Modern field guide to security and privacy

Opinion: After DNC hack, US must better prepare for information warfare

The Democratic National Committee email leak bears the hallmarks of an information warfare operation – the sort of security challenge in cyberspace that our nation is still inadequately prepared to prevent.

Lucy Nicholson/Reuters
Bernie Sanders supporters protested Hillary Clinton at the Democratic National Convention in Philadelphia on Thursday.

Last week, the website WikiLeaks posted thousands of emails illegally obtained from the Democratic National Committee. Some contained sensitive information about donors, while others provided a disturbing look into a potential bias underpinning internal deliberations and operational decisions at the DNC.

As a Democrat, I am distressed by the appearance of favoritism in any form. However, as an American, I am deeply worried that our nation is still not adequately prepared for the new security challenges we face in cyberspace.

When I founded the Congressional Cybersecurity Caucus in 2008, my foremost concern was that a cyberattack on critical infrastructure could result in physical damage, a fear made real with the attack on Ukraine’s electric utilities last December. While leading the caucus, I have also seen hackers break into databases in pursuit of financial information, trade secrets, and even personal details of government employees. All of these targets remain at risk.

But I’m afraid that our understanding of the threats in cyberspace is not keeping pace with the rapid advances in technology and the avenues of attack they enable. The DNC email leak, for instance, bears all the hallmarks of an information warfare operation, timed as it was to coincide with announcement of the Democratic vice presidential pick and the commencement of the convention.

The doctrine of information war is not new. We saw it used extensively during the cold war and it continues to be used today. During the illegal Russian annexation of Crimea, local news outlets were flooded with false stories of repression of ethnic Russian populations. The Russian television network RT that broadcasts in English, Arabic, and Spanish has deliberately disseminated inaccurate stories favorable to the Russian regime. New media have also been targets of recent campaigns: Witness the Russian “troll armies” who sow confusion on comment boards across the internet.

But these examples apply 20th-century thinking to 21st-century technology. In Crimea and with RT, Russia simply owns the television channels and can thus schedule programming as it wishes. The comment trolls rely on the free speech protections enshrined in many societies for decades or centuries. And, in this age of choose-your-own content, they rely on readers, viewers, or listeners making an active choice to tune in. This reliance hampers their ability to cause harm: after all, how many Americans watch RT?

The DNC hack is different. The content is fresh, salacious, and stolen, which means American news outlets are more than happy to do most of the dissemination. Though the data passed through foreign servers and may have been modified, many of the emails are, undoubtedly, authentic: They are impossible to dismiss as purely propaganda. They are also anonymous – the face of the leaks to this point has been WikiLeaks founder Julian Assange, who was almost certainly not involved in the theft of the emails.

All of which means we are likely to see many more hacks in this style. There has been a lot of speculation that Russia was behind the breach and the leak, and I have full confidence that government investigators will find those responsible. But whether the attack was carried out by the Russian government, at its behest, or by an independent party, the consequences of the hack are all too real.

Those opposed to our interests know all this. They also know that the cost of attacking us in cyberspace is low. While attribution is steadily getting better, it has been complemented with the rise of state-sanctioned private hackers whose ties to governments are murky at best.

So we have our work cut out for us. We need to raise our cyberdefenses in government and in the private sector, to make attackers work harder to get into our systems. We need to develop norms of nation state behavior in cyberspace that preclude attacks on civilian infrastructure and allow us to hold actors accountable. And we need to build resilience to lessen the payoff when breaches inevitably do happen.

In the eight years I have been working on cybersecurity, I have seen the issue gradually take on prominence. Most of my colleagues in Washington understand that the benefits we reap from our interconnected economy bring risks as well. But despite breach after breach, there is still not a sufficient urgency to the discussion. Cybersecurity is the security challenge of the Information Age. Our adversaries clearly know it; shouldn’t we?

Congressman Jim Langevin, a Democrat from Rhode Island, is the cofounder and cochair of the Congressional Cybersecurity Caucus, and a senior member of the House Armed Services and Homeland Security Committees.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.