'If we don't watch out, the great things about the Internet could be risked'
'I should be able both to post a joke or comment about a political leader and not worry it will land me in jail, as well as check my personal online bank account, and not worry it will be stolen,' Peter Warren Singer, author of a new book on the subject, tells Rediff.com's Vicky Nanjappa.
Cyber threats are on the rise and intelligence agencies across the world agree that it cannot be taken lightly. Peter Warren Singer, Senior Fellow and Director of the Centre for 21st Century Security and Intelligence at the Brookings Institution, and Allan Friedman, fellow in governance studies, and research director of the Centre for Technology Innovation at the Brookings Institution have authored the book Cybersecurity and Cyberwar.
The book provides very interesting details pertaining to issues and characteristics of cyber-security. Singer discusses his book, which releases January 3, in this interview with Rediff.com's Vicky Nanjappa.
What is your book about?
Our entire modern way of life, from communication to commerce to conflict, depends on the Internet, and the resultant cyber-security issues challenge literally everyone.
We face new questions in everything from our rights and responsibilities as citizens of both the virtual and real world, to how to protect our companies, our nations, and our families from a new type of danger.
And, yet there is perhaps no issue so important that remains so poorly understood. In Cybersecurity and Cyberwar: What Everyone Needs to Know, we try to provide the kind of easy-to-read yet deeply informative resource book that has been missing on this crucial issue.
Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key questions of cyber-security: how it all works, why it all matters, and what we can do.
Along the way, we take readers on a tour of the important (and entertaining) issues and characters of cyber-security, from the 'Anonymous' hacker group and the Stuxnet computer virus to the new cyber units of the Chinese and US militaries.
You can read more about it here.
Kindly click NEXT to read further...
Photographs: Pawel Kopczynski/Reuters
'We should not just throw our hands up and act like nothing can be done'
How serious is the cyber threat today and do you see it becoming more worrisome in the days to come?
It is both growing and perhaps hyped. That is, cyberspace is a realm on which we all depend, for commerce, for communication, social networks, and yes, conflict.
The threats in it are multiplying in their scale, their scope and now, as Stuxnet pioneered, in their ability to cause damage in the real world. This will continue.
That said, we should not just throw our hands up and act like nothing can be done. This is a realm where there have been over 30,000 articles written about 'Cyber Terrorism' and yet no person has ever been hurt or killed by cyber terrorism.
Let me be clear, it is not that terrorists do not use or want to use the Internet, but that we can't let our fears overwhelm good sense.
How do you think the United States is coping with this threat?
We are very good at cyber offence, and darn well should be, since we spend the most on it, but are very reliant on cyberspace for our way of life, which makes us quite vulnerable.
A major problem is attitude.
Resilience is what matters most in this realm, not trying to prevent every danger, as you never will succeed at that, but what matters more is how you cope with the dangers.
In that, our media and political discourse does not help.
Take the idea of a cyber attack shutting down electrical power, a fear that is central in US discourse and last summer also played out in India (which to be clear didn't happen in reality in either instance).
My point is not that such a danger is fake, it is real, but rather how we cope with it is what gives it the most weight.
The power goes out all the time. But if we put the word 'cyber' in front of it, should we act as if life, as we know it, is over?
What about the Asian scenario, particularly India?
Every nation depends more and more on cyberspace, but all have not properly invested in and organised its security.
I would put India in that camp of growing capability, indeed given its thriving IT sector, but also fragile systems.
A key concern that India and the US share is the problems of intellectual property theft from business, most often emanating from China. This undercuts trade.
We also share concerns over ensuring that the future of the Internet is not taken over by governments.
Its multi-stakeholder model has been good for free markets and democracies everywhere and that we risk it by turning to a State-controlled model as authoritarian States like China and Russia have sought.
Kindly click NEXT to read further...
Image: The cover of Peter Singer and Allan Friedman's book
'Some of the worst NSA activities have jeopardised US interests'
Could you please list out the major cyber threats, both present and future?
That is why we write books! The answer would be too long for here.
Would the alleged snooping by the US National Security Agency be classified as a cyber threat?
They certainly used various means to snoop that would include cyber means.
At a broader level, some of the worst NSA activities have backfired to threaten not just US business and political standing, but the Internet freedom agenda that is the key to the future of the Internet.
What are your thoughts about the snooping by the NSA into both e-mail and phones?
Whistleblower Edward Snowden's disclosures revealed three kinds of activities:
- The sensible: The spying on enemies, everyone does this and it makes perfect strategic sense that the NSA would do so;
- The questionable: Some of the mass collection was legally and policy questionable, especially in the ways it navigated around legal barriers to collect information en masse and on US citizens;
- The stupid: Such as spying on allied political leaders.
The problem is that the discussion often fails to distinguish between the above, so people will defend one part by talking about another part.
What steps do we need to take to build a safe cyber world?
There is no one single action. The last third of the book is about the 'What can we do?' type questions, from how we can better cooperate on the international level, to the national steps or governments, to the role of businesses, to our individual roles and responsibilities at citizens and parents.
The steps may be cyber-related, but often draw from history and other realms from business to public health and hygiene.
But the first step to doing anything effective is to start to understand the basics. That is what the book is about.
Kindly click NEXT to read further...
Image: A protester supporting Edward Snowden during a demonstration in Hong Kong.
Photographs: Bobby Yip/Reuters
'Iranian-linked groups are some of the most dangerous in cyberspace'
Which terrorist outfit according to you is the most dangerous in the cyber-world?
Experts I have talked with tend to identify Iranian-linked groups (which are active in conflicts like Syria and Lebanon), as they combine the power of the State with the flexibility of non-State actors.
Will terrorists fight the next war on cyberspace?
All actors use cyberspace to their ends now, be they in business, politics, entertainment, or terrorism.
A better question is how would you know when a 'cyber-war' begins and ends?
Should governments do more to encourage ethical hacking?
When you say 'ethical hacking' we need to clarify what one means.
For instance, does it mean 'White Hat' hacking, people aiding in finding vulnerabilities in systems and letting the makers know about it, before the bad guy 'Black Hat' hackers can take advantage of those vulnerabilities.
Or does one mean people hacking in pursuit of some ethical or political cause, better known as 'Hacktivisim'. These are different and the government should have a different response.
But the bigger point is that all 'hackers' are not the same, nor are all hackers bad, as too many in government and media assume.
Will cyberspace be militarised in the days to come?
It is certainly used more and more by the military, both for communication and likely war fighting. But the very value of cyberspace is lost if it becomes overly militarised.
How do you see countries cooperating with each other to combat cyber threats?
We need to understand that it is all about incentives.
Focus on shared interests, shared threats (what in Chinese is known as 'double crimes'), build coalitions where possible, accept that sometimes it won't involve all countries, but that doesn't it make it not worthwhile to build core groups, graft onto treaties and agreements that already work (build upon success, rather than trying to reinvent the wheel), and most of all raise the level of understanding and shared sense of responsibility across national borders.
Kindly click NEXT to read further...
Image: A Free Syrian Army fighter works on his computer in Deir al-Zor.
Photographs: Khalil Ashawi/Reuters
'It feels good to strike back, but doesn't work for long if you are dealing with multiple threats'
What should private entities like banks do to combat this threat?
Private firms have their own responsibilities too. And again, it is about understanding the incentives.
That is why for example, banks do a better job of protecting themselves than infrastructure companies.
We need to do more to encourage this, both in industry and via public policy.
To put it another way, 70 percent of business executives have made a cyber-security related decision for their firm and yet no major business school programme teaches it.
Is the hack back theory ethical?
It is certainly appealing, but so far it remains questionable as to whether it is legal.
Even more it is not clear whether it is wise or effective.
To explain, handing over cyber offence operations to private firms may parallel some of the problems that emerged with private military firms like Halliburton and Blackwater (which I wrote about in my book Corporate Warriors), as well as risk escalating conflicts beyond what the States might wish.
Secondly, it is a lot like vigilantism. It feels good to strike back and 'teach them a lesson,' but doesn't work for long if you are dealing with multiple threats.
You may teach one guy a lesson, but as one executive put it, 'You'll just get five minutes of peace before another threat pops up.'
Is being anonymous a solution to be protected online?
No, both because it is getting harder and harder to remain anonymous, as well as so much of the positive things we use and love about the Internet must happen with identity known.
It is about maintaining the open system of trust that matters.
To put it another way, I should be able both to post a joke or comment about a political leader and not worry it will land me in jail, as well as check my personal online bank account, and not worry it will be stolen.
If we don't watch out, these great things about the Internet could be risked in the years ahead.
Image: The threat level displayed on a monitor at the US Department of Homeland Security's National Cybersecurity & Communications Integration Centre.
Photographs: Hyungwon Kang/Reuters