from the calm-the-fuck-down dept
But, then, of course, there's the question about what it means and what should be done about it. And we're seeing some hysterical responses. Over at Ars Technica, they have a "guest editorial" from a cybersecurity firm CEO, Dave Aitel, (who also is, of course, ex-NSA), more or less arguing that we should declare cyberwar on Russia over this:
What occurred with the recently disclosed breach of the Democratic National Committee servers, and the dumping of stolen data on a WordPress site, is more than an act of cyber espionage or harmless mischief. It meets the definition of an act of cyberwar, and the US government should respond as such.This is insane for a variety of reasons, and hopefully no one is seriously listening to this. First of all, hacking happens all the time. In fact, as Ed Snowden points out, revealed documents show that the US itself has authorized the hacking of foreign political parties. So if Russian hackers possibly doing that to us is a "cyberwar attack" and it's the kind of thing we need to hit back on, then, uh, haven't we been committing "cyberwar" on tons of other parties via the NSA -- for which we, too, deserve retaliation?
Second, the idea that hacking into a political party's servers is "cyberwar" is a ludicrous exaggeration -- especially when their own security practices were suspect. As the ACLU's Chris Soghoian reminds us, it wasn't that long ago that our very own CIA director John Brennan found his personal email hacked by a 16-year-old. Was that a "cyberwar attack" as well? People are going to get hacked. It happens. Sometimes because they have weak security, and sometimes because the hackers are persistent and determined (no system is completely secure). That, alone, should never make it something that escalates to the level of "war."
Finally, beware of so-called "cybersecurity" firms continuing to beat this drum. Their entire business relies on keeping people freaked out about this stuff, including the idea that "nation state" hackers are trying to break into everything. They have lots of incentive to play up attacks and get people worked up about "war." "Cyberwar" (whatever the hell that means) is good for business for cybersecurity companies. In fact, some of those companies admit that the lessening of "cyber" tensions between the US and other countries is bad for their business:
Reminder: Cybersecurity firms like FireEye & Crowdstrike have a $$ incentive to keep nation-state hacking fears high pic.twitter.com/HIkSAGmEXg— Trevor Timm (@trevortimm) July 25, 2016