This past Sunday, 60 Minutes did a segment on cybersecurity titled “Cyberwar: Sabotaging the System.” The segment mostly focused on the “new” national security issues that cyberspace presents, while barely discussing how many of these “new” cybersecurity issues are — at least in part — caused by traditional social engineering. One example being 60 Minutes’ discussion of how CENTCOM‘s networks were infiltrated by an unknown foreign entity that was able to monitor and record all of CENTCOM’s network activity. A serious security breach, but one that is believed to be caused by modified flash drives that were left in physical areas where U.S. military personal would pick them up and use them. When these flash drives were inserted into a CENTCOM computer, it’s believed they unleashed a code that opened a backdoor to the network that allowed the foreign entity to spy.
The most interesting interview from the segment was with James Andrew Lewis of the Center for Strategic and International Studies. Towards the end of his interview, Lewis offered an excellent explanation of why the U.S. has come to see cyberspace as a matter of national security and of how U.S. cyberdominance is being rationalized:
. . . if you talk to the Russians or the Chinese they say “how can you complain about us when you do exactly the same thing?” It’s a fair point, with one exception. We have more to steal. We have more to loose. We’re the place that depends on the Internet, we’ve done the most to take advantage of it. We’re the ones who have woven it into our economy, into our national security, in ways that they haven’t. So, we are more vulnerable.
The quote reveals an odd contradiction: “We” are repeatedly told by governments, corporations, and various individuals that weaving the Internet into our environment will bring more security – at the same time “we” are told by those same actors that weaving the Internet into our environment makes us less secure.