America created cyberspace in its own image — free, open, decentralized, distributed and self-governing. If the internet had been created in China or Russia, its architecture would have been very different. Unfortunately, its very openness and freedom have become the source of its vulnerabilities.
Authoritarian nations find the freedom of cyberspace very threatening. They build firewalls to protect their societies from freedom. For geopolitical reasons, they also use cyber weapons to attack others.
A most attractive feature of cyberspace is that its entrance threshold is so low that an ingenious, self-taught person can create apps and new platforms and become rich; or become a hacker and get into infrastructure, financial or military systems without leaving a trace. Rogue states and well-organized digital terrorist groups use footloose hackers to steal intellectual property and pry into diplomatic and strategic plans.
Cybersecurity attacks are stealthy and insidious. There are no rules of the road to protect cyberspace, the domain in which all our activities — military, economic, commercial, political and cultural — are being done now. Power grids, financial systems and defense networks could be brought down, not only by hostile states but also by nonstate actors, alone or in collusion with their governments. Last October, a cyberattack shut down the electrical grid of Mumbai, India’s financial capital, plunging millions into darkness. The New York Times suggested that it was a Chinese cyberattack — a warning that China could not only fight India in the Himalayas, but also in its financial hub.
The May 7 ransomware attack on Colonial Pipeline, one of America’s largest fuel suppliers, was carried out by affiliates of a criminal hacking group, DarkSide. The attack crippled Colonial’s computer system, for which it had to pay the ransom in cryptocurrency — 75 bitcoins, or nearly $5 million, according media reports. Cryptocurrency based on blockchain technology is a possible future for global finance. Ransom in cryptocurrency cannot be traced at present.
One of America’s most precious assets, intellectual property, is under constant threat. Chinese hackers have been accessing the designs of some major U.S. weapons systems to modernize its military. Perpetrators can conceal their location because of the anonymous nature of the Internet, which makes the attribution of cyberattacks problematic. But technology is being developed to locate perpetrators. A few years ago, Mandiant, an American computer security company, was able to pinpoint that a unit of the People’s Liberation Army, located in Shanghai, had “systematically stolen hundreds of terabytes of data” from American corporations, organizations and government agencies. They stole “product blueprints, manufacturing plans, clinical trial results, pricing documents, negotiation strategies and other proprietary information from more than 100 of Mandiant’s clients, predominantly in the United States,” the Times reported.
But what can be done with hackers if they originate from Russia, North Korea or China? The independent Commission on the Theft of American Intellectual Property said in a March report that “IP-intensive industries support more than 45 million U.S. jobs. IP theft costs the U.S. economy hundreds of billions of dollars annually and reduces U.S. companies’ R&D investment and innovation.”
Most intellectual property theft continues to originate in China, a situation that has not changed since the commission’s first report in 2013, when it said IP theft “needs to have consequences, with costs sufficiently high that state and corporate behavior and attitudes that support such theft are fundamentally changed.” Its most intriguing recommendations included that “companies that experience cyber theft ought to be able to retrieve their electronic files or prevent the exploitation of their stolen information.” And furthermore, that “both technology and law must be developed to implement a range of more aggressive measures that identify and penalize illegal intruders into proprietary networks. …”
The U.S. National Security Agency conducts surveillance under the authority of the Foreign Intelligence Surveillance Act. It collects metadata from telephone companies and internet data from internet service providers. It watches the cross-border data flow. With so much data collected through its surveillance power, the NSA should have known through its Early Awareness System about DarkSide’s ransom attack before it occurred.
One would think that Silicon Valley tech wizards should have developed foolproof encryption to protect the nation’s data. But they haven’t done yet.
Cyberspace, in the ultimate analysis, is nothing but data. Data is power, as Matthew Slaughter, dean of the Tuck School of Business at Dartmouth, and David McCormick of Bridge Associates, argued in Foreign Affairs. With 5G technology and the so-called “Internet of Things,” which would turn everything into a networked object, data would expand exponentially. They say data is “non-rival” in the sense that “it can be used simultaneously and repeatedly by any number of firms or people without being diminished.”
True — but how dangerous in practical terms! Just consider: The Pentagon spends hundreds of millions of dollars of taxpayers’ money in research and development for advanced defense systems, which are nothing but data. If data is “non-rival,” the Pentagon shouldn’t worry when hackers copy the weapon design system, which China could use to develop a competitive advanced defense system, saving millions dollars, years of research and development — and pose a threat to America. Pfizer and Moderna vaccine patents are “non-rival” data, but they wouldn’t share with anyone.
Cyberspace has been called the fifth domain: land, air, water, space, and now cyberspace, for which the United States established Cyber Command, the Pentagon’s offensive cyber force that Donald Trump elevated in 2017 to a separate unified military command to strengthen cyberspace operations.
America, like India and other technologically advanced nations, has become a data nation. Data gives us power, but it creates vulnerabilities of which the DarkSide and Mumbai attacks gave us a foretaste. Who would set the new world order in the digital age? Techno-autocratic nations like China and Russia, or the world’s democratic nations, the U.S., Japan, India and others?
Narain Batra, of Hartford, is a contributing columnist for The Times of India, author of The First Freedoms and America’s Culture of Innovation, and a professor of communications and diplomacy at Norwich University.