FacebookTwitterRedditEmail

Deterring Cyberattacks With Sanctions?

The White House has announced a new sanctions program that will authorize the executive branch to penalize malicious cyber “actors” whose behavior endangers “the national security, foreign policy, or economic health or financial stability of the United States.” Sadly the President is opting for theater that creates the perception of security rather than actually making it more difficult for attacks to succeed.

Obama’s new executive order rests on a strategy of deterrence, a cold war idea that’s been revived by the likes of former NSA director Mike McConnell and more recently by current NSA Director Mike Rogers. The basic idea is this: if enemies fear retaliation they’re less likely to launch an attack (nuclear, cyber, or otherwise).

But deterrence is useless if you can’t figure out who attacked you. Malware isn’t like an ICBM that leaves a clear trail going from point-A to point-B. Thanks to Ed Snowden it’s public knowledge Five-Eyes Intelligence agencies have invested heavily in developing anonymity technology and conducting deception operations that aim to conceal the origins of their clandestine attacks. It would be naïve to believe that other countries aren’t doing the same.

Consider the following scenario. A Japanese spy targeting sensitive information in the United States could launch their campaign out of China, outsourcing the bulk of their work to local outlaws who use indigenous tools and tactics. Advanced anti-forensic methods could be wielded to cast suspicion elsewhere, away from Japan, and investigators would no doubt recognize the political expedience of accusing China over an ally.

One can imagine the hazards, not to mention embarrassment, associated with rash accusations. In 2009 the presiding republican on the House Intelligence Committee, Peter Hoekstra, in lieu of hard evidence recommended that the United States execute a “show of force” against North Korea in response to run-of-the-mill denial of service attacks on South Korean and U.S. websites. Cooler heads prevailed and the attacks were eventually traced back to a VPN circuit in Florida.

It’s interesting to watch history repeat itself with the data breach at Sony. Yet the public clamors for POTUS to do something. This new program, which threatens would-be “actors” with economic sanctions, is something. So that’s what Obama is doing.

Boldly clambering down into the rabbit hole of attribution is bad enough, but there are additional questions that arise with respect to this new executive order. For example, if the United State is going to penalize other countries for alleged cyberattacks does this mean that other countries will be able to seek redress from the United States for American cyberattacks?

After all the United States is the most prolific “actor” in the cyber domain, seeking to “dominate” the Internet. Officials have admitted outright that both the Stuxnet and Equation Group attacks were NSA initiatives. Dozens of countries and hundreds of organizations were impacted. Will the United States be exempt from the mandates that it applies abroad, as the world’s one indispensable nation?

Sanctions may be less violent than conventional military weapons but they still rely on the process of attribution. This underscores the reality that false flag operations are as popular as ever and relatively easy for funded intelligence outfits to execute. Does the President believe threatening sanctions will improve our cyber security or is he merely looking for another excuse to frame and punish his adversaries?

Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal , and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.

More articles by:

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

bernie-the-sandernistas-cover-344x550

Weekend Edition
June 14, 2019
Friday - Sunday
Michael Hudson
Trump’s Trade Threats are Really Cold War 2.0
Bruce E. Levine
Tom Paine, Christianity, and Modern Psychiatry
Jason Hirthler
Mainstream 101: Supporting Imperialism, Suppressing Socialism
T.J. Coles
How Much Do Humans Pollute? A Breakdown of Industrial, Vehicular and Household C02 Emissions
Andrew Levine
Whither The Trump Paradox?
Jeffrey St. Clair
Roaming Charges: In the Land of 10,000 Talkers, All With Broken Tongues
Pete Dolack
Look to U.S. Executive Suites, Not Beijing, For Why Production is Moved
Paul Street
It Can’t Happen Here: From Buzz Windrip and Doremus Jessup to Donald Trump and MSNBC
Rob Urie
Capitalism Versus Democracy
Richard Moser
The Climate Counter-Offensive: Secrecy, Deception and Disarming the Green New Deal
Naman Habtom-Desta
Up in the Air: the Fallacy of Aerial Campaigns
Ramzy Baroud
Kushner as a Colonial Administrator: Let’s Talk About the ‘Israeli Model’
Mark Hand
Residents of Toxic W.Va. Town Keep Hope Alive
John Kendall Hawkins
Alias Anything You Please: a Lifetime of Dylan
Linn Washington Jr.
Bigots in Blue: Philadelphia Police Department is a Home For Hate
David Macaray
UAW Faces Its Moment of Truth
Brian Cloughley
Trump’s Washington Detests the Belt and Road Initiative
Horace G. Campbell
Edward Seaga and the Institutionalization of Thuggery, Violence and Dehumanization in Jamaica
Graham Peebles
Zero Waste: The Global Plastics Crisis
Michael Schwalbe
Oppose Inequality, Not Cops
Ron Jacobs
Scott Noble’s History of Resistance
Olivia Alperstein
The Climate Crisis is Also a Health Emergency
David Rosen
Time to Break Up the 21st Century Tech Trusts
George Wuerthner
The Highest Use of Public Forests: Carbon Storage
Ralph Nader
It is Time to Rediscover Print Newspapers
Nick Licata
How SDS Imploded: an Inside Account
Rachel Smolker – Anne Peterman
The GE American Chestnut: Restoration of a Beloved Species or Trojan Horse for Tree Biotechnology?
Sam Pizzigati
Can Society Survive Without Empathy?
Manuel E. Yepe
China and Russia in Strategic Alliance
Patrick Walker
Green New Deal “Climate Kids” Should Hijack the Impeachment Conversation
Colin Todhunter
Encouraging Illegal Planting of Bt Brinjal in India
Robert Koehler
The Armed Bureaucracy
David Swanson
Anyone Who’d Rather Not be Shot Should Read this Book
Jonathan Power
To St. Petersburg With Love
Marc Levy
How to Tell a Joke in Combat
Thomas Knapp
Pork is Not the Problem
Manuel García, Jr.
Global Warming and Solar Minimum: a Response to Renee Parsons
Jill Richardson
Straight People Don’t Need a Parade
B. R. Gowani
The Indian Subcontinent’s Third Partition
Adolf Alzuphar
Diary: The Black Body in LA
Jonah Raskin
‘69 and All That Weird Shit
Michael Doliner
My Surprise Party
Stephen Cooper
The Fullness of Half Pint
Charles R. Larson
Review: Chris Arnade’s “Dignity: Seeking Respect in Back Row America”
David Yearsley
Sword and Sheath Songs
FacebookTwitterRedditEmail