The internet has given the world many new things, including a new theatre of war. Attacks, defense and counter-attacks take place in cyberspace as much as they do on land, in the air, and at sea. So, in defense of national security, is it okay for a government to hack? Is it okay, for example for the US government to hack, but not okay for the North Korean government, or the Chinese government? And can we trust that the actions of governments and their agencies in relation to hacking are really in the best interests of their citizens?
These are the questions that Mike Walls attempts to answer a blog on the website Dark Reading. In “Why The USA Hacks” he says he believes the motivation behind the actions of the United States are honorable, although they have made mistakes. What makes them honorable is national defense.
Walls’ knowledge of the subject comes from his time as a captain in the US Navy, and his current role as managing director of security operations at EdgeWave.
He acknowledges that revelations by the whistle blower Edward Snowden have cast a shadow on some of US agencies, particularly the NSA. But he believes the motivation is right, and that there are sufficient limits and checks in place in the systems.
“…I am steadfast in my belief that U.S. cyber operations are focused solely on national defense and that those operations do not include the exploitation of information for economic or financial gain,” he said.
This article is part of a series where Walls looks at the hacking motivations of other nations who are active in cyberspace. If he believes the US is driven by national security concerns, what about the other countries. He believes Russia hacks for financial gain. China has similar motivations but it is also trying to increase its influence in the world. The same applies to Iran, while North Korea is just trying to get its voice heard. The only country he puts on a level with the US is Israel – hacking in the name of national defense.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”