Crossroads Blog | Institute National Security and Counterterrorism

Uncategorized

A Year In Review

I'm going to take a stab at a 2011 review and 2012 predictions of all things cyber.  I wanted to have both done by the New Year, but seeing as how I nursed ginger-ales for most of today, it just didn't happen.  I'll be aiming to roll out the prediction thread tomorrow.  I linked all of the biggest stories of the year at the bottom of this post.  Note that these links only extend to August 2011, so mostly it's a half year in review.  Also, the linked stories don't give a comprehensive view of everything that happened; I'd check the categories feature on the sidebar for more.  Nevertheless, they do represent the biggest stories of the past few months.

That leaves us with the review post.  I started writing for this blog in August, and needless to say, this has been a hell of a year for cyber-related news.  2011 was dubbed the year of the hack, and it certainly lived up to that reputation.  Consequently, I wonder if 2012 will be dubbed the year of more hacking.  Whatever the case, there was a media deluge of cyber-related news, and I often had trouble keeping up with it all.

That leads me to my first point: everybody is a lot more aware of cyber-related issues.  At least they should be.  The media was quick to cover any story related to cyber-attacks, hacking, or cyber-espionage.  I mention this because a few years ago, cyber-related issues just didn't get the same amount of focus.  Now we have massive media responses to a water pump burning out in Illinois.  It's certainly a change, and I believe overall it's a positive one.  The only drawback is that this new attention may hype threats.  I love writing about cyberattacks that could bring down the US power grid; that stuff is exciting is read.  It's also very unlikely to happen.  For all this new-found attention, we must be careful to separate the spectacular cyberattacks that could happen (i.e. an attack on the US power grid) from the more mundane cyberattacks that are happening (like systematic Chinese cyber-espionage). 

As for the Chinese, they dominated the year in cyber-news.  I realize that China doesn't get much love on this blog, and I may focus on their hacking efforts (as opposed to other countries) too much, but damn they make it easy.  It seemed that every other day there would be a new report about Chinese cyber-espionage.  Moreover, the pervasiveness of their cyber-espionage just blew me away.  I'm not going to get into every cyberattack, but Chinese hackers broke into almost every industry on a world-wide scale.  Moreover, anger began to grow over Chinese cyber-espionage.  Over the past few months, I've noticed an increase in rhetoric that called for a strong response to Chinese cyber-espionage.  I'm thinking of the various op-eds, US lawmaker's comments, the ONCIX report naming China as one of the world's greatest cyber-thieves, the London Conference all but naming China as one of the world's greatest cyber-thieves, and articles considering whether the US and China are headed towards cyberwar.  In essence, 2011 was the year that we learned of the full extent of Chinese cyber-espionage.

2011 also saw US cyber policy come under review.  Unfortunately, that policy is still unclear.  We had some clarification on offensive cyber operations, but nothing specific.  We didn't get rules of engagement for cyber-operations.  We also didn't get a definition of when the US would engage in offensive cyber operations (all we know is that the DOD can respond to "hostile" acts).  This lead many commentators to question the deterrent value of our offensive cyber-capabilities.  More importantly, it looks like the US is worried about establishing a strong cyber policy.  The Obama adminisration decided against using cyberattacks in Libya for fear of establishing a precedent that would allow for attacks against US systems.  In essence, 2011 showed that the US cyber policy needs work.

2011 brought us new cybersecurity legislation.  The two major peices of legislation were the PrECISE Act and CISPA.  Both acts seek to increase threat-sharing on cyber threats between the US government and US corporations.  However, the bills place cybersecurity authority in different hands.  The PrECISE Act places cybersecurity authority in the hands of DHS, while CISPA places that authority with the NSA.  Needless to say, a few were worried about the privacy implications of the NSA having broad cybersecurity power within the US.  

2011 also brought us a renewed concern about the vulnerability of critical infrastructure.  Remember the supposed cyber-attack on the Illinois water plant?  Ok, that wasn't a cyberattack, but that entire story still had huge implications.  Even though it wasn't a cyberattack, it seems like the threat of a cyberattack on critical infrastructure finally became real to people.  We've heard for years that critical infrastructure was at risk, but it really took a water pump burning out to drive the message home.  I still believe that the threat is an unlikely one.  However, the entire episode drove a review of critical infrastructure protection, made SCADA systems famous, and proved that this sort of cyberattack can actually happen.

2011 brought us a new look at our old pal Stuxnet.  Mostly we learned of Duqu, and how it was the son of Stuxnet.  However, two significant stories came out.  The first explored how Stuxnet, Duqu, and Conficker may have been coordinated to work together.  Remember that Conficker was dubbed the worm that could destroy the internet; it currently has millions of computers under its control.  To think that Stuxnet, one of the most advanced computer viruses ever seen, was somehow interacting with Duqu and Conficker just blows my mind.  Then comes the second story: Duqu and Stuxnet were reportedly created on the same software platform.  Moreover, the two viruses communicate with each other, and there may be three other computer viruses built off of the same code as Stuxnet.  I find this fascinating.  We know Duqu is traipsing about the world, peeking into industrial control centers and causing all sorts of mischief.  We know Stuxnet is still around.  Conficker is just hanging out, controlling millions of computers.  Something is going on.  And there has to be a nation-state behind it.  I believe (and hope) that the US is behind Stuxnet, and that the US has a far more advanced offensive cyber-capability than previously thought.  Whatever the case, 2011 showed us that there is more to the Stuxnet story, and there is certainly more to come.

Finally, 2011 also brought new attention to this blog.  We've got a pretty diverse audience from all over the world.  I'm not going to release specific numbers, but we have seen an increase in traffic.  For that, we thank you.  Thank you for coming to the blog, and thank you for reading it.  We also rolled out a new Twitter account, and would very much appreciate it if you could follow us @cyberlawblog  

Below you will find links to the biggest stories of the past few months. 

***

 

 

Cyberattacks

 

China

 

Critical infrastructure

 

Legislation

 

The Internet

 

Reports

 

Viruses

 

Policy

 

Leave a Reply

Bitnami