Biden administration declares war on internet, clears way for offensive hacking attempts by federal agencies
from just-hammer-the-‘launch-cyber-nuke’ button debt
It is impossible to be the “aggressor” of the free world. These words simply do not make sense together. “Defender of the free world,” perhaps. If you go on the offensive, it seems unlikely that you are there to protect someone’s freedoms.
But that seems to be where America is headed: the aggressor somehow protecting rights and freedoms around the world. For years, government agencies have called for the codification of glove removal. They want to go on the offensive in the new eternal war in cyberspace.
And government officials have muddied the waters by mixing metaphors, saying bad things like “cyber Pearl Harbor” in hopes of rhetorically raising the stakes high enough to allow government to function as a conquering force, rather than a defender of liberty.
Those who hold the idea that the federal government should become a broadband bully often forget how often our offensive hacking tools are leaked or disappear, resulting in Americans being the targets of recycled literal spyware.
It’s not that America isn’t a juicy target for malicious state-sponsored hackers. And it’s not that malicious entities haven’t caused serious fiscal and logistical damage. It is whether those who buy into the cyber war = actual war rhetoric want to turn the US into an armed invader.
That question has an answer, at least for the rest of the current presidency. As Fred Kaplan reports for Slate, the Biden administration believes the security of our nation is best served by aggressive cyber warfare.
President Biden is about to approve a policy that goes far beyond any previous efforts to protect private companies from malicious hackers — and to retaliate against those hackers with our own cyberattacks.
The 35-page document, titled “National Cybersecurity Strategy,” differs from a dozen similar papers signed by presidents over the past quarter-century in two important ways: First, it imposes mandatory regulations on a wide range of U.S. industries. Second, it authorizes US defense, intelligence and law enforcement agencies to go on the offensive, hacking into the computer networks of criminals and foreign governments, in retaliation for – or preempting – their attacks on US networks.
There is a lot to worry about here. First, attribution is difficult, so going on the offensive makes it much easier to expose the wrong targets to the federal government’s cyber wrath. Make enough mistakes, and those subjected to digital invasions will rebel, creating even more problems that being too aggressive cannot solve.
It will be helped by the FBI, which is its own problem. The FBI has many agendas, and very few of them align with providing more security to American citizens. While it may have the funding and personnel to handle a joint cyber task force, it would probably be better off letting the FBI come off the bench, rather than giving it the starting cyber QB job. An agency that spends an inordinate amount of time arguing against device and communications encryption should not be allowed to lead cybersecurity efforts.
Then there are the requirements for the private sector, which have yet to be fully enumerated by the Biden administration. The government has long believed that the private sector should willingly share information about detected threats or attacks with the federal government. But the federal government also believes that sharing is just something second should do, hoarding companies and burying information about cyber weapons until long after it has proven useful to the only stakeholder that seems to matter: the federal government.
It is possible that the changes the Biden administration is making will make America safer. But there is no reason to believe that this will be the case, not when the changes are one-sided and appear to serve the interests of the state more than the interests of the general public.
Filed under: cybersecurity, cyberwarfare, doj, fbi, hack back, joe biden, national cyber security strategy