Advertisements

US-Russian Cybersecurity: Espionage at Home and Afar

The US and several multinational organizatons have a focus on cybersecurity and spying, and so it falls to whistleblowers to expose them.

Advertisements

By Joshua D. Glawson | United States

Ever since the creation of the internet, people have constantly been concerned with hacking, privacy, security on and offline, protection from malware and viruses, etc. This is what gave way to many industries being started, revolving and evolving alongside the internet and its continual development. According to the Merriam-Webster Dictionary, cybersecurity is the measure taken to protect a computer, or computer system, on the internet against unauthorized access or attack. In the US, and among many countries in the world, cybersecurity drastically changed post 9/11 due to supposed worry for further terrorist attacks on the US and respective countries. These changes threw out Liberty in the name of protectionism, and have changed national and international relations, especially when dealing with cybersecurity.

After the attacks on September 11th, 2001, in the US, the USA PATRIOT Act, also known simply as the “Patriot Act,” was passed on October 26th, 2001.The acronym stands for “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.” As pertaining to cybersecurity, Title VIII of the Patriot Act granted the US government the ability to essentially spy on civilians within the US who were showing signs of possible terrorism, cyberterrorism, racketeering, etc., via communication through the internet on computers and phones.

However, the National Security Agency (NSA) who headed the Patriot Act program, also collected metadata from everyone within the US. According to the NSA, their “role in U.S. cybersecurity includes its primary information assurance mission: serving as the National Manager for National Security Systems. National Security Systems include U.S. systems that contain classified information or are otherwise critical to U.S. military or intelligence missions.” The NSA also uses a system known as PRISM, also known as SIGAD, which collects internet communications from various U.S. internet companies rather than directly from the targeted individuals. Laws allowing such software are easily passed since many in the US feel it is okay to monitor, regulate, and collect information and data from companies.

Nevertheless, the Patriot Act failed miserably to thwart terrorist acts and hacking in cyberspace, but it successfully helped to usher in a constant police state of government surveillance and the collection of digital information over the web. Without NSA whistleblowers such as Perry Fellwock, Russ Tice, Mark Klein, William Binney, Thomas Tamm, Thomas Drake, Edward Snowden, and others, much of this overreach of government would have continued unknown by the masses, and many of the Patriot Act’s policies would have continued without interruptions. But despite their heroism, the police state via cybersecurity and spying continues within the US and the world.

We know it is an overreach of US government as Title II of the Patriot Act allowed mass surveillance and collection of information without a warrant or specified reasons for individuals, thus an infringement on the US Constitution’s 4th Amendment which stipulates that it is, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Additionally, former US President, George W. Bush, also passed the Protect America Act which was an amendment on FISA to also allow warrant-less searches and surveillance on digital platforms. These warrant-less and unrelenting search additions have been extended to at least December 31st, 2023, under FISA Article VII, section 702. Yet, under the ruse of ‘protection,’ government has trampled the Constitution in order to increase cybersecurity within the US and the world.

Once the Patriot Act expired in 2015, the USA FREEDOM Act was implemented. It is also an acronym meaning Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act. Also known simply as “the Freedom Act,” it was really an extension of the Patriot Act, but the public image was perceived as a little less Big Brother since supposedly metadata collected was only stored for six months as opposed to indefinitely. Still yet, the Foreign Intelligence Surveillance Act of 1978 underlies both the Patriot Act and Freedom Act, granting permission to the US government to physically and electronically spy on foreign powers within the US and out, as well as any agents of foreign powers; after the development of the internet, these measures now include the careful watch through cybersecurity.

Of course, prior to the Patriot Act and Freedom Act, there have been US and world organizations such as ECHELON, also known as the Five Eyes abbreviated as ‘FVEY,’ which most likely started around 1941. This is an intelligence alliance between the US, Australia, Canada, United Kingdom, and New Zealand. This agency collects information of people all over the world as a response to a post-WWII world, when these countries had an unofficial and secret agreement known as the BRUSA Agreement in 1943, and officially signed under the UKUSA Agreement in 1946.

According to many documents released by Edward Snowden, “The Five Eyes is a supra-national intelligence organization that does not answer to the known laws of its own countries,” and since it is outside countries spying on citizens of other countries, they are able to step around regulations and restrictions, as the organization acts outside of the law. Included in their acquisition of information, via the internet through smartphones and computers, cybersecurity is a key component, especially in the world we live in today which almost requires communication through the internet. Suffice it to say, whether the US or other governments publicly announce that they are taking measures of spying and various acts of cybersecurity, they have been and will continue to do so off the record.

The ongoing record keeping through spying via cybersecurity is performed not only by the NSA and the Five Eyes, but also through the Defense Intelligence Agency (DIA), Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and the Department of Homeland Security (DHS) to name a few. While the DIA focuses on federal level defense and military topics, the CIA focuses on more general intelligence needs of the President. This grants the DIA more special privileges to assist the Secretary of Defense, the Joint Chiefs of Staff, and Combatant Commanders, to act outside of normal protocol. The DIA works directly with the Five Eyes through their own network known as “Stone Ghost,” with the same aforementioned countries, furthering the perpetual international collection of information in the name of security.

In May of 2011, the White House released the “International Strategy for Cyberspace: Prosperity, Security and Openness in a Networked World.” This was an Obama White House cybersecurity policy stating the following:

 “Natural disasters, accidents, or sabotage can disrupt cables, servers, and wireless networks on U.S. soil and beyond. Technical challenges can be equally disruptive, as one country’s method for blocking a website can cascade into a much larger, international network disruption. Extortion, fraud, identity theft, and child exploitation can threaten users’ confidence in online commerce, social networks and even their personal safety. The theft of intellectual property threatens national competitiveness and the innovation that drives it. . . . Cybersecurity threats can even endanger international peace and security more broadly, as traditional forms of conflict are extended into cyberspace.”

In February of 2013, “The Foreign Policy Concept of the Russian Federation,” approved by the President of the Russian Federation, Vladimir Putin, released his version of cybersecurity policy stating the following:

Russia will act according to its national interests in providing national and international information security, preventing political, economic and social security threats emerging in cyberspace, to fight terrorist and other criminal kinds of criminal activity. Russia opposes military-political use of information technologies that contradict international law, including actions aimed at interference in domestic affairs, as well as that kind of using IT that pose threat to international peace, security and stability.”

However, by April of 2013, The Center for International and Security Studies at Maryland addressed ongoing US-Russian cybersecurity relations that seemed to be building conflict between the two countries. For a few years prior, Russia had been accused of cyberattacks around the world, especially on the US. Of course, the US’ cybersecurity is primarily concerned with the US and its closest allies, especially those of the Five Eyes and North Atlantic Treaty Organization (NATO).

NATO’s cybersecurity programs were born out of the concerns of NATO members who accused Russia of being complicit in cyberattacks on their critical infrastructures years prior. In response to these eventually dismissed allegations, Russia led efforts to adopt international collective cybersecurity measures in Shanghai’s Cooperation Organization and with the Collective Security Treaty Organization. Furthermore, Russia also initiated a discussion about a “Convention on International Information Security,” which would help detect the basic threats to international information security and confirm threats.

This School of Public Policy at the University of Maryland report summarized the issues and US-Russia cybersecurity relations as follows:

“Threats to cyberspace and to information security are emerging as central elements of Russian-U.S. security relations. As much as U.S. officials have expressed concerns about Russian-sponsored cyber-activities, Russia is equally concerned about U.S. military intentions in the cyber domain. Differing definitions of what activities pose a threat complicates relations on this issue. While the United States is concerned primarily with threats to technology and economic well-being, Russia is also concerned about activities that threaten interference in Russian sovereign affairs. Russian concerns have been heightened by repeated U.S. rebuffs on draft U.N. resolutions to address some threats. U.S. and NATO pronouncements about the need for collective defense against cyberattacks have raised similar concerns. Ongoing Russian-U.S. cooperation at the highest level demonstrates that the states recognize the common interests at stake, but officials will have to work on a mutually beneficial basis to make any level of cooperation work.”

In June of 2013, under the Obama administration in contractual agreement with Russian President Putin, the two countries signed a cybersecurity agreement. The Obama White House released the following statements:

Recognizing the extraordinary growth in the use of information and communications technologies (ICTs), the United States and the Russian Federation have engaged in dialogue over the past two years on international security in this new and crucial area.  Our two nations now are leading the way in extending traditional transparency and confidence-building measures to reduce the mutual danger we face from cyber threats.” “The United States and the Russian Federation are creating a new working group, under the auspices of the Bilateral Presidential Commission, dedicated to assessing emerging ICT threats and proposing concrete joint measures to address them.” “The United States and the Russian Federation have also concluded a range of steps designed to increase transparency and reduce the possibility that a misunderstood cyber incident could create instability or a crisis in our bilateral relationship.  Taken together, they represent important progress by our two nations to build confidence and strengthen our relations in cyberspace; expand our shared understanding of threats appearing to emanate from each other’s territory; and prevent unnecessary escalation of ICT security incidents.”

In 2014, US Secretary of the State, John Kerry, released a statement that included specified goals of the US’ cybersecurity platform entitled “Pillars of The International Strategy for Cyberspace.” The policy added promoting norms and building international security, fighting cybercrime, strengthening internet public policy and internet governance, supporting internet freedom, performing internet due diligence, and developing the Internet and Information and Communication Technologies (ICTs) for economic growth. The official US policy contained the following statement:

“The Secretary’s Office of the Coordinator for Cyber Issues works to implement the International Strategy for Cyberspace, which outlines the U.S. vision for the future of cyberspace, and sets the agenda for partnering with other nations and peoples to realize it. As described in the International Strategy, the United States seeks a cyberspace environment that rewards innovation, empowers individuals, strengthens communities, builds better governments, expands accountability, safeguards fundamental freedoms, enhances personal privacy, and strengthens national and international security.”

In May of 2018, the DHS released their latest in cybersecurity policies including seven guiding principle- Risk Prioritization, Cost-effectiveness, Innovation and Agility, Collaboration, Global Approach, Balanced Equities, and National Values. The policy went on, stating the following:

Through our efforts to accomplish seven identified goals across these five pillars, we work to ensure the availability of critical national functions and to foster efficiency, innovation, trustworthy communication, and economic prosperity in ways consistent with our national values and that protect privacy and civil liberties.”

            The DHS cybersecurity policy of 2018 includes five pillars and seven goals.

  • Pillar I – Risk Identification

Goal 1: Assess Evolving Cybersecurity Risks.

We will understand the evolving national cybersecurity risk posture to inform and prioritize risk management activities.

  • Pillar II – Vulnerability Reduction

Goal 2: Protect Federal Government Information Systems.

We will reduce vulnerabilities of federal agencies to ensure they achieve an adequate level of cybersecurity.

Goal 3: Protect Critical Infrastructure.

We will partner with key stakeholders to ensure that national cybersecurity risks are adequately managed.

  • Pillar III – Threat Reduction

Goal 4: Prevent and Disrupt Criminal Use of Cyberspace.

We will reduce cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.

  • Pillar IV – Consequence Mitigation

Goal 5: Respond Effectively to Cyber Incidents.

We will minimize consequences from potentially significant cyber incidents through coordinated community-wide response efforts.

  • Pillar V – Enable Cybersecurity Outcomes

Goal 6: Strengthen the Security and Reliability of the Cyber Ecosystem.

We will support policies and activities that enable improved global cybersecurity risk management.

Goal 7: Improve Management of DHS Cybersecurity Activities.

We will execute our departmental cybersecurity efforts in an integrated and prioritized way.

 

Despite all of these policies, departments spying nationally and internationally, software for constant watch in cyberspace, during the 2016 US Presidential elections, it has been stated by the US government that Russia mingled in the election process, hacked the Democratic Party’s (DNC) servers and computers, including Hillary Clinton’s emails, and many believe they possibly got Trump elected as US President. However, the official report claims that no tampering with the vote count took place. On July 13th, 2018, twelve Russian agents were indicted as being the conspirators and hackers. This group worked with Russian Federation’s Main Intelligence Directorate of the General Staff, also known as GRU.

On July 16th, 2018, Trump met with Putin and they discussed a number of things including Trump questioning Putin if Russia committed those acts, to which Putin denied. Trump and Putin went on to assert that they both believe their countries should work together to ensure cybersecurity for both countries and the world. Yet, due to the supposed hacking and mingling in the election process, many in US Congress have said that Trump’s offer to work with Russia and Putin is near treasonous and wrong.

However, as stated earlier, during Obama’s administration the Russians had been accused of supposedly committing cyberattacks and cyberterrorism in the US and other countries, Obama also met with Putin, and the two countries signed agreements to work with one another in cybersecurity. The contradictions and hypocrisy of Congress and those in the media is just as perplexing as the amount of cybersecurity the US and Russia already have, and yet these supposed acts of cyberattacks and hacking continue. This is not a statement in support of Trump, rather, things do not add up.

During the 2016 US Presidential Campaign, it was stated by Trump repeatedly that Hillary Clinton had rid her computers and servers of thousands of emails that included illegal activities by Clinton. If Clinton caused the problem with the servers and emails, the federal government or Congress would not want that information out because it would jeopardize the legitimacy of the government and the DNC. If Trump colluded with the Russians to gain election, it would undermine the election process, while also questioning the legitimacy of Justice within the government.

Also, if Trump advocated for the hacking of the DNC in order to gain private or secure information on Clinton, it undermines legal processes and the cybersecurity of the US. Both accounts would call into question the cyber capabilities of the US government. The best case scenario for the federal government is to point to outside countries rather than internal. If Trump says he does not believe Putin or that he does believe the tampering occurred, this puts Trump at a more trustworthy stance with the US and world than that of Putin and Russia. Equally, Trump agreeing that the Russians did perform the attacks and hacks would give his former running opponent, Hillary Clinton, a means to save face. In the end, all of this may be evidence of faux diplomacy more than actual cyber threats.

As for the ongoing spying, hacking, and watch of the US government, the Five Eyes, Russia, and others, via cybersecurity, there is not much that can be done at this point, until politicians and the civilians of these countries begin making changes. Although the US and Russia have signed cybersecurity agreements, it does not seem to be helping or it is all a ruse. Until changes have been made, it is good that whistleblowers like Snowden and others are willing to risk everything to point out the wrong being done by governments, and it behooves every individual to protect themselves in cyberspace.


To support 71 Republic, please donate to our Patreon, which you can find here.

Featured Image Source

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Advertisements
%d bloggers like this: