The cyber security e-mail lists, Twitter streams, Facebook messages and chat circuits were abuzz today over a new report released from the Brookings Institution. This piece, titled “Pirates of the ISPs: Tactics for Turning Online Crooks into International Pariahs,” was authored by Noah Shachtman. Noah is a Fellow at the Brookings Institution 21st Century Initiative. Many of us in the tech community also know him well from his many contributions as an editor of Wired magazine and his constant quality work on Wired’s national security blog, Danger Room.
For years Noah has been a solid writer and a frequent contributor to strategic dialog. After his latest piece of research I believe he has graduated to a new high. He is now not only a writer, but an accomplished national security planner and perhaps one of the great architects of the future of Western civilization.
Only time will tell if that is a true statement, of course. But for now I encourage you to dive into his latest piece yourself and form your own opinions.
The central problem he deals with in this report is the critical threat of cyber theft. The most dangerous threat in cyberspace might be the threat of massive cyber attack against infrastructures, but that is not a likely one. The most likely threat, the one that is occurring with 100% certainty, is the theft of intellectual property. Crime like this hurts our economy and helps the economies of adversaries. And our nation has been trying ideas to stop it for decades. Noah reviewed many of the ideas we have tried and some that might have been talked about but never tried, and then added a touch of his own genius and a succinct articulation of a vision. He then shows a clear path ahead for implementing the vision in a way that makes me think we make progress against the massive threat of cyber espionage.
I’m going to recommend you read every word of his piece and will give you a link below, but here is a short summary so you can get a feel for its potential relevance:
Executive Summary: At the beginning of the 19th century, piracy was an ongoing threat and an accepted military tactic. By the end of the century, it was taboo, occurring solely off the shores of failed states and minor powers. The practice of hijacking did not vanish entirely, of course; it is flourishing now on the world’s computer networks, costing companies and consumers countless billions of dollars.
Cybercrime today seems like a nearly insoluble problem, much like piracy was centuries ago. There are steps, however, that can be taken to curb cybercrime’s growth—and perhaps begin to marginalize the people behind it. Some of the methods used to sideline piracy provide a useful, if incomplete, template for how to get it done. Shutting down the markets for stolen treasure cut off the pirates’ financial lifeblood; similar pushes could be made against the companies that support online criminals. Piracy was eventually brought to heel when nations took responsibility for what went on within its borders. Based on this precedent, cybercrime will only begin to be curbed when greater authority—and accountability—is exercised over the networks that form the sea on which these modern pirates sail.
I wonder, maybe I have been too flattering of the ideas in this report. Perhaps like many other optimists I have been searching for so long for solutions that I am being too easily convinced that this is the path forward. And I know that even if Western society adopts all the recommendations of Noah’s work that global harmony will not just arise overnight. There is at least a chance he is being nieve when it comes to foreign policy, especially when dealing with Kleptocracies. But I have to say that Noah’s arguments are far better articulated than the policies I have been coming out of many corners of government and from most other think tanks and from most other security writers.
I had a chance to ask Noah two questions about his work. Here is are his responses:
Q: Noah imagine you have one minute in an elevator with the Secretary of Homeland Security and you decide to tell her about your study. What do you want her to take away from the conversation?
I’d let Napolitano know that this isn’t exactly a government problem to solve. The internet is basically a collection of businesses – carrier networks and ISPs. They’re the ones who really run the internet. And if you give them an incentive to stop doing business with the small collection of firms that underpin the online criminal underground, the crooks are screwed.
Q: Now imagine you get one minute with my dear old uncle out in Anytown USA. He is a big computer user but feels defenseless against all this cyber crime. What should he know about your study?
I’d tell him to be careful — like, really, really careful. Individual consumers have become ridiculously easy to compromise. Crooks are now charging $7 to infect 1,000 computers – that’s how rudimentary it’s become.
But there’s help on the way. There’s been a ton of smart writing on cybersecurity in the last 12 months of so. (Tyler Moore at Harvard and Jeff Cooper at SAIC are two particular standouts.) And all that smart work is having an effect. Yeah, the old coots at the top are still carping about digital Pearl Harbors. But the smart guys in government and in business see that crime and espionage are the real issues – and are trying to take real steps to clamp down.
I appreciate Noah for his answers to those questions for the blog here and for the work and thinking in his report. For more please see: “Pirates of the ISPs: Tactics for Turning Online Crooks into International Pariahs”