1 December 2019

Keep Your Friends Close and Your Enemies Closer? Not In Cyberspace.

By Lieutenant Commander Raymond Dennis, U.S. Navy
Source Link

Sun Tzu is credited with the phrase “Keep your friends close; keep your enemies closer.” Online, while our friends remain close, our enemies continue to get closer. Connections on social media (including LinkedIn and Facebook) may not be who we think they are. The enemy wants to be your online friend and shipmate—and it is putting us all at risk.
If It Works, Stick With It.

For years, America’s adversaries have gone online, recognizing the level playing field offered in unclassified and open cyberspace. The U.S. Navy and Marine Corps team enjoys a degree of unmatched kinetic strengths in traditional sea, air, and land spaces, but cyberspace is different. Conducting human intelligence (HumInt)-enabled cyberspace operations requires only a single, crafty cyber actor with an internet connection.

America’s adversaries know what works and they stick with it. They recognize opportunities to develop intelligence and counter our forces online through unclassified networks and social media. They continue to find success as we struggle with preventing misinformation and securing our cyberspace.


In 2009, cyber security professionals Robin Casey and Thomas Ryan created the fictious “Robin Sage.: Sage’s LinkedIn profile described a 25-year-old female with a degree from the Massachusetts Institute of Technology. Sage was listed as a cyber threat analyst for the Naval Network Warfare Command (a component of U.S. Tenth Fleet/Fleet Cyber Command). 

According to Ryan, the Robin Sage experiment exploited “the fundamental levels of information leakage — the outflow of information as a result of people’s haphazard and unquestioned trust.” “By acquiring a large number of connections, Sage had the ability to identify the individual who was positioned to provide the most intelligence.” This experiment helped illuminate the risk of allowing the enemy to get closer, and such risk endures largely unmitigated more than a decade later.

In an August 2019, the New York Times reported “How China Uses LinkedIn to Recruit Spies Abroad.” William Evanina, director of the Counterintelligence and Security Center, said, “Instead of dispatching spies to the U.S. to recruit a single target, it’s more efficient to sit behind a computer in China and send out friend requests to thousands of targets.” U.S. servicemembers are the targets. And when we “connect” or “friend,” we clarify the adversary’s intelligence picture of us as a whole: we enable opportunities to place U.S. national security at risk. In some cases, what begins as a legitimate online connection evolves into an opportunity for misinformation and malicious intent—with little indication of any wrongdoing. 

In March 2019, the Facebook group “Vets for Trump” was hijacked from its creator by a Macedonian national, leaving its 100,000 followers susceptible to misinformation and manipulation. The Washington Post noted, “Veterans and active-duty military personnel are especially valuable targets for manipulation because they vote at high rates and can influence others who admire their records of service.” For months, those continuing to follow the page received information curated by the Macedonian. In this case, those supporting the nation’s President via a Facebook group were subjected to misinformation. A similar scenario is likely occurring on LinkedIn for the U.S. Navy’s senior officer. 
The CNO Wants to Connect with You. (Maybe.)

Consider the supposed LinkedIn profile for Admiral Michael Gilday, the U.S. Navy’s 32nd Chief of Naval Operations (CNO). A LinkedIn profile for Gilday appeared near the date he assumed the position of CNO on 22 August 2019. It is littered with suspicious content: misspellings, poor grammar, inaccurate education information, and an oddly structured date. The content appears to come directly from a Wikipedia article on him, only adding to the suspicion.

The supposed Gilday LinkedIn profile includes new posts infrequently, with content copied from the CNO’s official profiles on Twitter and Facebook — precisely the type of action a malicious actor would employ to rein in more connections. The most concerning aspect is the profile’s approximately 400 connections, including several retired and serving Navy officers.

The current CNO is not the only one with such a profile. His predecessor, Admiral John Richardson—the Navy’s 31st CNO, has an equally suspicious LinkedIn profile named “john Richardson, admiral at Navy SEAL Foundation” (capitalization errors as quoted in the profile).

With each connection, profiles like the ones purported to be Gilday or Richardson create a direct link to influential leaders within our nation’s sea services. If such profiles are managed by malicious actors, including foreign adversaries, each connection is a prime target for follow-on phishing e-mail campaigns, human link analysis, or worse: foreign recruitment. 
We Need Partners: Foreign & Domestic.

The Vets for Trump incident on Facebook and the supposed profile of Admiral Gilday indicate that our nation’s defense requires industry partners—including U.S. and foreign-based technology companies—to protect our cyber sovereignty. Certainly, it is in the best interest of Facebook, LinkedIn, and other digital platforms to maintain a user base of genuine content. The case of Vets for Trump and the fake Gilday profile demonstrate the complexities and time lag in curbing misinformation. The U.S. military — and the entire U.S. government — needs improved relationships with private industry to properly defend the nation from cyber threats.

In 2016, I served as a Secretary of the Navy Tours with Industry fellow. For one year, I embedded at the Texas-based finance and insurance company USAA. In the company’s Cyber Threat Operations Center (CTOC), I teamed with exceptionally talented cyber professionals. My opportunity with USAA highlighted the potential for synergistic effects when the military or government partner with industry to protect national cyberspace. At USAA, the CTOC could lean on established relationships within the cyber and legal sectors to rapidly remove fictitious profiles, websites, or servers imposing on USAA’s security or brand.

As the organization responsible for defending U.S. interests abroad, the military needs stronger industry partnerships for protecting the nation at home—in our cyberspace. The military needs the same rapid decision and feedback loops I witnessed in industry to stomp out misinformation online. Partnerships between the military and industry must be transparent and focus on limiting fictitious profiles and misinformation; they are not designed to encroach on free speech or silence military critics. 

To lead this effort within the Department of the Navy, the Secretary of the Navy should lean on the recently established Chief Information Officer (CIO), who is tasked to oversee cyber security, data, and information and guide the Navy “through a cultural shift to improve poor cyber hygiene.” Certainly, a ‘cultural shift’ can help each of us in protecting our nation through improved ‘cyber hygiene’—this begins with knowing who we connect with, share with, and allow into our digital lives. 

We Can Innovate Our Way to Safety. 

Serving and former U.S. military personnel need a cross-platform solution to identify disingenuous information. Today, online platforms such as Facebook and LinkedIn are expected to police their own user-added content. This method is inconsistent; it places the responsibility on private entities. Instead, we need to share this responsibility. 

A low-cost solution, such as a browser extension (and comparable technology for mobile platforms), would inform our forces if the information they view is genuine. This solution would be available on government devices and downloadable for personal use— protection from misinformation should not be a state secret. Artificial Intelligence (AI) with crowd sourcing capability could learn how misinformation takes shape and, in turn, rapidly identify manipulative sources. This solution provides options to users, including the ability to report information to analysts for assessment (analysts within the government as well as the content provider) and educate the user on the rationale for flagging the information. This education is paramount; increased awareness is essential to cyber safety.

Fortunately, established organizations exist to spearhead such innovation. The Defense Innovation Unit, the U.S. Air Force’s Kessel Run lab, and the Navy’s NavalX (subordinate to the Assistant Secretary of the Navy for Research, Development, and Acquisition) are all capable, in their own way, of seeing this through to reality. 
Relationships Matter; We Need to Connect—Carefully.

As U.S. history shows, we take action against those—from nation-state adversaries to enterprising cyber attackers—who seek the comfortable space to act against us. Cyberspace is no different. We must not swing the pendulum too hard, however. It is okay to connect online with those we respect and with whom we share common values. Much of our success as a force is attributed to the relationships we cultivate. We increasingly augment our relationships through virtual means, maintaining distant connections only manageable through modern technology. As humans, we need to connect. 

At the same time, we must be cautious and analyze carefully the emails and friend requests we receive. Seek news and information from multiple trusted sources, and if something does not look right, check it out. Alert your command security manager to suspicious emails. Notify the service provider of false information or suspicious profiles or strange online activity. 

As those concerned with the security of our nation, our military, and our shipmates, we must remember: “keeping our friends close, and our enemies closer” should not apply online.

No comments: