December 2, 2018

The Dawn of the Code War aka The Blurred World War

John P. Carlin has a fascinating new book out about “how we tried to take cyberthreats out of the shadows and used the criminal justice system to shine light on cyberattacks.” Co-authored by journalist and historian Garrett M. Graff, the book takes you through the Obama years where, as former Assistant Attorney General for National Security and National Coordinator of the Computer Hacking and Intellectual Property (CHIP) program, John battled behind the scenes in The Dawn of the Code War.

the dawn of code war

Like the Cold War, the Code War is not what we think of as war; it is “complicated, multidimensional, international period of tension that requires resources across government and the private sector.” Unlike the Cold War that was about a single adversary, the Code War is more complex. It is being fought online in an environment of anonymity, against adversaries who may be individuals – hacktivists, criminals, terrorists – organizations and nation states.

And unlike the Cold War that predated the Internet, this Blurred World War is different in 6 fundamental ways:

  1. Blurred lines between war and peace.
    If the Chinese had invaded the headquarters of the Solar World factory in Oregon, we would have known we were at war. If the North Koreans had destroyed Sony’s offices in Los Angeles, we would have known we were at war. If the Russians had broken into the DNC offices in Washington DC, we would have known we were at war.
  2. Blurred lines between private and public.
    In the past, national security and defense was the main job of governments. The Ford Motor Company or Campbell Soup did not build their own defense systems to protect against Russian missiles. The internet however is owned and operated in large parts by private companies and sharing is key to effective national defense.
  3. Blurred lines between nation states and individuals.
    Nuclear weapons and missile systems, weapons of mass destructions required nation state sized investments. Today, chemical weapons, biological weapons and cyber weapons – zero day exploits, malware, ransomware and more – can be unleashed by individuals across the world.
  4. Blurred lines between physical and virtual worlds.
    During the Cold War, “Your car was your car and your computer was your computer.” But today, your car is a computer on wheels and your computer is distributed hardware, software and data. Money is almost all virtual and cryptocurrencies are entirely virtual.
  5. Blurred lines between domestic and international.
    Country borders still mattered during the Cold War. But the world in the Code War is flat. Government agencies still operate in domestic and international silos, while “terrorists from the Middle East can communicate directly with American citizens without ever setting foot inside our country.”
  6. Blurred lines between what is secret what is critical infrastructure.
  7. Government secrets used to be about military and diplomatic secrets. With the “weaponization of information”, internal DNC emails, government personnel records and the Amazon shopping list of a movie executive created damage. We worried about critical infrastructure – the power grid, water supply and air traffic control – but Russian interference in the 2016 elections was our “first true cyber Pearl Harbor” where “Russia attacked America’s confidence in America.”

The book goes on to describe how over the last decade, prosecutors, federal agents and the intelligence community worked with private sector security researchers and others to impose law and order.

Public attribution is important; they sent a message across government that it was possible to prove in a court of law who was behind an attack, they sent a message to the private sector that the government would be aggressive in confronting bad behavior online and they sent a message to foreign adversaries that this behavior was not acceptable and that there would be consequences.

Much remains to be done, but thanks to John and others in service, as he says, “it was a start”.