Cyberwar talk is getting real

The existential threat of cyberwar has shifted from hand-waving about 'Cyber Pearl Harbor' to hand-waving about 'digital atomic bombs'. Hype? Maybe. Either way, politicians are talking tough.
Written by Stilgherrian , Contributor

"Cyber intrusions have the potential to damage the very fabric of our [well, his] republic," said US congressman Michael McCaul, chairman of the House of Representatives Homeland Security Committee and co-author of the US Cybersecurity Act 2015.

In many ways, McCaul's keynote speech at the RSA Cyber Security Conference in San Francisco last week was the stuff we usually hear from politicians. But in many other ways, it wasn't.

Sure, there was the traditional complaint that the cyber sheriffs are outnumbered by the cyber outlaws; that the technology of the attackers is outpacing the technology of the defenders.

Sure, McCaul reminded us that cyber espionage represents, allegedly, the greatest transfer of wealth in human history, a line first used in 2011 by Dmitri Alperovitch, then at McAfee and now at CrowdStrike, and oft-parroted by General Keith Alexander when he headed up America's National Security Agency (NSA).

"Our cyber rivals are overtaking our defences. Nation-states are using cyber tools to steal our country's secrets, and to copy our intellectual property. Faceless hackers are snatching our financial data, and locking down access to our healthcare information. And terrorists are abusing our encryption and social media to crowdsource the murder of innocent people. Web-based warfare is becoming incredibly personal. The combatants are everywhere, and the phones in your pockets are the battlespace," McCaul said.

We've heard it all before, right?

But things changed when McCaul started talking about the presumed-Russian hacks of the Democratic National Committee last year.

"Frankly, it didn't matter to me whether it was Democrats or Republicans being targeted. These were Americans first in the crosshairs of the Kremlin, and to me that was unacceptable. Its intrusions have the potential to jeopardise the very fabric of our republic," McCaul said.

"Our democracy itself is at risk," he said. Russia had crossed a "red line", and America's ability to win in cyberspace depends on its ability to deliver "meaningful consequences".

"Unfortunately, we still do not have clear proportionate response policies for striking back against nation-states," McCaul said. "Today, in some cases, the United States government is fighting 21st century threats with 20th century technology, and a 19th century bureaucracy."

McCaul even quoted Winston Churchill's famous We Shall Fight on the Beaches speech from 1940, before saying that the government needs to be ready for the "quantum future", and calling for a joint effort by "like-minded allies" to address that problem.

"The digital atomic bomb is on the not too distant horizon," McCaul said.

It sounds to me like McCaul is calling for a Quantum Cyber Manhattan Project. It's heady stuff. But he's got a point when it comes to quantum computing.

Australia's QuintessenceLabs, a world-leading quantum cybersecurity firm that was part of last week's cyber trade mission to the US, is already selling technology that can generate 2 gigabits per second of true random numbers.

QuintessenceLabs has worked with the US National Institute of Standards and Technology (NIST) on a new standard for true random. In conjunction with the University of New South Wales, it's steadily increasing the number of quantum bits, or qubits, in its experimental computers.

"A 30-qubit quantum computer would have, for certain classes of problems, computational power exceeding that of today's most powerful conventional supercomputers, QuintessenceLabs' founder and CEO Vikram Sharma told ZDNet on Tuesday.

The company is already selling technology to the US government -- through the US Department of State, so the actual end user is unknown.

Meanwhile, on Sunday, one of Russian president Vladimir Putin's former foreign policy advisers, Sergey Karaganov, was talking up the importance of cyberwar on CNN.

"I hope that Russia is very good in cyberwarfare. And because cyberwarfare is one of the ways to deter, I mean, all possible partners or even enemies. I do not believe, unfortunately, that we were that important in playing any role in American internal affairs and in any way it would have been too humiliating for the United States to accept that, although of course you have this very strange debate," Karaganov said.

"But personally, I would have loved that Russians would have interfered like that. Our American partners should be educated that they live in the crystal palace and they should stop interfering into internal affairs of other countries, should stop regime changes, et cetera. I mean, if we do that, that will be a great lesson for Americans. I'm not sure whether we were able to do that."

Karaganov seemed well pleased that the US-led world order has "collapsed".

"I am much more optimistic than several years, two, three years ago. Russia is winning. It has restored its might and it has restored its possibility to deter. And we are leading towards a more balanced world," he said.

Meanwhile, in an RSA Conference session on the future of cyber weapons, Gary Brown, a former US Air Force attorney and now professor of cybersecurity at the Marine Corps University, was asked about the prospects of a cyber equivalent to the Geneva Conventions that establish international standards for the conduct of war. The idea had been floated by Microsoft president Brad Smith in a separate session.

Given the complexities, Brown was asked, what were the prospects of reasonably negotiating cyber treaties like that?

"Zero," Brown replied.

Welcome to 2017.

Disclosure: Stilgherrian travelled to San Francisco as a guest of RSA Security LLC

Editorial standards