When presidential candidates Hillary Clinton and Donald Trump debated America’s cyber war capabilities last week, the global cybersecurity community strained hard to read between the lines.
The Democratic candidate, in particular, alluded to a notion rarely discussed in public forums: that Uncle Sam does, indeed, possess a very big cyber stick and is prepared, at any moment, to wield it as necessary.
“We are not going to sit idly by and permit state actors to go after our information,” Clinton declared. “Our private-sector information or our public-sector information.”
Nation-state-backed cyber bombardments conducted by China (OPM hack; Operation Aurora ; Titan Rain) and Russia (DNC hacks; Estonia shut down;Ukraine hack) have been widely covered by mainstream media. By contrast, not very much has surfaced about U.S.-backed cyber operatives counter punching, or even going on the offensive.
The one example Clinton might have drilled down on, had she been asked to elaborate, is Stuxnet. It would be fascinating to hear her assessment, or Trump’s for that matter, of the malicious computer worm widely believed to be a joint American-Israeli cyber operation to sabotage Iran’s nuclear program. (I highly recommend Kim Zetter’s meticulously reported, well-written book account: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon.)
Dedicated government cyber branch
In fact, the NSA has an offensive cyber branch referred to as Tailored Access Operations unit. References to TAO have surfaced over the past couple of years thanks to the efforts of journalists like Zetter, as well as hacktivists associated with Wikileaks and, of course, one Mr. Edward Snowden.
Trost tells me that America “can certainly put a hurt on if need be.”“In this day and age, I can almost guarantee that most modern countries have a dedicated military branch whose mission is to develop and execute offensive cyber capabilities,” says Ryan Trost, chief technology officer at security vendor ThreatQuotient. “The U.S. is no different and most likely does possess a more advanced capability, far beyond what most of us are aware of.”
Should “the cyber,” as the Republican presidential candidate refers to it, come into focus again in the race for the White House, both Trump and Clinton probably would be wise to temper their commentary, some security experts believe.
Hold down rhetoric
“Secretary Clinton’s comments making sure other nations realize our stronger capabilities in cyber space is a policy path that could lead to escalation,” warns John Bambenek, threat systems manager of Fidelis Cybersecurity. “Unlike physical conflicts, cyber conflicts can escalate in unforeseen ways and have large unintended consequences.”
It would not surprise me if a potboiler plot revolving around the U.S. and China pulling tripwires to knock out each other’s power grid is under development by some spy-thriller author, or Hollywood scriptwriter. “Unlike traditional military warfare, attribution in cyber attacks is difficult, so immediate response would be problematic,” Bambenek says.
Let’s hope that our top political leaders understand that the ramifications of all-out cyber warfare could cause profound disruption. Maybe not as devastating as a nuclear holocaust. But potentially something close.
Meanwhile, each time a network outage strikes a Wall Street exchange, or shuts down flight ops at a pair of airlines for days at a time, or disables the reservation system of a top-tier hotel chain, one has to wonder if the raptors might be testing the fences.
Ramping up offense
“As much as world leaders shake hands and sign treaties, it is pretty safe to assume offensive capabilities continue to operate and even advance at a decent pace,” Trost says. “Countries would never claim responsibility, but every once in a while the internet will hiccup.
“I believe it’s a nation state’s offensive team flexing muscles and assessing how the internet will respond, in case it ever comes to that point.”
This article originally appeared on ThirdCertainty.com and was written by Byron Acohido.