Cyberwar and big data: gains in technology could alter balance of playing field

A US company, Recorded Future, claims it can predict 83 per cent of cyber exploits. The prospect of this kind of big data technology could begin to alter the balance of power between hackers and defenders.

Recorded Future says it takes exploit data and puts it into a mathematical model that can be used with machine learning algorithms to predict the type of upcoming attacks. “There is still room for a lot of improvement,” the US-based company said.

Given the ongoing crisis in cyber defense, you can assume there will be resources put into improvements, not only with Recorded Future and its technology – but all researchers in this areas. That trend begs the question of whether once these techniques are mastered, will the balance of power in the cyber domain be tilted back, ever so slightly, towards defenders?

As it stands, aggressors have the hands-down advantage in cyber aggression. Hackers enjoy anonymity and surprise. They try out new viruses which are usually only learned about after they are deployed – sometimes years afterward, which again means someone’s system has to be attacked.

But a future of significantly hardened cyber targets could change that. Being able to effectively secure targets would be a big breakthrough and could affect US-China relations in this dimension.

A cybersecurity cold war first: Xiang Li, sentenced

Xiang Li was sentenced to 12 years in US prison for selling pirated US software worth more than $100 million. Li is the “first Chinese citizen to be ‘apprehended and prosecuted in the US for cybercrimes he engaged in entirely from China.”

Yep, that’s right. US federal agents arrested Li on the Pacific island of Saipan, where they lured him in the expectation of delivering pirated software.

While it’s not the Cold War all over again, plucking some one off the street, or island shows a more active stance on the part of the US. Unlike the old US-Soviet conflict, trade channels between the US and China remain wide open. Perhaps, too wide. Perhaps this is the start of a narrowing. 

It will be interesting to see China’s response, or non-response. I could imagine the Chinese staying quiet, unwilling to let one software pirate’s extradition spoil the US-China relationship.

But the arrest and sentencing of Li supports the notion, articulated by outgoing White House national security adviser Tom Donilon, that cybertheft was at the “center” of the US-China relationship and not an “adjunct” issue.

Progress? US and China agree to talk about cyber rules

I guess public shaming does have a role…

From the NYTimes…

The United States and China have agreed to hold regular, high-level talks on how to set standards of behavior for cybersecurity and commercial espionage, the first diplomatic effort to defuse the tensions over what the United States says is a daily barrage of computer break-ins and theft of corporate and government secrets.

Talks begin in July, after Obama and Xi’s face-to-face. Why wait? I ask

Elsewhere, others are already questioning if the US should pursue a strategy developed during the Cold War, a time of set borders and gun-point diplomacy. 

NYTimes asks the $64 billion question regarding the US, China and the global economy

In the story on the US government explicitly naming China as a source of cyber-espionage, David Sanger points out the conundrum for the US.

But the report does not address how the Obama administration should deal with that problem in an economically interconnected world where the United States encourages those investments, and its own in China, to create jobs and deepen the relationship between the world’s No. 1 and No. 2 economies. Some experts have argued that the threat from China has been exaggerated. They point out that the Chinese government — unlike, say, Iran or North Korea — has such deep investments in the United States that it cannot afford to mount a crippling cyberstrike on the country.

What do you do when you learn your trade partner is using the very technology you sold them against you? What do you do when you learn that China’s economy is growing in a way that undermines the US? As an Australian sailor once quipped, regarding Australia and China: “We’re selling China heaps of iron ore. You have to wonder how much of it they’re using to make weapons they will eventually aim against us?”

Good question, Australian sailor.

Take the same conundrum use it for the basis of understanding the China-US relationship. As Jarod Cohen tweeted:

The Obama administration, to their credit, is doing everything they can to alert and awake the American people. And yes, as Sanger notes, the US also has robust cyber-attack capabilities, such as those used against Iran’s nuclear program. But the difference between China and the US is that the US’s Cyber Command is not fused to Wall Street, scanning the world’s computers to siphon off all the trade data, inventions, intellectual property, data bases of valuable information it can. China because of this, and because of its scale, is unique in this way. So it’s a unique threat.

That puts to bed the false equivalence of the US Cyber Command and what China does.

But the biggest question is of course: how to ruggedize the US economy for this kind of world, where your biggest trade partner is your biggest thief. There are a couple options. As the US economy restructures and climbs back from years of low growth and unemployment, it needs the kind of industrial policy that makes it more impervious to China’s tactics.

This is doable. But I’d say one of the first ways to facilitate it is to kill a couple sacred cows.

One is that, while yes, Americans support a free market, they must recognize they are competing against economies that favor government intervention where it aides the national goal of development. In some areas, such as coordinating against external threats, US companies must work alongside the government for the benefit of the whole.

This kind of thing would have happened during the cold war in a number industries.

But in order to do that, US companies must resolve an identity crisis that has come about during the peak of globalization. That is: these companies must recognize whether they’re American and they benefit from the economy and laws of America, or they’re truly globalized institutions with loyalty only to the most advantageous market.

What could possibly cause this change in thinking? It would have to be something big and threatening for Americans?

Maybe, possibly it would be something like the rise of an aggressive superpower across the Pacific. Just a thought.