March 29, 2024

Code-Breaking vs Cyber-Threats

mcconnell

“Exploitation is what NSA does. Leave no fingerprints, get the information, get out.”

Thus began The Patuxent Partnership‘s Cyber Threats – A National Perspective briefing  by VADM (Ret) Mike McConnell, the second Director of  National Intelligence appointed in 2007 by President George W. Bush. VADM McConnell’s career spans four decades working on international development and foreign intelligence, including 29 years as a US Navy intelligence officer. Speaking at the Patuxent River Naval Air Museum the admiral indicated the fighter jet behind him. “There’s no computer system on the globe that can’t be penetrated with persistence.”

Explaining later that once you can “see” a system, you can “disrupt” it, VADM McConnell became even more specific. “All NAVAIR planes can be electronically disabled … it’s bad and will get worse.”

But then we will prevail, he concluded. Success will come through our code-breaking skills and subsequent ability to protect ourselves from threats. His optimism is rooted in the hugely successful history of code-breaking in the United States, successes which included ending World War II two years early and saving Australia at the Battle of the Coral Sea. Today, he said, “we have a better success rate than anytime in our history.”

Data is vulnerable when it is in motion, he explained.

Code-breaking before data became digitized meant it needed to be captured in the milliseconds it flashed between antennas. For example, a financial transaction between Tokyo and New York was only vulnerable to interception in the milliseconds between leaving the Tokyo bank and reaching the New York bank. It was a great deal more complicated to break into either bank where the money could be secured behind barriers.

Today’s data storage does not create the same barriers. Stored digital data is not at rest. It remains vulnerable, exposed. Data in a state of motion, the admiral emphasized, can be reached.

Despite the increased vulnerabilities, it is the internet which has also increased code breaking successes, VADM McConnell explained. “Because of the internet (appearing) 15 to 18 years ago, we’ve had better success than anytime in our history,” he said.

The immediate hurdle is directing and coordinating the effort.

The Department of Homeland Security ended up with the cyber-security mission. DHS is comprised of 22 agencies “still arguing,” he said, and additionally are impacted by 78 oversight committees, and that number is climbing.

The different branches of the military are addressing cyber threats in different ways and at an unequal pace. Right now, the admiral said, the Navy leads in information warfare and information dominance.

DoD and NSA have access to lots of information, but still need to find a way to safely and effectively share the information with the private sector.

“The world accepts military espionage. Over time economic espionage is also strategic,”  VADM McConnell said.

The US is one of five nations which do not perform economic espionage, also the UK, Canada, New Zealand and Australia. “The rest of the world does,” said VADM McConnell. This isn’t just a matter of laws, he explained. “If we did it, who would we give (the information to) in a free market?”

This complication is at the heart of much of the cyber debate. Private industry becomes interested when it impacts a client, he said. That reflects the biggest worry. Who will do it and how will we protect from attack infrastructure that has never been part of the military’s mission, such as the banking system. The US military’s charge is to defend the nation’s infrastructure. Historically, and today, that means ports and airspace but not private interests.

Meanwhile we know the Russians and Chinese have planted malware into the US infrastructure, they just “have not decided what to do” with it yet, said the admiral.

“We don’t know how to think about this issue,” he said.

A new legislative framework is necessary, said VADM McConnell. “It’s changing,” he said, “and it’s in motion.”

But we will figure it out,  he told the attendees, because “we have to.”

Data is vulnerable when it is in motion, he explained.

Code-breaking before data became digitized meant it needed to be captured in the milliseconds it flashed between antennas. For example, a financial transaction between Tokyo and New York was only vulnerable to interception in the milliseconds between leaving the Tokyo bank and reaching the New York bank. It was a great deal more complicated to break into either bank where the money could be secured behind barriers.

Today’s data storage does not create the same barriers. Stored digital data is not at rest, it remains vulnerable, exposed. Data in a state of motion, the admiral emphasized, can be reached.

Despite the increased vulnerabilities, it is the internet which has also increased code breaking successes, VADM McConnell explained. “Because of the internet (appearing) 15 to 18 years ago, we’ve had better success than anytime in our history,” he said.

The immediate hurdle is directing and coordinating the effort.

The Department of Homeland Security (DHS) ended up with the cyber-security mission. DHS is comprised of 22 agencies “still arguing,” he said, and additionally are impacted by 78 oversight committees, and that number is climbing.

The different branches of the military are addressing cyber threats in different ways and at an unequal pace. Right now, the admiral said, the Navy leads in information warfare and information dominance.

Department of Defense and NSA have access to lots of information, but still need to find a way to safely and effectively share the information with the private sector.

“The world accepts military espionage. Over time economic espionage is also strategic,” VADM McConnell said.

The US is one of five nations which do not perform economic espionage, also the UK, Canada, New Zealand and Australia. “The rest of the world does,” said VADM McConnell. This isn’t just a matter of laws, he explained. “If we did it, who would we give [the information to] in a free market?”

This complication is at the heart of much of the cyber debate. Private industry becomes interested when it impacts a client, he said. That reflects the biggest worry. Who will do it and how will we protect from attack infrastructure that has never been part of the military’s mission, such as the banking system. The US military’s charge is to defend the nation’s infrastructure. Historically, and today, that means ports and airspace but not private interests.

Meanwhile we know the Russians and Chinese have planted malware into the US infrastructure, they just “have not decided what to do” with it yet, said the admiral.

“We don’t know how to think about this issue,” he said.

A new legislative framework is necessary, said VADM McConnell. “It’s changing,” he said, “and it’s in motion.”

But we will figure it out, he told the attendees, because “we have to.”

Leave A Comment