Diatribes of Jay

This blog has essays on public policy. It shuns ideology and applies facts, logic and math to social problems. It has a subject-matter index, a list of recent posts, and permalinks at the ends of posts. Comments are moderated and may take time to appear.

14 December 2016

Shadow War


[For a more detailed analysis of how and why Russian hacking may have affected our election, click here. For a recently popular page on the coming transition in free-world leadership, click here. For a recent post on saving federalism in the EU and US, click here. For a recently updated page on Trump’s transition, with a new General Overview, click here.]

Not for nothing does today’s lead article in the New York Times sport a black border. Its exhaustive description of Russians hacking archives of the Democratic Party and its operatives may be the biggest story since Woodward and Bernstein broke the Watergate scandal in 1972. Two years later, that scandal brought Richard Nixon down in resignation.

But this story is much bigger. The Watergate Scandal involved a campaign of internecine political warfare in which no foreign power intervened. What today’s Times reveals is a foreign power cleverly using our own national divisions against us.

No one was killed. Not yet. Yet imagine something that never actually happened, but which might have strangled our struggling democracy early in its youth. Imagine a European or Asian power having taken sides in our own Civil War. Imagine clever foreign intrigue making us fight each other harder and more ruthlessly and even determining the outcome. Imagine foreigners making the South win.

Isn’t that just what the recent Russian hacking and revelations may have done, but without all the blood and gore?

Dribbled out with exquisite timing, the hacked e-mails grabbed attention at a critical time. They may have tipped the scales in November’s election. If this subtle but active foreign meddling can’t bring us Americans together to protect ourselves and our way of life, nothing short of nuclear war will. And then it would be too late.

The sad thing was how crude and simple the hacking was. It was nothing like the “Stuxnet” virus, which crawled through the internet and infected firmware controlling electromechanical devices to shut down the centrifuges Iran was using to enrich uranium. It wasn’t even as sophisticated as the thousands of viruses, worms and other malware circulating perpetually in cyberspace, against which regularly-updated software is supposed to protect our personal computers.

The Russian hacking didn’t even use malware. Instead, it got people to give up their passwords voluntarily, through simple e-mail scams known as “phishing.”

In a society inured to false and misleading advertising, operatives two or three steps from a woman aspiring to lead the free world gave up the keys to the castle without a second thought. For months, a man hired to tend the drawbridge never met with the FBI agent who sounded the tocsin. For much of that time, he wondered aloud whether the FBI agent was really who he claimed to be.

So many questions arise. Why did the FBI agent, whose office was only half a mile away, never deliver his warning in person? Did that laxity have anything to do with the fact that his ultimate boss, FBI head James Comey, later broke all professional rules in mounting an “October surprise” against Hillary on much the same issue—lax protection of emails? Or had Hillary’s “la-di-da” attitude toward a personal server in her home as Secretary of State infected everyone around her with utter carelessness regarding computer systems and security?

We may never know the answer to these questions. And that’s precisely the point. Modern information warfare—modern shadow war—is not designed to achieve a decisive victory. It may not even strike a decisive blow. It’s the modern counterpart of a gladiator throwing sand in a foe’s eyes. It may not blind him enough to enable a fatal blow, but it will put him off balance and get him to back off.

That’s precisely what Putin and his spooks were after. By luck and fate they got much, much more.

The Russian hacking set America back in so many subtle ways. At very least, it makes us look like utter fools—Keystone Kops—before the entire world. It makes us doubt the intelligence and effectiveness of our leaders. It makes us doubt our democratic system and the validity of its results. And it makes us wonder whether Donald Trump, who will take the oath of office as president in 27 days, really deserves to do so. Even after he does so, many of us will still wonder whether a foreign power’s action help install an incompetent leader in our White House.

Casting doubt on a high-stakes presidential election, and perhaps giving us an incompetent president, are about as much as any shadow-war enemy could expect to accomplish without open warfare. We have been dealt a heavy blow.

So what do we do now? Do we rerun the election? Probably not. Trying to do so might actually start a civil war. It would certainly exacerbate the divisions among us, which have never been greater [scroll to table] except during our Civil War or Vietnam era. Wouldn’t that just help the Russians achieve their goals?

Of course we cannot allow this foreign intrusion to pass without response. But an immediate counterstrike is not a good option, as the president recognized in threatening retaliation at a time and place of our choosing. The very nature of shadow war requires much thought about timing. It waits for the most opportune moment. For the Russians, another such moment will not likely come at least until our midterm elections in 2018. By then, our defenses had better be ready.

The worst thing we could do now is point fingers at each other in an attempt to avoid or fix blame. Our leaders, our pols and our government are all guilty in letting us drop our guard so badly. “Phishing?” Really? Couldn’t our kids and grandkids all have told us how to avoid falling for that?

Embarrassing and shameful as it is, this incident could be a blessing in disguise, or at least a cloud with a silver lining, if we take this opportunity to wise up. Four things we must do right away, and pretty much regardless of cost.

First, we must put our guard up. Every government officer, corporate official, political operative and non-profit employee who handles sensitive information should be instructed how not to be “phished.” People who don’t take this seriously or can’t seem to catch on should have their e-mail monitored, whether by special software or security personnel. That’s the very first line of defense.

Second, we must all give computer security much higher priority and much more money. We could vastly increase our government and military cybersecurity for the obscene cost of a just few more F-35s. We should do so.

Third, we must recognize that phishing is just the first line of attack. “Higher” stages of cyberwarfare will be much harder to perpetrate, much harder to detect, and potentially much more devastating. Imagine opening a dam’s floodgates, sending a nuclear plant into meltdown, shutting off a regional power grid, or sending city’s traffic-control lights haywire. We need a comprehensive, expert assessment of infrastructure cyber-vulnerability and a corrective plan, nationwide, and we need them yesterday.

Finally, for the kind of release of confidential information and resulting “kompromat” that the Russian’s foisted on us this time, we need much more self-restraint and common sense. We need to develop a different and better Internet culture.

In the old days, before computers, people with important jobs thought long and hard about what they said and what they put in writing. Here Wall Street was and is way ahead of our military and our political class. That’s why no banker went to jail for causing the Crash of 2008: none ever put anything incriminating in e-mail. Isn’t it shameful that greedy and reckless bankers were more circumspect than people vying to rule the free world?

If our military, government bureacrats and pols could just be as careful as Wall Street’s bankers, this phishing scandal might have had few or no deleterious consequences. When in doubt, the most basic rule is “don’t put anything in e-mail that you wouldn’t want to read in the morning paper, under your byline.”

The customs, habits and traditions of human communication arose over millennia of human social evolution. The advent of radio and television didn’t change them much, because these media were much like speaking in person, just over greater distance.

But when the Internet came along, it blew apart millennia of social conventions. Long established habits of tact, finesse, privacy, confidentiality and prudence flew out the window with the speed of light. The attractions of many-to-many communication, worldwide, blinded us to something vital in our human civilization: the stability of our human culture.

And so we have people “saying” things to each other, through e-mail, Facebook and Twitter, that they would never think of saying face to face. We have flaming and cyberbullying which go unchallenged and unpunished, when the very same behavior on the sidewalk would provoke a fistfight, or at least some heavy shoving and shouting. We have people saying things to each other about third parties, in writing, that they would never think of even saying out loud at a dinner party. We have pols and company heads indiscreetly disclosing private feelings and secrets—on a worldwide medium that can record them for all time—which once they would only have whispered into ears of listeners whose reaction and discretion they had carefully gauged in advance. And we have people who spend their days making up “fake news,” some to see how much effect it will have, some to sway elections, some for profit, and some just for fun.

The final ignominy, of course, is our president-elect. He routinely publishes, worldwide, what he thinks about others on Twitter, in words that no earlier man in his position would ever have uttered out loud. Not even most monarchs would have been that reckless.

Trump is physically a big guy, so maybe he thinks he’s immune from the normal rules of human intercourse. But I don’t think that’s really the reason. Like most of us, he subconsciously believes that the electronic medium exempts him from normal rules and customs, established over generations. Somebody, probably from the Secret Service, is going to have to take away his Tweeting devices, if only to prevent him from giving up state secrets, or starting a war, on some dark night when he jolts awake in a semi-conscious snit.

When we read old literature today, we sometimes think ourselves superior to our forebears. How much time and effort they spent in guarding, planning and restraining their communication, the way they expressed themselves, and what they said to whom! How much they cared about tact, delicacy, discretion, “honor,” and getting the point across without riling ever-present human feelings!

We don’t do much of that anymore. The results we see in the ruins of our culture and our civilization lying all around us. Our wounded and perhaps stolen election is just the most recent example. If we don’t wise up, we may some day see the radioactive ruins of a nuclear war.

As inventors of the Internet, we Yanks are responsible for this mess, and we should be the ones to start cleaning it up. We need to resurrect concepts of “propriety,” “politesse,” and “discretion” for the Internet age. We need to think before we Tweet, as much as our Founders once thought before they spoke or wrote.

Once we do, we will have much greater protection against the type of assault that has made a mockery and a mess of our most recent election. We will also be much closer to the understanding of human nature and human limitations that our Founders possessed in much greater measure, and that we must restore in our Internet age if the best of our species’ culture and civilization is to survive. The Internet has nearly dissolved our mental discipline and emotional restraint, and we must restore them.

Endnote: Among the very few things that could be done right away is for President Obama summarily to fire James Comey as FBI head. Of course at this late date the firing would be merely symbolic. But for the FBI to have let months go by, in the middle of a high-stakes presidential election, before making sure that the DNC was reacting effectively to well-established Russian hacking was a dereliction of duty of unfathomable proportions. As FBI head, Comey was responsible; if he didn’t know about it, he should have. When you add to that his gross violation of professional and Justice norms in his “October surprise,” his record cries out for making an example of him. This is a man who should never again hold a sensitive government job, except maybe in Russia.

Footnote 1: Of course the Russians inserted malware to spoon data out of compromised data systems once they broke in. But they didn’t use malware to break in; they got ahold of user’s legitimate passwords through pedestrian “phishing” schemes. The weak link was not security software, but careless personnel, although better security software might have limited the amount of data stolen.

Footnote 2: Anti-phishing software uses a simple principle: it never lets a user click on a e-mail from an “unknown” source, i.e., one to which the user has not previously sent an independent, non-automated message. The software compares not just nicknames or abbreviated addresses, but the full, detailed addresses hidden in the headers of messages, or the actual IP addresses. Other refinements prevent the user from sending e-mails to addresses automatically picked up from incoming messages. Users could achieve the same effects by opening the headers of suspicious messages and making sure they are legitimate, but most users don’t have the technical knowledge or patience to do this. Hence the success of the Russians’ phishing.

permalink

0 Comments:

Post a Comment

<< Home