Ex-intelligence official: cyber espionage more dangerous than terrorism
November 20, 2012 10 Comments
By JOSEPH FITSANAKIS | intelNews.org |
A former senior member of Canada’s intelligence community has said that the threat of cyber espionage requires more resources that are currently being diverted to counterterrorism. Ray Boisvert, who retired last year from the post of Assistant Director of Intelligence for the Canadian Security Intelligence Service (CSIS), said in an assertive speech last week that cyber espionage is “fundamentally undermining [Canada’s] future prosperity as a nation”. Speaking on Friday in Ottawa, Boisvert compared cyber espionage to the climate-change debate, which has been marked by a series of ignored warnings, due to “some willful blindness on behalf of individuals”. As a result, he said, the need to establish essential security measures to protect worldwide electronic infrastructure is being neglected, while desperately needed resources are being diverted to counterterrorism. He explained the lack of action on three levels: first, the resistance emanating from technologically challenged decision-makers in the government and private sector, who simply do not understand the technical complexities of digital telecommunications security. Second, it is rooted in the government’s reluctance to invest the funds required to shield the nation’s communications infrastructure from espionage attacks. Finally, he placed the blame on the fragmentation and shortsightedness of the private sector, which owns and operates nearly 90 percent of Canada’s critical communications infrastructure and yet is too consumed by competition to sit around the same table on matters of security. In giving examples of the seriousness of the threat of cyber espionage, Boisvert cited the attacks last year on the computer systems of Canada’s Treasury Board and Finance Department, which compromised trade secrets of several national industries. He also mentioned the attacks on Nortel Networks Inc., which he said lasted for over a decade and may have contributed to the company’s 2009 demise. Toward the end of his speech, Boisvert said it would be a mistake to point the finger solely at China for such attacks. Although Beijing is behind some global cyber espionage, the former intelligence official said that several other countries, “even good friends” of Canada, were engaged in spying on Canadian government agencies and private companies, searching for financial information, intellectual secrets, as well as defense and diplomatic data. Like its southern neighbor, the United States, Canada is currently engaged in a public discussion about which government agency or agencies should be working with the private sector to try to secure civilian telecommunications infrastructure.
intelNews.org 
Boisvert’s attitude may be a good fit for Canada’s particular ordering of intelligence priorities – that is a relatively low incidence of terrorism against Canada at home and abroad, but many other countries face higher risks of terrorism (eg. US, UK, India, Israel, Pakistan, Iraq, Afghanistan etc)
Furthermore cyber-espionage is an updated term for sigint – arguably a constant threat since World War One. Meanwhile massively destructive terrorism, potential repeats of the 9/11 operation, are something new and well recognised as more dangerous.
The proven track record of a security threat to shock a whole society is a more tangible threat than cyber espionage’s as yet unassessable potential. Even the US’ (and possibly Israel’s) Flame and Stuxnet efforts against Iran have hardly caused a visible stir in Iran.
@Pete I disagree with your generalization of cyberespionage as SIGINT, as SIGINT is the passive collection and analysis of signals, while cyberespionage relies on the targeted infection of computers with valuable intelligence. (However, cyber operations and SIGINT are primarily conducted both by the NSA due to its institutional technical expertise).
Sorry to correct you guys, but it’s neither cyber nor sigint – viruses fall under Biological warfare (BW)
@Joseph: This article is about computer viruses, which is a form of cyberoperation. Normal biological viruses are part of BW, not cyberviruses.
The technical way sigint operates would have evolved in part due to technical changes in the target means of communication. Sigint is not a static thing. If intercepting data on the internet-servers-PCs requires the flushing out of information using viruses, keyloggers whatever, it means it might be a new method – a highly active method
Sigint can be highly targetted – for example the Ivy Bells operation targetted specific Soviet undersea cables http://en.wikipedia.org/wiki/Ivy_bells .
As you said sigint can be passive – but this might in a “all hoovering” hardware sense. The hardware might contain specifically/actively configured sifting software to collect specific types/sources of info.
@Pete Yes, during the cold war, targeting SIGINT operations were done rarely (as in the Ivy Bells operation as well as the Berlin Tunnel operation by FI/D). However, currently most SIGINT the NSA gathers is from the passive SIGINT operation conducted by the ECHELON. More targeted gathering is done through the clandestine infiltration of a target’s computer systems (as seen by Flame). SIGINT generally refers to the collection of enemy signals and their subsequent decryption to understand communications in between various intelligence targets. Cyberespionage refers to the clandestine penatration of a target’s computer systems to secretly harvest information. While SIGINT’s passivity and cyberespionage’s targeted approach to collection work hand in hand, they are quite different.
Hi S
I don’t think your explantion negates what I call the highly active virus flushing out tactics and highly targetted nature of software that sigint organizations might use. Mention of “ECHELON” does bring to mind a decades old term and report but you would need to explain the term to demonstrate how it technically fits these days.
You’ll probably find that a sigint organization activily constructs and periodically alters hardware to extract information from telephone exchanges including the landsited junctions of undersea cables. The vast amount of intel gathered means highly active software is needed to pluck out the intel the sigint org is tasked to gather.
“enemy signals” is a military subset of the much larger mainly civilian mission of a sigint org. Much intel would originate domestically andbe gathered in cooperation with or for local security services.
@Pete, I don’t mean to negate your claims, I was simply pointing out that SIGINT is very rarely used in targeted ways like in Ivy Bells any more — targeted espionage now relies on primarily cyberespionage. ECHELON is a “Five Eyes” (AUSCANNZUKUS) SIGINT program in which all signals intercepted by any of the member nation’s SIGINT agencies (such as the NSA or GCHQ), are shared with one another. ECHELON is the primary SIGINT program by the Five Eyes, and it utilized passive collection to gather massive amounts of data, that is then processed and scanned for any actual intelligence that could be converted into product through various data mining means.
Hi S
I agree ECHELON is basically the 5 English speaking country sigint alliance – also known as UKUSA. I think we’re talking about the same thing of mass sigint data collection then picking through this data for useful intel.
The degree of active targeting versus passive collection probably varies across geographical areas, portions of the telecommunications network and many other technological levels. The introduction of digital communications decades ago did not make the term “sigint” obsolete or illfitting. Digitization was a arguably a much more fundamental change than internet. In fact digital communications made internet possible including such sigint worthy communication modes as VoIP.
We could disagree forever I think. In the end I don’t have contact with intel organizations including sigint orgs so I have no firm idea about the degree to which they have active targeted operations versus passive. Probably active and passive could most usefully be seen as relative terms (say compared to FBI active “bugging” targeting) rather than absolute.
Regards
Pete
@Pete I think at the end of the day our disagreement was over a technicality regarding the definition of ‘SIGINT’. I see SIGINT as ECHELON type massive data collection and mining operations, but when it involves the hacking of VoIP systems or computers, I consider it not SIGINT but cyberintelligence. I guess if you consider it to be SIGINT (which it seems the IC does) you would be right — there are many targeted hacks of terror targets done in addition to the massive ECHELON program. I have no doubt that SIGINT services like the NSA selectively bug suspected terrorists much like the FBI, and thus do conduct targeted SIGINT operations. And if you use your definition of cyberespionage of still being SIGINT, there are even more targeted SIGINT operations.