easyDNS is pleased to sponsor Jesse Hirsh‘s “Future Fibre / Future Tools” segments of his new email list, Metaviews
Collaboration vs Espionage
It may come as no surprise that one of my cultural influences was Mad Magazine. For those of us of a certain vintage, Mad magazine was an oasis in a satirical desert.
I was particularly fond of the Spy vs Spy comics, as they combined hilarious dirty tricks and double dealing with a modest satirical critique of the art of espionage. Growing up in the Cold War, espionage was generally mysterious and glamours, and I loved how Spy vs Spy offered an alternate view that emphasized incompetence and heavy handedness.
As we move deeper into this pandemic induced crisis, I think the role of intelligence agencies deserves greater scrutiny and attention. We first touched upon this in an issue published just over a month ago, and now seems like a good moment to circle back. Especially in the context of what foreign (to North America) intelligence agencies up to.
The Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency (Cisa), a division of the homeland security department, issued a rare joint warning on Wednesday.
In what was billed as a public service announcement, they said “healthcare, pharmaceutical and research sectors working on Covid-19 response should all be aware they are prime targets” of hackers.
The cyber-thieves had “been observed attempting to identify and illicitly obtain valuable intellectual property and public health data” on treating the coronavirus, the statement added.
While this kind of espionage is not unusual, it also comes in a sensitive moment when tensions (and resentment) are high.
China was able to get away with such brazen hacking and espionage when they were helping increase the profits of corporate America. Yet now when they’re rightly being blamed for mishandling the start of this pandemic, actions that could undermine recovery efforts may not be tolerated.
I keep bringing up what I call the narrative disorder that sews confusion in this crisis. The tension between the public health mantra of “we’re all in this together” and the larger focus on self-interest, and every person, or in this case, country, for themselves.
What happens when and if countries start treating each other as adversaries rather than allies, who ought to be united against this pandemic? Certainly we would all benefit from pandemic solidarity and collaboration. That’s what medical science depends upon, and without it, the pandemic will be far more severe and last far longer.
However competition is often a by-product of scarcity, and national security concerns will always be a priority for nation states. This combines to motivate governments to think strategically about their own resource allocation and development, as well as entertain the national security implications of how this pandemic induced crisis is playing out.
We’ve already seen modest consequences of the competition that has arisen over scarce goods like personal protective equipment. In the US, individual states have had to bid against each other, driving up the price of equipment and medicines. While this is ludicrously stupid, and results in unnecessary suffering and infections, it is a consequence of poor planning, coordination, and scarce supplies.
I expect similar incidents to occur with other scarce resources, like the chemicals or materials needed to produce tests. Yet these all apply to tangible or physical objects, what about conceptual or digital resources? Should there or can there be (artificial) scarcity when it comes to intellectual property or medical data?
The obvious answer is no. This is and should continue to be the largest scientific collaboration in human history, and the research and data generated as part of it should be shared openly.
However greed (and ego) can be a significant motivator, and subvert attempts to collaborate and ensure that we all remain in this together.
Worse national security concerns might motivate governments to scheme against each other. I listen to a podcast produced by CBS News called Intelligence Matters. They recently had an episode on potential national security impacts of this crisis that I enjoyed:
Part of what this podcast episodes emphasizes is that governments may see opportunity amidst the chaos of this crisis. If strategic advantages are possible, they will be pursued. To what extent does that undermine or threaten global collaborative efforts?
The following NY Times article touches upon the broader activities of intelligence agencies around the world:
The warning comes as Israeli officials accuse Iran of mounting an effort in late April to cripple water supplies as Israelis were confined to their houses, though the government has offered no evidence to back its claim. More than a dozen countries have redeployed military and intelligence hackers to glean whatever they can about other nations’ virus responses. Even American allies like South Korea and nations that do not typically stand out for their cyberabilities, like Vietnam, have suddenly redirected their state-run hackers to focus on virus-related information, according to private security firms.
While the actions of intelligence agencies tend to remain beyond public scrutiny, I think there’s excellent reason why this merits the public’s attention. The last thing we need is to have this pandemic prolonged due to the silly spy vs spy dynamics, when the public would almost certainly prefer collaboration and results.
Yet the problem with spy vs spy is that it feeds upon itself. One action justifies the next. Fostering the perception that if you must do to them what they might do to you. Undermining attempts to work together and share solutions and success.
The coronavirus has created whole new classes of targets. In recent weeks, Vietnamese hackers have directed their campaigns against Chinese government officials running point on the virus, according to cybersecurity experts.
South Korean hackers have taken aim at the World Health Organization and officials in North Korea, Japan and the United States. The attacks appeared to be attempts to compromise email accounts, most likely as part of a broad effort to gather intelligence on virus containment and treatment, according to two security experts for private firms who said they were not authorized to speak publicly. If so, the moves suggest that even allies are suspicious of official government accounting of cases and deaths around the world.
In interviews with a dozen current and former government officials and cybersecurity experts over the past month, many described a “free-for-all” that has spread even to countries with only rudimentary cyberability.
“This is a global pandemic, but unfortunately countries are not treating it as a global problem,” said Justin Fier, a former national security intelligence analyst who is now the director of cyberintelligence at Darktrace, a cybersecurity firm. “Everyone is conducting widespread intelligence gathering — on pharmaceutical research, PPE orders, response — to see who is making progress.”
Would some of these concerns be mitigated or avoided if this research and development was transparent in the first place? Would an open source approach to this virus be more efficient and make espionage unnecessary?
The alternative is that all this talk about spies and threats may cause governments and researchers to be unnecessarily secretive about research that should be fundamentally open and public.
“The potential theft of this information jeopardizes the delivery of secure, effective and efficient treatment options.”
The joint statement from the Canadian intelligence agencies follows an alert the CSE put out in March warning about potential online attacks against the Canadian health sector, including research facilities.
“These actors may attempt to gain intelligence on COVID-19 response efforts and potential political responses to the crisis or to steal ongoing key research towards a vaccine or other medical remedies,” it warned.
Why would research towards a vaccine or treatment be secretive? Why would its theft be something we should concern ourselves with? Why would we not make such knowledge freely available?
Is it because we want to profit from that knowledge? Is it because we want that knowledge before other countries? Do we want to prevent other countries from preventing or treating their residents?
There’s a logic here that I clearly don’t share, that motivates the actions of our respective intelligence agencies.
Which is why it reminds me of Mad Magazine and Spy vs Spy.