Stopping SolarWinds’ style mega hacks, but preserving democracy - analysis

Until the hoped-for leap forwards in cyberdefense happen, government officials seem mainly interested in developing a culture of cooperation.

APRIL 25, 2021 17:46

[Illustrative] A man holds a laptop computer as cyber code is projected on him. (photo credit: KACPER PEMPEL/REUTERS) — [Illustrative] A man holds a laptop computer as cyber code is projected on him.

(photo credit: KACPER PEMPEL/REUTERS)

One of the central security questions of our time is how to defend countries such as the US and Israel from repeat mega-hacks by the likes of Russia, Iran, China and North Korea.

The SolarWinds and Shirbit hacks announced last December, along with a variety of other major cyberattacks, have convinced the US and Israeli governments that leaps forward are needed to keep up with the new frenetic pace of digital warfare.

Yet, until a column in Politico by former US National Security Agency chief lawyer Glenn Gerstell last Monday, no one had publicly presented a detailed recipe for the path forward as much as experts had hopped up and down about how bad the past hacks were.

Are Gerstell’s solutions realistic even for the US, and can anything be applied from his proposals to Israel’s context?

First, it is important to flag two major issues Gerstell defined in a more concrete way than others have.

One is that when domestic computers are taken over by foreign agents to use them to perpetrate a larger attack on the very country where they are located, American and Israeli cyberdefense agencies face much greater challenges than when attacked head-on by foreign computers.

The Jerusalem Post was able to see this firsthand during an insider classified tour of the Israel National Cyber Directorate (INCD) office in 2020, observing a screen with cyberattacks emanating from a range of Israeli allies (obviously the computers were hacked by adversaries).

The good news is that in many cases, cyber officials can see an attack developing before it completely blows up, the Post learned. That is because adversaries must somewhat reveal their hand as they start to cut through sophisticated cyberdefenses.

But this can also be harder to notice if it is happening in multiple and gradual low-key stages domestically.

A second is that this challenge is not just technical. Rather, it is a built-in disadvantage for democracies, which must balance national defense with respecting individual civil liberties and property rights, whether physical or digital.

Put simply, the NSA is more limited by law from counter-hacking a US computer already hacked by a foreign adversary than it is going against foreign computers.

Many Western-style democracies are experimenting with striking a new balance between security and civil liberties in the cyber sphere, Israeli officials who discussed the issue off the record with the Post said.

One country is giving some of its cybersecurity agencies new surveillance powers to quickly probe and monitor its own domestic computers in situations that might constitute a “severe danger to the country’s way of life.”

An analogy might be the cyber version of Shin Bet (Israel Security Agency) ticking-bomb authorization to carry out enhanced interrogation of suspects to stop an imminent terrorist attack.

Granted that hacking a citizen’s computer is not the same as enhanced physical interrogation. But the danger such activity could pose to a society’s democratic character, if abused, is in many ways as dangerous.

Gerstell’s proposals actually fall somewhat short of such powers. But that is because the US in the post-Watergate era, as a cultural-historical matter, has a much larger objection to the NSA or CIA spying on its own citizens than other democracies.

Israel does have some robust defenses for its citizens from state encroachment on the private sector’s digital space.

There are Basic Laws protecting privacy and property rights.

Also, there is a recent High Court of Justice decision that declared Shin Bet surveillance of Israeli citizens infected with the coronavirus to have been unconstitutional.

But at the same time, Israel has a culture of deferring to the Shin Bet far more than some other democracies when there is a clash between security and privacy.

The flip side to the above High Court ruling was that Israel was the only democratic country in the world that dared to use its own spy agency to track its infected citizens during the coronavirus era.

Facing far more immediate and constant security threats than most democracies, the Israeli public is readier to tolerate the Shin Bet or IDF imposing on its freedoms than other democracies might be, especially during a crisis.

There are some practical differences between what the US and Israel can do and how they operate.

For example, the NSA is likely the most powerful cyber agency on the planet, with potential hacking access anywhere in the world.

However, the NSA’s responsibility in tracking threats is also worldwide.

The Shin Bet and the INCD have much more focused and limited portfolios, generally to regional threats.

Further, the US is huge geographically, meaning there may be many situations where the only cyberdefense answer for the government may be to remotely hack its citizens’ compromised computers.

In contrast, Israel’s small geographic territory has, to date, allowed the INCD to hop in a car and arrive physically to assist a hacked company in real time, while also giving it face-to-face reassurance that the intervention will be narrowly tailored to protection purposes.

One surprise from recent discussions and events held in the US and Israel is that groups such as SolarWinds and Shirbit have not been shunned for being hacked. Rather, they have been almost praised for their full cooperation with authorities subsequent to the hack.

A more ideal situation would be to prevent the hacks before they happen and before they spread.

But until the hoped-for leap forward in cyberdefense happen, government officials seem mainly interested in developing a culture of cooperation.

Gerstell’s ideas go beyond cooperation and information sharing to allow lightning-fast intervention, provided permission is granted by high-ranking law-enforcement officials or special courts just as quickly.

Whether the US or Israel can successfully implement new approaches to stop mega-hacks, while creatively preserving checks and balances to protect civil liberties, is still an open question.

Stopping SolarWinds’ style mega hacks, but preserving democracy - analysis

Until the hoped-for leap forwards in cyberdefense happen, government officials seem mainly interested in developing a culture of cooperation.

Israel's mental health crisis is not looming, it's already here

Ramadan and Passover: Amid the violence, a sign of hope

The two-state obsession: It’s about constraining Israel - opinion

We’ve never faced a threat like this: We need to act now

Following Iran's attack, more US aid is needed for Israel