Cyber security grabs headlines when something big happens, like last year’s Google-China flap, but it’s one of those topics that dissipates. That’s perhaps because a “cyber war” is hard to imagine — typing on keyboards doesn’t have the visual clarity of tanks maneuvering into position.
However, it’s important to not equate a lack of mainstream attention with a reduced threat. That’s why we’ll be checking in from time to time with Jeffrey Carr, author of “Inside Cyber Warfare” and CEO of Taia Global. He’ll key us in to the important cyber security trends he’s monitoring.
The first interview, posted below, focuses on the rise of formal arrangements between governments and hackers.
Jeffrey Carr: We’re going to see a trend in 2011 — maybe longer — of governments enlisting civilians as part of an organized cyber militia.
There’s information about Estonia doing this. Also, late last year an official Iranian newspaper said the Iranian paramilitary corps may recruit hackers to conduct a “soft war” in cyberspace. Iran already has a lot of active hacker groups, and I think they’re simply formalizing a relationship. I wrote about this recently.
Countries like Russia and China use hackers and other civilian resources, but they do it in a covert way. Iran and Estonia are being open about it.
Other countries get ideas when a government like Estonia’s, which you wouldn’t suspect of doing illegal things with their civilian hackers, says they’re going this route. The upside — and the reason why Estonia and Iran are engaging in these activities — is because it’s an economical way to tap a great pool of talent. You don’t have to reinvent the wheel to create a cyber defense.
The same topic pops up in U.S. debates almost every year. The people in favor of government-hacker programs sometimes refer to a Letter of Marque, which historically allowed governments to enlist private vessels &mdsash; and pirates — in exchange for immunity from prosecution.
But I think it’s going to be a long time before we see government-hacker relationships in the U.S. because the Department of Defense is likely averse to this type of thing. There are models that could serve as potential examples, like the civilian Coast Guard Auxiliary, but the big difference between something like that and what you’re seeing in Estonia is that Estonia is saying “It’s part of our government, and we’re doing it.”
This interview was edited and condensed.