Common Cents

With I.T.

Ralph Murphy

(5/2015) In the 1960s you had to be "with it" or you fell behind. Today you have to be "with I.T." I.T. being Information Technology - a term coined in the late 1950s to describe the emerging field of government, computerized information storage and use. This field was particularly important to the government’s intelligence community. It eventually became useful to both the government and private sectors. I.T. evolved faster than legislation to control it leading to potentially, devastating cyber attacks against its users. Government and private sector actions to counter such attacks have been slow in coming and cyber users can’t always discern friend from foe.

The I.T. world is described as any applied mechanism to "store, retrieve, transmit, and manipulate data" by any computer- capable business or enterprise. It has been sourced in stages dating back to the first writing by ancient Mesopotamians in 3000 B.C. Of immediate concern is the cyber or computer-related information storage and retrieval that serves as the foundation for business and government in the modern era. The modern era’s dependence on I.T. is almost socially absolute, and the target of cyber espionage that steals data for varied uses, and cyber attacks that may steal computer data. They may also destroy dependent systems to include "satellites, military systems, power, water, fuel, communications, and transportation infrastructure."

Cyber information gathering was the result of technological advances that afforded computer application to double every 14 months between the mid 1980's and 2007. Much of the data collected is simply stored worldwide in "data tombs", but these are subject to "data mining" given lack of defenses and opportunity for personal gain.

A hackers' reasons for accessing often unwitting, targeted computer system data include exploitation for "profit, protest, challenge, enjoyment, or self defense testing." It has created a "computer underground" with "white hats" who are seeking to improve defenses and "black hats" who access systems for personal or commercial gain. The problem appears clear cut, but it isn't. The competition has blurred to the extent where leadership consensus to secure data is not universally applied amid staggering levels of collusion. Collusion involving ideological opponents and lack of consensus on a forward production strategy.

Two bills have been presented to the US House and Senate Intelligence Committees to legally require the sharing of all cyber data from any source. The government is used as a legitimate broker. The Cyber Information Sharing and Protection Act (CISPA) and the subsequent Cyber Information Sharing Act (CISA), is a "watered down" version of the same bill. They leave the key provisions in tact and are still being considered. At this writing both are unlikely to pass as the House of Representatives has overwhelmingly passed the "National Cyber Protection Advancement Act" (NCPA) which would make the provision of cyber data optional between users with the Department of Homeland Security involved as a broker. All three bills were presented as security matters, but the CISPA and CISA would open all cyber data to all foreign and domestic players with unimaginable opportunities for damage to the provider, and for gain to the receiver.

General Keith B. Alexander, Director of NSA and Commander of the US Cyber Command recently warned the Senate Military Appropriations Committee that the computer interchanges amounted to acts of war. He allowed "there is a mismatch between our technical capabilities to conduct operations and the governing laws and practices." It may go even deeper than that as the opposition is often ill defined to the point where internal access of what should be classified data results in systemic failure and quick gains to opportunists. That can cost them money and it can also knock out the power or even launch weapons systems in the most extreme manifestation of the concern.

The US Cyber Command considers itself at war with emerging threats, and while tied to land, sea, air, and space weapons systems – is also active in the computer realm trying to thwart both foreign and domestic penetration. The opposition is hard to detect, or even define, amid coercive interactives. There are high complexity attacks against traditional government institutions that include military installations and civilian Executive agencies. But, these attacks are not countered because they are viewed as coming from "friendly" internal or external sources.

An "Act of War" can be considered a "Proven sovereign foreign power impetus in acts of destruction toward the citizenry or property of another nation." Physical projectiles are one means of causing damage, but cyber theft can be far more damaging and our laws have not kept apace with this threat.

At present, there is no US or international effort that is addressing this challenge.

The threat groups are not well defined, but may involve a single, unified entity or multiple entities. They may be in competition with other groups in the same field. There is no data sharing that compromises the various efforts, and the most aggressive players stand to win it all.

Illegal hacking will likely continue once an interactive basis is established, but right now Congress and the Executive branch are dealing with the core tenets of competition versus collusive interaction. The resultant systemic resolution and legislation reflects the social anomie. The NCPA, while a bit risky in a competitor's information sharing, may be a turning point in resolve to coherence in security and competition within the United States government. A broader issue and structure may then be established for international interaction.

If it is not, then suspicious power outages and military infighting could become a fact of life in our I.T. future.

Ralph Murphy is a former member of the CIA Headquarters Staff in Langley, VA.