18 August 2018

How prepared is the U.S. to fend off cyber warfare? Better at offense than defense


“We spent years worrying about the giant cyber-Pearl Harbor,” says David Sanger, author of “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age.” But, he argues, that has blinded us to more subtle uses, in which we are all collateral damage. Sanger joins Judy Woodruff to discuss the threats and realities, how the U.S. wages cyber warfare, and how prepared the U.S. is to stop attacks.

Nick Schifrin:

Last week, David Sanger of The New York Times reported that Russian intelligence hackers are now more focused on disrupting the U.S. electrical grid than on sowing chaos in the U.S. electoral system.


Sanger has been reporting on the threats and realities of cyber-warfare, who wages it and how prepared the U.S. is to stop it in a new book.

Judy Woodruff recently sat down with Sanger to discuss it.

David Sanger, welcome. The book is “The Perfect Weapon -War, Sabotage, and Fear in the Cyber Age.”

You know, I don’t normally say this in an interview. Fear is in the title. But this is a frightening book. Did you mean for it to be?

David Sanger:

“War, Sabotage, and Fear in the Cyber Age,” I meant it more to be an explanatory book, but it’s an explanatory book about a frightening time.

And the frightening part of this is that cyber-weapons have moved, almost without us recognizing it, to be the primary way, Judy, that countries are beginning to undercut each other, do short-of-war operations against each other, operations that they don’t think will start a military response.

You know, we spent years worrying about the giant cyber-Pearl Harbor that was going to cut off all the lights from Boston to Washington or San Francisco to L.A. And, in fact, that kind of blinded us to the much more subtle uses of cyber, in which all of us are the collateral damage to this war among states that’s going on far above our heads.

Judy Woodruff:
You have some — just so many fascinating stories in here. You had, I think, incredible access to some of the — some of the key players.

One of the points you make, David Sanger, or is that the U.S. has not only stressed secrecy above all, but it’s been much more comfortable talking about what other countries are doing to the U.S. than it’s ever been willing to talk about what the U.S. is doing to others.

David Sanger:

Yes, we have hit this moment, Judy, where I think, in the reporting, I became convinced that the secrecy surrounding cyber, which arises from the fact that it was one of the first weapons developed by the intelligence agencies — and they’re naturally secretive — is actually beginning to become a security problem for us, because it’s getting in the way of us establishing rules and deterrents.

So, let me give you an example. We have felt free to go attack nuclear facilities in Iran, or, as this book reveals, North Korea’s missile program. And yet, because we won’t talk about our own capabilities and operations, we can’t get the government involved in a serious conversation about what’s off-limits.

Judy Woodruff:

And why haven’t U.S. officials been more willing to talk about that?

David Sanger:

They have confused keeping secrecy around how we build these weapons and what we do from — from secrecy about how we want to go use them.

And, even in the nuclear age, we kept everything about how we built nuclear weapons, where we stored them secret, and we had a big public debate about how we wanted to go use them. And it ended up in a completely different place.

Judy Woodruff:

You write at one point that the U.S. is still ahead, but you said that China and Russia are very close to catching up, and maybe even North Korea and Iran.

How well-equipped right now is the U.S. to fend off a major cyber-attack?

David Sanger:

We’re much better at our offense than we are at our defense.

And that’s partly because most of the targets in the United States are in private hands, utilities, financial firms, but also because, even while our cyber-defenses have improved — and they have improved dramatically in the past five years — the number of targets has expanded so dramatically, that we can’t keep up.

So you now have an Internet-connected refrigerator or the cameras outside your house, if you have got them, are Internet-connected, your autonomous car. There are so many new ways in that, no matter how much better we get a defense, it seems like there are more targets.

Judy Woodruff:

The — of course, one of the things that arises out of this, and because the timing of the book, is what happened in 2016, the Russian — reported Russian attempt to interfere in the U.S. election.

What did you find out about that? Did you come away convinced that that happened?

David Sanger:

I not only came away convinced that it happened, but I came away convinced that we missed huge numbers of signals running up to it.

There are four chapters in the book on Russia. But the first one starts in Ukraine. And it’s called “Putin’s Petri Dish,” because, basically, every single thing the Russians did us, they tried out in Ukraine first. And we didn’t have the imagination to think that they would take that and try it here.

The second thing was, the FBI was way too slow on the investigation into what happened at the DNC. It took nine months before they really got everybody to wake up to it. And, even then, the British had to step in and warn us that Russian military intelligence was inside the DNC.

And then the White House got involved in a lengthy internal debate about whether to call out President Putin. Once again, they made the decision that they had made when the Russians went into the White House, the State Department, and the Joint Chiefs of Staff, not to publicly penalize the Russians, at least before the election.

Judy Woodruff:

And, of course, the whole argument about whether President Obama moved quickly enough or not.

David Sanger:

And aggressively enough.

Judy Woodruff:

And aggressively enough.

Last thing, David Sanger. You ask an important question at the end about how the U.S. is really almost seen as a hypocrite, because we argue against — we argue against other countries interfering in what we do, and yet it’s something that the U.S. is guilty of doing.

Has the — and then you go on to say, it’s up to us, up to the United States, to come up with ways to control this monster that we have created, that the U.S. has created.

Do you think that’s going to happen?

David Sanger:

If so, it’s going to happen very gradually, and it’s going to require a change of view in the United States and a change of view among our adversaries.

One of the ideas that’s kicked around — you hear the president of Microsoft, Brad Smith, talk about it, you hear executives at Siemens and other places talk about it — is having some kind of a digital Geneva Convention, some rules about what you wouldn’t do to civilians.

Now, would they get violated all the time? Sure. But, then again, the Syrians violate the Geneva Conventions every time they gas civilians. But at least we would begin to have some norms of behavior.

And the few efforts so far to start that at the U.N. have really died off.

Judy Woodruff:

Which is a bleak prospect for the future.

David Sanger:

It is.

You don’t want to wait until you have such a big, paralyzing set of events or a series of smaller, but incredibly damaging cyber-attacks, for us to think about those in retrospect.

No comments: