FacebookTwitterGoogle+RedditEmail

Cyber Arms Control Pipedreams

As the extent of the NSA’s offensive programs become public knowledge the editorial board at the New York Times has recommended that the United States government try to jam the lid back on Pandora ’s Box by engaging in “international efforts to negotiate limits on the cyberarms race.” The editorial board then references Cold War arms-control treaties as a model for future efforts. Yet the history of the Cold War demonstrates that arms-control treaties don’t always pan out. Moreover the inherent nature of malware engineering makes the detection of treaty violations nearly impossible.

For example, in 1972 the Nixon administration participated in an international treaty with the United Kingdom and the Soviet Union to ban the production of bioweapons. Unfortunately the Soviets interpreted the 1972 Biological Weapons Convention as a go-ahead to aggressively pursue an initiative that eventually scaled up into hundreds of tons. According to Kanatjan Alibekov, the First Deputy Director of the Biopreparat, Soviet researchers were up to their necks in biological WMDs:

“In the ’70s and beginning of ’80s the Soviet Union started developing new biological weapons – Marburg infection biological weapon, Ebola infection biological weapon, Machupo infection, [or] Bolivian hemorrhagic biological weapon, and some others.”

Seven years after treaty’s ratification approximately 100 people died under suspicious circumstances in the Russian city of Sverdlovsk. The Soviets initially claimed that the deaths were caused by tainted meat. Over a decade later President Boris Yeltsin admitted that the deaths were a result of a clandestine military operation.

Keep in mind that manufacturing bioweapons on an industrial scale required the Soviets to build dozens of facilities and employ thousands of people. An undertaking that wasn’t easy to conceal, especially with CIA specialists conducting exhaustive “all source analysis” to ferret out treaty violations. Nevertheless the USSR ran the world’s biggest illicit program right under the CIA’s nose. And they got away with it for years.

Developing malware is nowhere near as involved. Software engineers don’t need fermenting vats two stories tall. Offensive cyber technology tends to be small and easy to conceal. Agencies like the NSA can develop malware anywhere, with little or no logistical footprint, using compartmentalized cells of engineers hunkered down in unremarkable office spaces. Try spotting something like that with a spy satellite!

Furthermore if a nation were to break a cyberarms treaty and deploy outlawed malware, spies would no doubt utilize anonymity technology in conjunction with anti-forensics to throw off investigators. Classified documents leaked to the press indicate that intelligence services, as a matter of standard operating procedure, use foreign commercial cover to launch false flag operations. The reason that we have definitive information about the authorship of Stuxnet and Equation Group malware is that U.S officials openly claimed responsibility.

Rather than trying to discourage other countries from building malware, why not promote national policies that work to render offensive technology inert? Cyber-attacks succeed on behalf of sloppy engineering. In part because hi-tech companies are allowed to treat security breaches as a negative externality. And also as a result of the NSA’s industry-wide campaign of subversion. In other words, poor cyber security is a matter of official policy. Vulnerabilities persist because deep sources of wealth and power benefit from them.

The arms control mindset presumes the top-down worldview of cyber security a priori, where spies undermine our collective cyber security under the rubric of national security and CEOs sell substandard products on behalf of quarterly profits. Let’s reset American priorities to implement cyber-security from the bottom up so that everyone has access to relatively high levels of security.

Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal , and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.

More articles by:

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

Weekend Edition
September 21, 2018
Friday - Sunday
Alexandra Isfahani-Hammond
Hurricane Florence and 9.7 Million Pigs
Andrew Levine
Israel’s Anti-Semitism Smear Campaign
Paul Street
Laquan McDonald is Being Tried for His Own Racist Murder
Brad Evans
What Does It Mean to Celebrate International Peace Day?
Nick Pemberton
With or Without Kavanaugh, The United States Is Anti-Choice
Jim Kavanagh
“Taxpayer Money” Threatens Medicare-for-All (And Every Other Social Program)
Jonathan Cook
Palestine: The Testbed for Trump’s Plan to Tear up the Rules-Based International Order
Jeffrey St. Clair
Roaming Charges: the Chickenhawks Have Finally Come Back Home to Roost!
David Rosen
As the Capitalist World Turns: From Empire to Imperialism to Globalization?
Jonah Raskin
Green Capitalism Rears Its Head at Global Climate Action Summit
James Munson
On Climate, the Centrists are the Deplorables
Robert Hunziker
Is Paris 2015 Already Underwater?
Arshad Khan
Will Their Ever be Justice for Rohingya Muslims?
Jill Richardson
Why Women Don’t Report Sexual Assault
Dave Clennon
A Victory for Historical Accuracy and the Peace Movement: Not One Emmy for Ken Burns and “The Vietnam War”
W. T. Whitney
US Harasses Cuba Amid Mysterious Circumstances
Nathan Kalman-Lamb
Things That Make Sports Fans Uncomfortable
George Capaccio
Iran: “Snapping Back” Sanctions and the Threat of War
Kenneth Surin
Brexit is Coming, But Which Will It Be?
Louis Proyect
Moore’s “Fahrenheit 11/9”: Entertaining Film, Crappy Politics
Ramzy Baroud
Why Israel Demolishes: Khan Al-Ahmar as Representation of Greater Genocide
Ben Dangl
The Zapatistas’ Dignified Rage: Revolutionary Theories and Anticapitalist Dreams of Subcommandante Marcos
Ron Jacobs
Faith, Madness, or Death
Bill Glahn
Crime Comes Knocking
Terry Heaton
Pat Robertson’s Hurricane “Miracle”
Dave Lindorff
In Montgomery County PA, It’s Often a Jury of White People
Louis Yako
From Citizens to Customers: the Corporate Customer Service Culture in America 
William Boardman
The Shame of Dianne Feinstein, the Courage of Christine Blasey Ford 
Ernie Niemi
Logging and Climate Change: Oregon is Appalachia and Timber is Our Coal
Jessicah Pierre
Nike Says “Believe in Something,” But Can It Sacrifice Something, Too?
Paul Fitzgerald - Elizabeth Gould
Weaponized Dreams? The Curious Case of Robert Moss
Olivia Alperstein
An Environmental 9/11: the EPA’s Gutting of Methane Regulations
Ted Rall
Why Christine Ford vs. Brett Kavanaugh is a Train Wreck You Can’t Look Away From
Lauren Regan
The Day the Valves Turned: Defending the Pipeline Protesters
Ralph Nader
Questions, Questions Where are the Answers?
Binoy Kampmark
Deplatforming Germaine Greer
Raouf Halaby
It Should Not Be A He Said She Said Verdict
Robert Koehler
The Accusation That Wouldn’t Go Away
Jim Hightower
Amazon is Making Workers Tweet About How Great It is to Work There
Robby Sherwin
Rabbi, Rabbi, Where For Art Thou Rabbi?
Vern Loomis
Has Something Evil This Way Come?
Steve Baggarly
Disarm Trident Walk Ends in Georgia
Graham Peebles
Priorities of the Time: Peace
Michael Doliner
The Department of Demonization
David Yearsley
Bollocks to Brexit: the Plumber Sings
FacebookTwitterGoogle+RedditEmail