The Dawn of the Code War and Adversary Intelligence

nasa Q1p7bh3SHj8 unsplash 1 scaled 1

John P. Carlin has a fascinating new book out about “how we tried to take cyberthreats out of the shadows and used the criminal justice system to shine light on cyberattacks.” Co-authored by journalist and historian Garrett M. Graff, the book takes you through the Obama years where, as former Assistant Attorney General for National Security and National Coordinator of the Computer Hacking and Intellectual Property (CHIP) program, John battled behind the scenes in The Dawn of the Code War.

Like the Cold War, the Code War is not what we think of as war; it is “complicated, multidimensional, international period of tension that requires resources across government and the private sector.” Unlike the Cold War that was about a single adversary, the Code War is more complex. It is being fought online in an environment of anonymity, against adversaries who may be individuals — hacktivists, criminals, terrorists — organizations and nation-states.

And unlike the Cold War that predated the Internet, this Blurred World War is different in 6 fundamental ways:

    1. 1. Blurred lines between war and peace. If the Chinese had invaded the headquarters of the Solar World factory in Oregon, we would have known we were at war. If the North Koreans had destroyed Sony’s offices in Los Angeles, we would have known we were at war. If the Russians had broken into the DNC offices in Washington DC, we would have known we were at war.

 

    1. 2. Blurred lines between private and public. In the past, national security and defense was the main job of governments. The Ford Motor Company or Campbell Soup did not build their own defense systems to protect against Russian missiles. The internet however is owned and operated in large parts by private companies and sharing is key to effective national defense.

 

    1. 3. Blurred lines between nation-states and individuals. Nuclear weapons and missile systems, weapons of mass destructions required nation-state sized investments. Today, chemical weapons, biological weapons and cyber weapons — zero-day exploits, malware, ransomware and more — can be unleashed by individuals across the world.

 

    1. 4. Blurred lines between physical and virtual worlds. During the Cold War, “Your car was your car and your computer was your computer.” But today, your car is a computer on wheels and your computer is distributed hardware, software and data. Money is almost all virtual and cryptocurrencies are entirely virtual.

 

    1. 5. Blurred lines between domestic and international. Country borders still mattered during the Cold War. But the world in the Code War is flat. Government agencies still operate in domestic and international silos, while “terrorists from the Middle East can communicate directly with American citizens without ever setting foot inside our country.”

 

    1. 6. Blurred lines between what is secret what is critical infrastructure.

 

The book goes on to describe how over the last decade, prosecutors, federal agents and the intelligence community worked with private sector security researchers and others to impose law and order.

Public attribution is important; they sent a message across government that it was possible to prove in a court of law who was behind an attack, they sent a message to the private sector that the government would be aggressive in confronting bad behavior online and they sent a message to foreign adversaries that this behavior was not acceptable and that there would be consequences.

Much remains to be done, but thanks to John and others in service, as he says, “it was a start”.

Interested in our work? Please contact us at info@constellaintelligence.com. To learn more about Constella, subscribe to our newsletter below.