Cybersecurity Forces U.S. To Examine Technological Changes
Between now and the end of the year, Morning Edition will have a number of conversations about the future. To begin our series of conversations, Steve Inskeep talks to Peter W. Singer of the Brookings Institution about cybersecurity. Singer co-authored Cybersecurity and Cyberwar: What Everyone Needs to Know.
DAVID GREENE, HOST:
The end of this year is a good time to reflect on the past but also on the future. In the coming days, we'll talk about the future of warfare, of the nation's changing demographics and more. We're not looking for grand predictions.
STEVE INSKEEP, HOST:
We are looking for realistic assessments of where we stand and what may matter in time. And let's begin with cyber security. Peter W. Singer, of the Brookings Institution, says the Internet changes so quickly that even when we talk about what it's like now, we're usually talking about its past. But he's trying to track emerging threats like malevolent software, malware.
PETER W. SINGER: When you think about malevolent software, malware, we're discovering between one to nine new pieces of malware every second. And this is basically being written by computers.
INSKEEP: Well, there's a computer on the desk in between us here. Suppose that some malware got into this computer, what are some of the things that it might do?
SINGER: It is either going to try and disrupt your information flow, monitor your information flow or change that information. The last one is the real worrisome one. That's the one where it moves to causing physical change in the world. And that's the game change that we've seen of things like Stuxnet, which was designed to sabotage Iranian nuclear research. And it didn't steal the information from those centrifuges. It didn't try and monitor them like an NSA type exercise...
INSKEEP: It made them run the wrong way.
SINGER: It caused them to both damage what they were working on and then damage themselves, spin out of control. So in one way it was like every weapon in human history. On the other hand, it was unlike every other weapon. It was something new because it was made of zeros and ones. It also may be another kind of game change and that it may have been the first ethical weapon in human history. It was in all of these different computers but it could only cause damage to its intended target. That's a really huge deal.
But, of course, not everyone is going to operate that way and that's one of the fears. As we see the proliferation of these kinds of weapons out there, the risk levels grow. You also have attribution problems where it's not just figuring out am I under attack but, gosh darn it, who's doing it.
INSKEEP: You said something moment ago about malware that is constructed by computers. What did you mean by that?
SINGER: When you're talking about the scale, the count is somewhere between one-to-nine every second. You don't have enough people working in your spy agency, your corporation, let alone even in the nation itself, to be doing that. And so you're handing over the task to computers, to AI.
INSKEEP: You're telling me that's happening now. Right now, computers have been set up to create these things automatically.
SINGER: This is not futuristic. And part of it is also a reaction to how we have done defense. The old model of defense was identify a certain type of this is what this kind of virus looks like, and so don't let that in my computer. So then, if you're on the attacker side, what do you do? I change it just a little bit. So if it was something that was looking for a leopard with 100 spots, we'll send a leopard with a 101. And so, your constant modulation...
INSKEEP: Its 102, 110 than a thousand.
SINGER: Yeah. And that's why we have to change the way we think about defense. It's a fool's game to try and think that you can just build a wall. What we need to develop is resilience. My body, if my skin gets cut, I don't just shut down. My body is set up to go after viruses. My body figures out what's important to protect, what's not.
There's also the psychological side. And I think this is maybe more important for us as a nation: resilience is accepting that, hey, bad things are going to happen. It's about how I power through those bad things. Because this is a problem that is going to be with us for as long as we're using the Internet, and the only way that you can continue to get the good is to understand that you have to manage the bad.
INSKEEP: Suppose that I'm a citizen, I've got a smartphone in my pocket. I'm interested in the fate of my country and the fate of the world. In what way do I need to worry, first off, about my own government?
SINGER: Like all things, it's an issue of balance. So the concerns about your government is: Is it well-organized to defend itself, and is its policy hitting all the different issues here? So to give an illustration, Congress knows that cyber security is important. It's held an average of 60 hearings on it a year. Congress hasn't passed important cyber security legislation since 2002.
INSKEEP: A few things may have changed in the world since 2002.
SINGER: Slightly. Yeah.
INSKEEP: The other side, of course, is what the government might do to me as a citizen. Of course, the revelations from Edward Snowden about the NSA point that out.
SINGER: Bingo. There is a problem of overreach here. It's like that - the movie "Team America: World Police"...
SINGER: We keep saying, 9/11, 9/11, 9/11, 9/11. It's a political narrative that may work inside the U.S., but it definitely doesn't assuage the German political leader for why they were cell phones are being tapped. There were certain activities that made maybe good sense within a counterterrorism framework, where you said, OK, if we collect this kind of information, we might get this data point that might help in a counterterrorism exercise. But if you'd had someone in the room that says oh, by the way, if this gets out, it'll be a hammer blow to American business, if my not have been approved. The problem is, is we isolate these discussions, when their multi-issued. There's no problem in the real world that you can stovepipe.
INSKEEP: In 2005, the NSA was found to be gathering massive amounts of data about people, and there was outrage. But the response of Congress was to change the law to make the activity legal. Then there were more revelations in this year that's ending from Edward Snowden and the documents that he released, and there has been outrage again. But the Obama administration has defended most of the activities.
Do we have to accept, in the future, we're just going to know that the National Security Agency is gathering all kinds of data about us and processing it and analyzing it in lots of different ways?
SINGER: We do need to understand that as we move about the online world, we are not completely anonymous. The second issue, though, is the loss of trust in American business - particularly the technology sector - towards the government efforts. Mass data was being vacuumed up in the back door. And so what that has done is it's created massive business losses for these firms.
I was speaking with an executive at a cloud computing company, and he just lost a multibillion dollar contract in Germany. The partner just simply walked away, directly.
INSKEEP: Oh, meaning overseas companies don't want to do business with American firms right now.
SINGER: Yeah. And they're also finally now suffering from ironically, the same kind of whisper campaigns that we did against Chinese companies, of saying, don't buy from them, because they'll cooperate with the Chinese government and your data might be lost. Guess what? That's happening to our companies now. So that's a really interesting, scary place for American industry to be in.
(SOUNDBITE OF MUSIC)
INSKEEP: Peter W. Singer co-authored "Cybersecurity and Cyberwar: What Everyone Needs to Know."
And here's a prediction: we're going to talk about the future in the coming days, as we approach the New Year. Transcript provided by NPR, Copyright NPR.