An Internet Border Wall

While adversaries police their internet borders, we put out a welcome mat for friend and foe alike.

Internet

When approaching a national frontier, one usually finds a set of checkpoints – one for each nation, on either side of the demarcation point – to regulate traffic.

There are still some places (mainly in Europe) where there are no checkpoints on either side, but it would seem quite odd to encounter a border where one nation has strict controls on what moves in and out of the country, while the neighbor simply puts out a welcome mat. Yet this is how today’s internet increasingly works.

The United States is the country with the welcome mat, and we are discovering that unilateral hospitality comes at a high price. The Wall Street Journal reported last week on a vast Chinese cyberespionage attack on American (and undoubtedly other nations’) corporate data stored on commercial cloud services. Dubbed Cloud Hopper, the apparently state-sponsored operation was publicly disclosed in a limited way in 2016, when two Chinese nationals were indicted. (They are believed to be living in freedom in China.) The Journal article disclosed that the operation’s scope was far larger than has been previously reported, however. Authorities are not certain it has been stopped even today. The Journal cited data provided by the firm SecurityScorecard that indicated thousands of IP addresses around the world continued to report back to the hackers’ network as recently as November.

While Chinese data sits in comparative safety – and China’s people sit in comparative ignorance of facts contradicting the Communist Party line – behind that nation’s Great Firewall, large teams of government-supported hackers or contractors work to strategically target Western government and commercial data. Security firms have been tracking the group behind Cloud Hopper for more than a decade, the Journal noted. Unlike the criminals who operate in Russia and other former Soviet states, the Chinese are typically not motivated by short-term profit, but rather by long-term strategic objectives. This is nothing new, but reports of operations like Cloud Hopper throw it into newly stark relief.

A massive hack of the federal Office of Personnel Management continued for several years in the mid-2010s. The attack compromised sensitive personal information that was gathered in many cases during security clearance background checks. This has provided Chinese intelligence services with a trove of information they can use for blackmail, as well as other espionage and foreign-policy purposes, whenever they feel the need. The Chinese have also exploited computer vulnerabilities to target activists in Hong Kong and Tibet, and other dissidents abroad.

While Americans have spent the past few years obsessing about Russian meddling in our elections – an activity that, thus far, has had little if any discernible effect on election results, other than to provide fodder for partisan political grist mills – the economic assaults from that corner of the world are escalating in cost and disruption. Prior activity focused on gathering individuals’ financial account records and other personal data for use in financial frauds and for sale on the so-called darknet. Now the targets are frequently state and local government agencies, and major institutions such as hospitals, whose systems face ransomware attacks. The attackers themselves are almost never brought to justice by the lackadaisical and often corrupt law enforcement of their home countries. In any event, Russia does not extradite its citizens.

Notably, the Russians themselves recently tested a system to isolate their internet behind a national firewall, similar to the Chinese approach. This step would protect them from U.S. and other Western cyberattacks and espionage. We have such capabilities ourselves and have been known to use them – notably (and reportedly in collaboration with Israel) to disrupt Iran’s nuclear program. Iran and North Korea both severely restrict internet traffic coming into their borders, and both have mounted cyberattacks externally. The North Koreans are believed to be responsible for the theft and disclosure of Sony Pictures emails several years ago. They also may be part of the wave of global ransomware attacks, in a bid to evade international sanctions and generate hard currency.

The early dream of an open internet that promotes freedom, democracy and independent thought is not dead. It lives in places that offer a hospitable environment for it. But it has essentially been locked out of the countries I mentioned here, as well as some others. Those countries are our principal adversaries not only because they are our economic and military rivals, but because they view data theft as a strategic weapon and internet crime as a domestic industry. That is the world in which we live, and we have no choice but to deal with it.

We need a well-regulated internet border crossing. Or, if a different analogy works better for you, say we need an internet post office, where traffic is inspected for safety and legal compliance before we admit it into the country. We should develop the capability to close the border fence when needed. Just as we have the capability in the financial system to deprive bad actors of access to dollars, we should be able to completely isolate particular countries and those that trade data with them.

This is doubtless something that our adversaries already fear. Stoking distrust of our own security agencies, which would have to put such systems in place, is one of their best lines of defense. It is not one without factual basis or logical merit. Our intelligence agencies are far from perfect and have been known to misuse their capabilities for improper ends. But that does not place them remotely on the same threat level as the Russians, the Chinese, the Iranians and the North Koreans. We need to maintain perspective.

For now, the reality is that working online leaves individuals and organizations vulnerable, especially to hackers backed by government resources. Lt. Gen. Paul Ostrowski told the ArmyTimes that the Army is considering taking some defense contractors offline entirely to keep classified information safe. “If you’re on the net right now, you’re vulnerable,” Ostrowski said. An internet border crossing could mitigate some of this risk.

There would be real costs to disrupting data communications, especially with a country as economically important as China. But that’s the price of self-defense. Any sensible multinational company will learn to live with whatever system we devise. In the meantime, there is probably no reason why any community hospital or motor vehicle office needs to receive data from, say, Russia or Belarus. We should have a robust internet traffic system in place that isolates them, or at least allows them to isolate themselves, from connections to places where such traffic is apt to be ill-intentioned.

Of course, the immediate reaction to any such limitations will be for bad actors to try to use friendly countries as an intermediate staging ground for attacks. A robust defense system will need international cooperation. Otherwise, it will mean restrictions on traffic to and from places that do not inherently require such limits. We need to be prepared to work with friends who are willing and to impose restrictions on those who are not.

Right now we have an undefended internet frontier, through which nations who closely guard their own data borders attack us on a continuous basis. This system does not work. We should not allow it to survive for very much longer.

Disclaimer: This page contains affiliate links. If you choose to make a purchase after clicking a link, we may receive a commission at no additional cost to you. Thank you for your support!

About Larry M. Elkin 564 Articles

Affiliation: Palisades Hudson Financial Group

Larry M. Elkin, CPA, CFP®, has provided personal financial and tax counseling to a sophisticated client base since 1986. After six years with Arthur Andersen, where he was a senior manager for personal financial planning and family wealth planning, he founded his own firm in Hastings on Hudson, New York in 1992. That firm grew steadily and became the Palisades Hudson organization, which moved to Scarsdale, New York in 2002. The firm expanded to Fort Lauderdale, Florida, in 2005, and to Atlanta, Georgia, in 2008.

Larry received his B.A. in journalism from the University of Montana in 1978, and his M.B.A. in accounting from New York University in 1986. Larry was a reporter and editor for The Associated Press from 1978 to 1986. He covered government, business and legal affairs for the wire service, with assignments in Helena, Montana; Albany, New York; Washington, D.C.; and New York City’s federal courts in Brooklyn and Manhattan.

Larry established the organization’s investment advisory business, which now manages more than $800 million, in 1997. As president of Palisades Hudson, Larry maintains individual professional relationships with many of the firm’s clients, who reside in more than 25 states from Maine to California as well as in several foreign countries. He is the author of Financial Self-Defense for Unmarried Couples (Currency Doubleday, 1995), which was the first comprehensive financial planning guide for unmarried couples. He also is the editor and publisher of Sentinel, a quarterly newsletter on personal financial planning.

Larry has written many Sentinel articles, including several that anticipated future events. In “The Economic Case Against Tobacco Stocks” (February 1995), he forecast that litigation losses would eventually undermine cigarette manufacturers’ financial position. He concluded in “Is This the Beginning Of The End?” (May 1998) that there was a better-than-even chance that estate taxes would be repealed by 2010, three years before Congress enacted legislation to repeal the tax in 2010. In “IRS Takes A Shot At Split-Dollar Life” (June 1996), Larry predicted that the IRS would be able to treat split dollar arrangements as below-market loans, which came to pass with new rules issued by the Service in 2001 and 2002.

More recently, Larry has addressed the causes and consequences of the “Panic of 2008″ in his Sentinel articles. In “Have We Learned Our Lending Lesson At Last” (October 2007) and “Mortgage Lending Lessons Remain Unlearned” (October 2008), Larry questioned whether or not America has learned any lessons from the savings and loan crisis of the 1980s. In addition, he offered some practical changes that should have been made to amend the situation. In “Take Advantage Of The Panic Of 2008” (January 2009), Larry offered ways to capitalize on the wealth of opportunity that the panic presented.

Larry served as president of the Estate Planning Council of New York City, Inc., in 2005-2006. In 2009 the Council presented Larry with its first-ever Lifetime Achievement Award, citing his service to the organization and “his tireless efforts in promoting our industry by word and by personal example as a consummate estate planning professional.” He is regularly interviewed by national and regional publications, and has made nearly 100 radio and television appearances.

Visit: Palisades Hudson

Be the first to comment

Leave a Reply

Your email address will not be published.


*

This site uses Akismet to reduce spam. Learn how your comment data is processed.