Is a Communist or Totalitarian System Preferable in the Internet Age?

Wednesday, October 03, 2012

Doug DePeppe


Is a Reverse Soviet Collapse in the Offing for the West?

Quite some time ago while I was in college (a more distant period ago than I’d like to admit), a very smart friend talked to me after several beers how he was approaching the CIA with a grand strategy to undermine the Soviet Union.  His plan went something like this.

“You know how paranoid the Russians are, right?  And while their military is strong, their economy cannot compete with a capitalist society.  What if we built up our military, with actual capability and pursuing extreme technological advances, and we simply forced the Soviets to spend themselves into bankruptcy?”

A short few years later, I reflected on the Star Wars initiative (Strategic Defense Initiative – SDI), and all the military buildup under the Reagan Administration; and, of course, the subsequent collapse of the Berlin Wall and the fall of the Soviet Union.  I wondered:  “Did this guy actually get his plan to the CIA?”

The fundamental aspects of this strategy were:  1) a play upon Soviet paranoia, and 2) leveraging the strategic advantages of capitalism.

Is a Communist or Totalitarian System Preferable in the Internet Age?

In the West, we tout the openness of the Internet.  Many attribute the Internet as playing a major part in the Arab Spring.  The Internet fundamentally connects!  Anyone online has access to anything (save, of course, those behind the Great Wall of China, and similar places that restrict the Internet).  The dark underbelly of the Internet, however, is that all this connectivity allows bad actors to connect to any target he desires.  Hence we have cybercrime, hacktivism, state actor threats, online economic espionage, and the convergence of narco-terrorism and cybercrime. 

Today, these threats are posing a grave threat to the security of the West and its economic competitiveness.  Why spend billions in R&D for the Joint Strike Fighter or space technology, or any other valuable technology or know how, if it’s simply easier to steal it through the Internet? 

As many are writing, including two articles this week, a new approach is needed to defend against attacks that represent the “greatest transfer of wealth in history”, according the General Keith Alexander.  The challenge in a Western society, or perhaps more appropriately described as societies that embrace capitalism, is that the government respects private property.  True, regulation is permitted, but absent crime or a national security interest, it is generally true that governments do not engage in the protection of business networks.  Moreover, many businesses, regardless of the extreme technology they might be developing, may not have the resources to defend against certain attackers.  We all need exquisite security in the modern Internet Era, but few can afford it.

Conversely, communist or totalitarian systems of government own the business community.  These governments lack the constraints that exist in Western society.  Indeed, the Great Wall of China is a great example.  The West cannot establish a similar prophylactic protection scheme. 

Today, I’m having a coffee rather than a beer, but I reflect back on that strategy about  undermining the Soviet Union and can’t help but wonder:  “Have the Chinese figured out a grand strategy that will undermine our competitiveness?”  Are we at risk of having a prime feature of our society used against us (separation of industry and government), much like the seeds of destruction of the Soviet Union were sown from inside their societal model?

So What of the Public-Private Partnership?

If situational awareness and aggregate readiness levels across a nation’s footprint is the answer, as I wrote earlier this week along with a similar article from a colleague from The Netherlands, a mechanism is needed that addresses the “challenge of the two distinct spheres” I noted above (i.e., industry and government have legal constraints against robust and timely information sharing).  If the Chinese, and others, can target the gap between industry and government, the gap must be closed.  But, how can that be accomplished if industry has proprietary information, trade secrets, brand protection, and other incentives to withhold information from government?  How can government – at least the Federal Government in the US – share information that would likely give a competitive advantage to select recipients (an anti-competitiveness practice)?  And what about classified information, “law enforcement sensitive”, and other information sharing constraints?

The Public-Private Partnership for cybersecurity needs greater study, piloting, and maturing.  Frameworks for information sharing are needed.  These frameworks must address the fundamental cultural and legal dimensions of the “challenge of the two distinct spheres”.  Still, the strategy of Western nations must take account of this fundamental advantage of totalitarian regimes in the Internet Era.  Greater information sharing to improve situational awareness and readiness levels is clearly needed, among other approaches to cybersecurity.  Otherwise, the death by a thousand cuts will continue, and the “greatest wealth transfer in history” will grow in severity, and our competitiveness in the global marketplace will subside.

Doug DePeppe is a cybersecurity attorney and principal with i2 Information Security.  He is a Cofounder of the Western Cyber Exchange.

Possibly Related Articles:
Government Cyber Security internet Russia Public-Private Partnership
Post Rating I Like this!
Marc Quibell I've given a little thought to a public/private consortium concerning what some might call homeland security. InfraGard was the closest thing I've come across that would match that description. We had a good group in Iowa, and I got the chance to meet some fantastic, nationally-recognized people. InfraGard is a great venue for info sharing across the Fed/Private lines.

One of the benefits of being a member was the fact that members were "vested" by the FBI and this allowed the FBI to share information "of interest" to its members before being released to the public. I suppose it's akin to applying for a Secret security clearance, although the information was never considered classified. Private businesses really didn't have any sensitive information to share while I was there. National security is a lot bigger than a private firm's information they may need to disclose, if ever. I've never had any conflict sharing information with other InfraGard members, concerning the company I worked for...

The main benefit I got out of InfraGard was not so much new information, but a broader range of information. Information itself travels a lot faster than the fed. Sharing and collaboration between private firms was also a huge benefit.

As far a consortium for defending against attacks - that is highly unlikely. Defense against attacks take the same for they do when physical attack occur: call the authorities. And if it's really bad, contact upstream providers, or unplug. Otherwise, it's business as usual.
Doug DePeppe Hi Marc,
The title of this article was intended as:
Is a Reverse Soviet Collapse in the Offing for the West? It was posted with the subtitle. So the thesis here is that information sharing between the public and private sector is not possible, on the scale and currency needed for effective situational awareness.

I'm not saying there aren't ad hoc models. The problem is that a fully mature, near-real-time information exchange environment between industry and government does not exist. But it is what we need.

Moreover, there are legal regimes between the two distinct spheres, and it's not apparent that those spheres presently permit a robust platform between the two. The two spheres are NECESSARILY separate, in a capitalist system. And this is the gap that is presently being exploited.
Michael Johnson If there's one gap that's being exploited, it's the huge gulf in technical understanding between the corporate infosec world and the bad guys. Yes, we use a lot of jargon and pseudo-military theorising, but at the end of the day we're still discussing abstracts. The bad guys are skilled to the extent the banking industry spent years playing catch-up regarding electronic and online transactions, while the systems were analysed in depth for every conceivable way they could be exploited. No matter how we merge and re-organise, we're still left with this fundamental problem.
This is why governments are sponsoring 'cyber' challenges to find those with potential, why the PRC employs and co-ordinates 'hacker' groups to do the dirty work in preference of its own 'cyber army' (that, and plausble deniability).
Doug DePeppe Michael, I agree with you. And it's why looking at the network without regard for the adversary is like France's Maginot Line (that is, we'll defend with strongpoints without regard to the Nazi's mobile strategy). In other words, that there's an adversary, it makes for a dynamic defense, yet we still think in static, standards-based approaches. A standard signals what needs to be circumvented. Not that I'm against standards by themselves, yet they breed a compliance mindset ('check the box and we're done').

But there's also value in thinking with military strategy, because that focuses on an adversary.

Moreover, you can win a battle but not the war. That's my ultimate point. Our national strategy is wrong, in my judgment.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.