America went a bit mental over the revelation that Russian hackers diddled with its presidential election. Business Reporter’s resident U.S. blogger Keil Hubert argues that everyone should have expected the hack, because (a) such antics are utterly mundane for modern spies and (b) a bunch of leaked emails are trivial compared to the kind of lethal espionage that the Eastern and Western powers used to get up to.
As if we didn’t have enough things to fret about… Ever since the closing days of the 2016 U.S. Presidential Election, our newscasters and pundits have all been clutching their metaphorical pearls over the ‘shocking revelation’ that Russian hackers broke into American information systems in order to sway the vote. If you’re not fully up to speed on the details (and it’s quite all right if you’re not), The Atlantic’s Kathy Gilsinan and Krishnadev Calamur put together a very nice FAQ about the kerfuffle that you can consume in five minutes – and it doesn’t require a computer science degree to understand. The opening line in the first paragraph of their piece sets the tone for the rest of it:
‘Intelligence officials have leaked word to NBC and ABC that Russian President Vladimir Putin was “personally involved” in cyber attacks aimed at interfering with the United States presidential election.’
So there you have it. Professional Russian cyber operations personnel engaged in… er… cyber operations against a rival nation state in order to sow a little chaos and hopefully influence the target’s affairs to their own long-term strategic advantage. Which is… exactly what nation states do to one another all the bloody time. This is as routine as breathing, so what’s with all the outrage?
To be clear, I’m not condoning illegal hacking. That would be a bit hypocritical coming from an IT professional. I’m also not endorsing espionage, but it’s not like I have any say in the matter. Neither outgoing President Obama nor incoming President Trump have ever consulted with me over how best to conduct foreign policy. I’d be willing to bet a fiver that neither of them read my column, either (I’m sure they have interns for that).
Realistically, it’s not up to the general public whether or not nations spy on one another. They do. Constantly. Looking at this subject from the perspective of a retired military officer, spying on your neighbours, rivals and adversaries is a smart use of resources. Nation states’ spies are always trying to steal secrets from one another. Sometimes they get a little bored – or get motivated by geopolitical, economic or military events – and decide to mess with one another. It’s hardly a surprise that Russian spies messed around a bit in our last election. What would be surprising is if they didn’t. Why let all that embarrassing evidence of a dysfunctional and inefficient system go to waste?
I’m not trying to be blasé about this. The hack happened, and it made the U.S. elections a smidge uglier in an already horribly ugly process. I suspect that the Democratic National Committee email leaks didn’t influence the Electoral College vote enough to matter mathematically. There were a bunch of other forces at work in the 2016 election, some of which couldn’t be stopped by anything short of an alien invasion. Did the DNS email leaks help sway a few thousand regular voters? Probably, yes. That was almost certainly an incidental byproduct, and a thousand votes scattered across tens of millions didn’t influence the outcome at all. Again, why the big fuss?
I have a working theory for that, and it has to do with how fickle collective memory is. It’s crucial to remember that we’ve reached a point in history where more than half of the people of voting age have no personal recollection of the Cold War (1946-1990). Think about that: the person closest to you right now probably has no direct memory of how insanely screwed the entire world was for half a century. It’s a historical abstraction for them, like the American Revolution, Prohibition or disco.
The very notion that the world’s major powers are constantly spying on (and actively messing with!) one another must seem to these younger voters like a cheap trope from adventure fiction. We’re 15 years into the so-called ‘War on Terror’ – an aberrant historical period where the baddies are framed (accurately) as hyper-violent criminals, not as rational nation state actors. Our popular culture artefacts now predominantly revolve around stories where heroes thwart violent psychopaths instead of their foreign analogues.
Go back a few decades and the zeitgeist was considerably different. In 1967, for example, the Cold War dominated every aspect of global pop culture. Sure, there were diversions in film, theatre and consumer culture, but the spectre of imminent global thermonuclear annihilation and ideology-driven total war were omnipresent. The U.S. and the Soviet Union were rapidly escalating a proxy war in Vietnam that had already been building for ten years.
If you want to complain about ‘meddling in other nation’s elections’, consider that in 1963, the U.S. Central Intelligence Agency covertly encouraged a group of senior South Vietnamese military officers to overthrow and murder their elected head of state, President Ngô Đình Diệm, in order to ensure that South Vietnam took a tougher stance opposing communist-aligned North Vietnam. That’s horrifying, and it barely registered with American society. The existential ideological battle between East and West somehow excused a staggering range of illegal and immoral activities. By way of comparison, how does the hack of a poorly-secured email server compare to the murder of a sitting head of state?
At the same time that the Vietnam proxy war was intensifying, United Artists made a stunning $77 million (£63 million) in profits off of the movie adaptation of Ian Fleming’s spy thriller From Russia with Love. In both the book and the movie, British super-spy James Bond was tasked to steal a Soviet communications decoding device. The ‘defector’ offering the device to the West was a pawn in an elaborate trap designed to compromise and kill Bond. Readers and moviegoers had no trouble whatsoever believing the story’s essential premise. Sure, the action sequences were exaggerated for entertainment’s sake. The core idea behind the book, though, was perfectly plausible. Of course the rival nation states were constantly spying on one another. Of course the Western and Eastern powers were concocting complicated and insidious plans to disrupt one another’s political, economic and military activities. Of course each nation’s spies were prepared to murder one another at the drop of a hat in order to achieve their objectives. This was simply how things were done.
This not only made sense to general public, it also met with popular approval. Remember that World War II had ended less than two decades prior. The adults consuming Fleming’s works vividly remembered the war’s horrors… including the firebombing of cities, the debut of civilisation-obliterating atomic weapons and more than 85 million war-related deaths worldwide. A few spies savagely stabbing one another on a train was a far preferable alternative to starting another all-encompassing global conflict that would probably end up killing all of humanity.
To be fair to our parents, it’s not that people weren’t necessarily outraged by spies’ activities. Rather, for many of them it was a matter of relative impact. Historical abstraction makes it naturally difficult for modern adults to comprehend the public outrage and gripping dread that resonated in the zeitgeist when double agents like Kim Philby, Aldrich Aimes and Robert Hansen were unmasked and suddenly the entire balance of power shifted from a cautious balance to granting one side enough of an advantage to justify an attack. One low-level spy compromising another in an out-of-the-way foreign locale was trivial when compared to high-level moles and operatives that threatened to give one side or the other enough of a strategic advantage to launch an invasion or initiate a nuclear first-strike.
These days, we’ve largely lost that sense of pervasive existential dread. When the Soviet Union broke up in 1990, popular culture couldn’t get much play out of Cold War themes and villains. James Bond himself started shifting focus to take on criminal organisations and ‘terrorists’. Most everyone understood intellectually that our nations all still employed spies, but the stakes seemed to be lower. The world seemed to be normalizing. International tensions seemed to be dissipating. We had a decade of relative stability – everyone on Earth seemed to want to forget the Cold War. I get that.
The thing is, the end of active hostilities between the great nations never actually stopped spies from spying. Nations’ competitiveness and constant hunger for stealing a strategic advantage never waned. If anything, the arrival of the commercial global internet made it more convenient than ever before for nations to mess with one another without having to put spies in knife-fighting range of one another.
As the recent Edward Snowden affair revealed, the modern great powers are engaged in more spying now than had ever been possible before. The various spy agencies are up to all sorts of shenanigans – some legal, some very much illegal – under the vague pretence of ‘keeping the people safe’. It’s the same old game, just played on a different game board. Instead of James Bond flying to Istanbul to steal a mechanical decoder, the next Bond film could feature Bond supervising a group of £500-an-hour consultants to craft a believable spear phishing message in order to trick a Russian executive into bypassing Gazprom’s anti-malware defences. It’s still ‘spying’, but it isn’t exciting. There’s no gunplay or seduction, just lots and lots of staring at cheap laptops.
I think that’s why people are so wound up over the recent Russian covert operation against the DNC’s information systems. That was a perfectly routine covert operation run by a national spy agency. It wasn’t particularly destructive. No one got killed. It caused a lot of public consternation when it was revealed, but… honestly, it just wasn’t a big deal. Really, it was just one more crazy story that was amplified all out of proportion like everything else that happened during the deranged circus that was the American election.
Strangely, there was very little public outrage ten months ago when Su Bin, a Chinese citizen, pleaded guilty in a California court to providing the Chinese military with construction plans for U.S. combat aircraft – including the F-22 Raptor and the F-35 Lighting II. Mr Bin’s espionage could allow the PRC to build more effective stealth aircraft, potentially emboldening China’s leaders to initiate a military attack on a rival nation. In a worst-case scenario, tens of thousands of innocent people could die as an indirect result of Bin’s spying. [1] By way of comparison, the DNC hack only cost a few people their jobs… and isn’t likely to ever get anyone killed. On a general scale of ‘meh’ to ‘global thermonuclear war’, the Russian DNC hack barely moves the needle off of ‘meh’, whereas Bin’s was… potentially substantial. And yet the reactions to the two hacks were wildly different.
I’m not saying that I approve of these sorts of activities in the abstract. Espionage and covert operations are dirty business. On the other hand, they’re also well-established and inescapable elements of national politics. Put bluntly, governments are going to spy on one another. It’s what they do. They’re also going to spy on anyone – including corporations, universities, charities and NGOs – that might somehow affect the global strategic balance. That means us. This is the world we live in, and has been for as long as we’ve had nation states.
That being said, the fact that some agency somewhere is inevitably going to want to take a quick shufti around our sensitive company information doesn’t that we have to make it easy for the spies – ours or anyone else’s. Protect your proprietary information. Harden your defences. Educate your users and hold them accountable for their actions. Keep a sharp eye out for potential intruders. Depending on your budget, you may not be capable of holding a vast, state-sponsored intelligence agency at bay, but you can damned sure make the spies earn their pay cheques by making it as difficult as possible for them to get what they want. The more we harden our organisations’ information systems against professional, supremely well-funded state actors, the better we’ll all be positioned to fend off simple cyber criminals.
Just don’t make a bigger deal out of getting hacked by a non-criminal that it deserves. Having to clean up after a breach is annoying and expensive, but it’s a lot less traumatic than burying the innocent bystanders. Compared to how our nations used to play their bloody zero-sum games with one another, the struggle on the hacker front is a welcome relief.
[1] It’s far more likely that the Chinese will use the purloined information to reduce the development cost of new weapons, both for domestic use and for export. Complex economic interdependency is a great technique for reducing the probability of armed conflict.
Title Allusion: Ian Fleming, From Russia with Love (1957 book and 1963 Film)
POC is Keil Hubert, keil.hubert@gmail.com
Follow him on Twitter at @keilhubert.
You can buy his books on IT leadership, IT interviewing, horrible bosses and understanding workplace culture at the Amazon Kindle Store.
Keil Hubert is a retired U.S. Air Force ‘Cyberspace Operations’ officer, with over ten years of military command experience. He currently consults on business, security and technology issues in Texas. He’s built dot-com start-ups for KPMG Consulting, created an in-house consulting practice for Yahoo!, and helped to launch four small businesses (including his own).
Keil’s experience creating and leading IT teams in the defense, healthcare, media, government and non-profit sectors has afforded him an eclectic perspective on the integration of business needs, technical services and creative employee development… This serves him well as Business Technology’s resident U.S. blogger.
