Warfare or security awareness?
Spend a day with IT security experts and you’ll spend the next week scouring your computer systems for viruses, breaches and data theft.
As rampant as it has become, though, Ira Winkler has a caution: not all data theft is cyber warfare. The author and president of the U.S.-based Internet Security Advisors Group recently told the annual Privacy and Security Conference in Victoria that the overused term is sowing confusion.
The attacks on Georgian government and media websites that preceded ground attacks in 2008 constitute information warfare; the attacks on Estonian sites a year earlier do not.
“Information warfare is the use of computer assets to support war,” he said. “The problem with [the term] warfare is that implies nations, and therefore a national response, which allows individuals and corporations to not take action.”
National threats certainly exist – China is suspected of laying botnets and malware “like landmines in a battlefield for future attacks” and the power grid remains an attractive target, he noted – but the bigger issue is money theft and money laundering, which are largely criminal enterprises.
According to Art Gilliland, vice-president of product management for Symantec, five years ago hackers were the leading cause of security breaches. Today, they do not even rank in the top three. “Ninety percent of all threats we process are connected to organized crime in some way.” Employees, both well intentioned and criminal, make up the second and third causes of data theft.
From noisy defacements of government sites and well-publicized viruses, most major hits today are silent and not detected for at least six months. “Crime has always gone where the money is, and there is now a lot of value around government and public information.”
As a result, criminal organizations have been structured around intrusion, discovery, capture and extraction of online data. And, as Michael Calce, the Montreal teenage known as Mafia Boy who in 2000 paralysed Amazon, CNN and other sites, notes, they are “10 steps ahead of the IT community.”
Winkler suggests governments and corporations pay close attention to their underlying vulnerabilities and learn from today’s hackers, because when cyber warfare does occur, nations will use the same methods. “Don’t look for who, look for how.”
Learning history lessons
If Afghanistan has taught us anything about whole-of-government missions, it is do our homework: gather intelligence, thoroughly read local history, and take the time to understand the local dynamics.
That lesson was underscored yet again during a panel presentation at the Conference of Defence Associations Institute’s annual seminar in March.
Chris Alexander, Canada’s former ambassador to Afghanistan and the UN’s deputy special representative, and considered by many to be one of the best and brightest diplomats in theatre, acknowledged that the United States and its NATO allies “came late to the game of understanding the Taliban.” We didn’t pay enough attention to the tribal affiliations, regional leaders and local warlords, and it “came back to bite us,” he said.
David Kilcullen, an insurgency expert and former advisor to Secretary of State Condoleezza Rice and General David Patraeus, noted the lack of a consensus on what the coalition was countering – was it terrorism, an insurgency, a civil war? In the early days of the campaign, we stressed the military maxim of unity of command, which created more problems than it solved. We then moved to unity of effort, attempting to get our militaries and aid agencies and diplomats all in a row. That too proved to be a pipedream. At last we’ve come to a shared diagnosis of the problem, he said, which allows us to operate more coherently.
Whether we’ve turned a corner is debatable – government-wide corruption, weak Afghan institutions and partners, poor economic development, and the Pakistan-Afghanistan relationship could derail any progress. But Kilcullen believes we now have the right diagnosis and, more important, the right people on the ground. And when we conduct operations with the Afghan army, police and civilian organization as partners – all four bringing security and services simultaneously to villages – performance improves.
One of the pioneers of that approach and the beneficiaries of that newfound coherence was BGen Jonathan Vance, commander of Joint Task Force Afghanistan from February to November of 2009. His predecessors knew they were facing an insurgency and that the principles of counterinsurgency needed to be applied, but they lacked the resources to do so. During his tour, more resources allowed him to focus more on villages without compromising security. “I learned that security at the end of a gun is not security,” he observed. (For more on Vance’s approach, read his interview: https://vanguardcanada.com//COINPrinciplesToRealityVance ).
Sustaining that success, however, requires the support of the people, and that might still be a work in progress.
For more on the Comprehensive Approach, Queen’s Centre for International Relations, the Directorate of Land Concepts and Designs, Chief of Force Development, and the Defence and Security Research Institute are hosting a two-day conference April 15-16 at Queen’s University.
The intent is to consolidate numerous research efforts and experiences to produce a more enduring CA concept through discussions on best practices, lessons learned and research. More is available at www.queensu.ca/cir/?q=CA2010
Debating NATO’s future
With a new Strategic Concept for NATO expected later this year, several Canadian think tanks have released reports on the way ahead for the alliance.
The most comprehensive is a combined effort by the Conference of Defence Associations Institute and the Canadian Defence and Foreign Affairs Institute, which brought together politicians, former Chiefs of the Defence Staff, an ambassador to NATO, NATO field commanders, strategists and staff officers, and academic experts, to develop a “Canadian perspective [on] the most salient challenges and opportunities facing the Alliance.”
Their recommendations have been provided the Group of Experts, led by former U.S. Secretary of State Madeleine Albright. The report is available at www.natoconcept.ca
The Rideau Institute also released a discussion paper, prepared by defence analysts Steven Staples and Bill Robinson, arguing that NATO avoid future “out-of-area” operations and end its reliance on nuclear weapons as an “essential” part of its security. It is available at www.RideauInstitute.ca