Adaptive Segmentationmicro-segmentation May 28, 2019

Cybersecurity: On Squirrels, Proportionality, and China

Jonathan Reiber,

It’s been a busy May in the cyberworld. Israel’s military strike on Hamas hackers in Gaza was the biggest news, but the Department of Defense’s Report on China Military Power and a Department of Energy finding that the grid may have suffered a DDoS deserve mention too.


Let’s start with energy. The DoE announced in early May that for the first time a power utility has suffered a successful distributed denial of service (DDoS) disruption of the power grid. Electricity delivery continued unabated to residents of Los Angeles and Salt Lake Counties but "electrical system operations" faltered under the DDoS attack. That’s interesting.

But what’s more so? I was listening to the 99% Invisible podcast last week and learned about the greatest threat to the grid: squirrels.

To date, according to the ingeniously named Cyber Squirrel One website, squirrels have conducted 1,251 operations against the electric grid. (How many were covert? Maybe the chipmunks know.) Last year, a squirrel attack knocked out electricity in New York state for hours. Separately, a six-foot-long snake cut the power to a small Tennessee town two weeks ago. Never mind the Russians. Watch out for Rocky the Flying Squirrel. And also Kaa.

In more historically relevant news, Israel’s kinetic response to Hamas hackers seems to have crossed a Rubicon. This is a big deal. Here’s what we know. During recent fighting between Hamas and Israel in Gaza, the Israeli Defense Force (IDF) responded to a Hamas cyberattack by first launching a counter-offense operation against the Hamas hackers; and second, by launching an airstrike to destroy the building from which the hackers conducted operations. The IDF tweet announcing the attack read: "HamasCyberHQ.exe has been removed." The tweet provided scant details other than broadcasting the response. The IDF released a video of the strike as well.

As of now, neither Israel nor Hamas have commented beyond the initial tweet and stories. This is the first time a country has launched a kinetic attack immediately following a cyberattack. In 2015, an American military airstrike eliminated the ISIS propagandist, recruiter, and hacker Junaid Hussain. But Hussain was more than a hacker; he was in the ISIS command structure, served as a spokesman for the organization, and through his propaganda helped turn ISIS into an even more terrifying organization.

The IDF airstrike is the first evidence we have of military force used in response to a cyberattack and it apparently destroyed Hamas’s cyberspace capabilities.

The real questions are: Under what justification was the operation conducted? What exactly did Hamas do – and was the IDF response proportional? As of now, the world doesn’t know what the Hamas hackers were trying to achieve or whether anyone died in the strike. The IDF operation may well have been proportional, but without any details or presentation, it’s destabilizing. If the counter-attack was warranted, a public explanation could help build political legitimacy and strengthen the rule of law for the governance of future cyberspace operations. Absent an explanation, one cannot help but feel that this could lead to future indiscriminate attacks.  

We have long known that future wars will include kinetic operations against hackers. There's a hybrid convergence at play, and the digital and physical worlds are coming together. That’s why we always tried to explain the justification for major operations or policies when I was in the Pentagon. It's also why the Department of Defense watches China’s evolving cyber capabilities. 

The Department of Defense's 2019 annual report of China's military and security progress was released earlier this month. It's always worth a read, and I'm just digging in (it lands at a weighty 136 pages). China is continuing to pursue an information advantage against the United States, from IP theft to cyberspace operational superiority. Interestingly, Chinese officials seem to believe that the United States maintains strategic superiority against them in cyberspace. (The intelligence community must have gotten this information clandestinely; otherwise, it feels like something you would admit only if you were trying to manipulate someone somehow.) 

But here’s an interesting idea that I heard on Daniel Miessler’s Unsupervised Learning podcast. China has stolen a vast amount of U.S. intellectual property, broken into the U.S. Office of Personnel Management database and stolen 21.5 million federal employees’ personal information, and now this week the Justice Department disclosed that a Chinese actor was the culprit behind the Anthem hack. I also suspect that it was China that broke into SingHealth last summer (I make this assertion simply on the basis of strategic intent, as it would make sense given China’s regional ambitions).

The thing that Miessler pointed out is that if you stack this all up, China now has sufficient personal information to build a comprehensive portrait of America’s elite – from their health to business practices to family life. While the Chinese may be behind the Russians tactically, if and when they leap ahead, the PLA will be ready to provide operators with a treasure trove of data about American individuals, our economy, and our way of life.

That’s a lot scarier than the squirrels.

Beyond the world of defense and national security, the United States needs to harden its infrastructure against Chinese hackers. The problem will just get worse as China grows more powerful. The problem, as the Harvard psychologist Daniel Gilbert has said, is that it can be hard to rally support for ending threats when they don’t feel proximate. The cyberthreat posed by China, like climate change, feels like "a threat to our futures – not our afternoons," as Gilbert once said. Data theft doesn’t feel acutely dangerous, but if and when China manipulates the election of 2030 thanks to decades of hoovering up our information, everyone will look back wondering what could have been done.

Corporations have a role to play in securing their data centers. Washington has a delicate balancing act to follow as it prepares for potential conflict while also managing the risks of having two major powers succeed, for everyone’s benefit, within the global economy. It’s the job of leaders everywhere to focus companies and organizations on implementing smart, principled steps for change.  

Progress is happening at least in one key area: cybersecurity training. The White House issued an executive order at the beginning of May to streamline cybersecurity hiring and launch a President’s Cup Cyber Competition for federal civilian or military personnel. Winners will take home at least 25,000 dollars. (Fortune’s Robert Hackett wrote about the potential for incentivizing competition with the new challenge here.) Everyone wants talented people to come work for them. But what’s the way to keep them? I’ve seen teams perform the best and stay the longest when there’s a clear alignment between mission and skills. Beyond money, people seek meaningful work the most – and protecting the United States is a good, solid mission.  

The good thing about this field is that there is room to make things better for a lot of people. Each day folks can wake up with a sense of purpose to make a difference. That’s good news.

Adaptive Segmentationmicro-segmentation
Share this post: