is not a country on the planet that has promised to refrain from cyber spying, according to Hayden. “Quit whining, act like a man and defend yourself,” he concluded, quoting advice his father gave him when he was a boy.

He faulted an Internet built on the premise of quickly and freely sharing information for creating an open landscape that gives attackers an edge over defenders. “You guys make the cyber world look like the north German plain and then you bitch and moan because you get invaded,” he told a Black Hat audience. “We all get treated like Poland on the Web.”

Hayden called for the creation of Internet versions of rivers, mountains, and other geographic features that soldiers use for defensive positions in real world battles. “Cyber is a domain like land, sea, air, and space,” Hayden said. “The difference is that God made four and you made the last one. God did a better job.”

He welcomed recent signs that U.S. officials are open to establishing international rules of engagement on the Internet, saying the move is far overdue. “We’d better move fast; our voice in this is weaker as time goes by,” Hayden said.

The United States should have taken the lead in setting cyber codes of conduct a decade or more ago, when it was king of much of the technology involved and countries weren’t walling off territories on the Web, he added. “Now that you see this gradual balkanization, the US influence weakens,” Hayden said.

Sensitive targets such as power grids and financial systems, while legitimate targets in times of war, could be deemed off-limits to routine espionage to avoid unintended catastrophe.

Countries could be made accountable for any cyber attacks from within their borders and aid could be given to nations that genuinely want to curb online espionage but lack resources.

He contended that state-sponsored spying causes so much “turbulence” on the Internet that calming the behavior with international rules of behavior would make it easier to spot “truly malevolent terrorist” attacks.