There's already several digital Blackwater's so to speak. HBGary Federal is the obvious unsuccessful one, but you also have much more successful ones like Endgame Security.
Personally my view is that the 'physical' Blackwaters of the world haven't demonstrated an awful lot of adherence to the moral requirements associated with such work, so why would the virtual ones do the same? If you sanction a company with the ethics of Blackwater to do offensive work, do you really think they only side they're ever going to fight on is yours? Do you think that they'd represent your interests, or theirs, and do you think there'd be any hope of the kind of transparency or limitations that you'd at least expect to see in a state run equivalent?
I agree a "digital blackwater" can be much more effective than the government for this kind of thing.
However, unlike physical violence, there's not as much "inherent human moral knowledge" about computer crime/war/terrorism. It's pretty obvious to anyone (including Blackwater shooters) that shooting people is wrong, all things being equal; it is necessary in certain situations, but is to be avoided if possible. Some kinds of shooting are worse than others, and there are lines which most people wouldn't cross (shooting obviously unarmed people, children, etc.), even if ordered to do so.
With most computer crime, it's not so obvious who is being hurt and how much; there's also no primate/reptilian brain response to most of the activities themselves, only their consequences.
There's also much more potential to use "able to do digital violence" to influence business and politics within a stable nation state than to use physical violence. Organized crime only really can operate in marginal communities, at least through violent extortion -- in more developed places, it sticks to providing unmet (illegal) needs like drugs, gambling, prostitution, etc., or operates at a sub-organized level.
There's really nothing in "inherent morals" of people, or in cultural values, which will prevent using a "digital blackwater" for political or business ends.
If someone goes down this road (and the Chinese appear to have already, and possibly Russia), everyone else has to, but the world will become worse overall. Better for hackers, perhaps, as a subset, but I'd be fine with having a little less money and living in a less-Gibsonian world.
I do agree that there comes a time when you have to look at current the current security environment and realize that you need to enable the private sector to do more to defend themselves than appears possible currently. Relating of course to industrial espionage and the so-called "APT", not this #antisec nonsense. I don't look forward to a world where private firms are employing offensive cyber-mercenaries, but let's be honest - that is what many chinese firms and some western firms are already doing. Something needs to change to let western businesses respond to these threats, and it's clear that the usual mantras of defense in depth and being increasingly vigilant just aren't leading us down a winning path. We may never have infosec world where it's possible to adequately rely on defense only, perhaps it is time to move past the missile defense shields and on to MAD - much like US defense has gone.
It is more than "what many Chinese firms" are doing; it is what the Chinese government in collusion with many Chinese firms is actively doing all the time at all levels of US infrastructure, including not only industrial espionage but also actively attempting to steal all military and other tech from every server connected to the internet. Everything stolen is then pushed back to the appropriate vendor, which includes of course whatever companies are capable of producing stolen tech. This then is produced at low cost overseas and shipped back to the American consumer, who purchases it at the expense of an American product, leading to a loss in revenues for the American company that originally designed and produced the stolen product and dozens or hundreds more unemployed Americans.
This isn't MAD, this is constant low-level warfare waged by a foreign power without any US response except for monitoring and sporadic defensive efforts. The problem with a counter-offensive, esp. one waged by proxy private sector forces is that, first of all, the US is continually fighting the last war over and over (oh yes, let's invade Libya and setup democracy there... ), second of all even if we can plant detonation devices in Chinese infrastructure like they most certainly have littered in ours (who knows how many electric grids they could shut off at a moment's notice) this doesn't prevent their offensive efforts at all. In fact, the only thing that can prevent theft on a large scale is penalizing that theft, which certainly no current administration is capable of doing (notice the long standing list of promises regarding IP protection that China has reneged on). So really the only solution here is to innovate much more quickly domestically (including whatever private sector partnerships are appropriate via DARPA, etc.) and to continue to develop offensive capacities (which undoubtedly exist but given the classified nature of such, it is hard to know quite how well developed or capable they are). Undoubtedly we should also try to knock off Chinese government servers periodically as they do to ours just to be certain that we can -- and a private Blackwater might be just the ticket.
So like lulzsec, anonymous, or all of the other groups, but operating for money instead of humor and ideology. Sounds like a brilliant idea (that's sarcasm, by the by).
_b8r0|14 years ago
Personally my view is that the 'physical' Blackwaters of the world haven't demonstrated an awful lot of adherence to the moral requirements associated with such work, so why would the virtual ones do the same? If you sanction a company with the ethics of Blackwater to do offensive work, do you really think they only side they're ever going to fight on is yours? Do you think that they'd represent your interests, or theirs, and do you think there'd be any hope of the kind of transparency or limitations that you'd at least expect to see in a state run equivalent?
lawnchair_larry|14 years ago
Also, General Dynamics AIS.
rdl|14 years ago
However, unlike physical violence, there's not as much "inherent human moral knowledge" about computer crime/war/terrorism. It's pretty obvious to anyone (including Blackwater shooters) that shooting people is wrong, all things being equal; it is necessary in certain situations, but is to be avoided if possible. Some kinds of shooting are worse than others, and there are lines which most people wouldn't cross (shooting obviously unarmed people, children, etc.), even if ordered to do so.
With most computer crime, it's not so obvious who is being hurt and how much; there's also no primate/reptilian brain response to most of the activities themselves, only their consequences.
There's also much more potential to use "able to do digital violence" to influence business and politics within a stable nation state than to use physical violence. Organized crime only really can operate in marginal communities, at least through violent extortion -- in more developed places, it sticks to providing unmet (illegal) needs like drugs, gambling, prostitution, etc., or operates at a sub-organized level.
There's really nothing in "inherent morals" of people, or in cultural values, which will prevent using a "digital blackwater" for political or business ends.
If someone goes down this road (and the Chinese appear to have already, and possibly Russia), everyone else has to, but the world will become worse overall. Better for hackers, perhaps, as a subset, but I'd be fine with having a little less money and living in a less-Gibsonian world.
trotsky|14 years ago
Jd|14 years ago
This isn't MAD, this is constant low-level warfare waged by a foreign power without any US response except for monitoring and sporadic defensive efforts. The problem with a counter-offensive, esp. one waged by proxy private sector forces is that, first of all, the US is continually fighting the last war over and over (oh yes, let's invade Libya and setup democracy there... ), second of all even if we can plant detonation devices in Chinese infrastructure like they most certainly have littered in ours (who knows how many electric grids they could shut off at a moment's notice) this doesn't prevent their offensive efforts at all. In fact, the only thing that can prevent theft on a large scale is penalizing that theft, which certainly no current administration is capable of doing (notice the long standing list of promises regarding IP protection that China has reneged on). So really the only solution here is to innovate much more quickly domestically (including whatever private sector partnerships are appropriate via DARPA, etc.) and to continue to develop offensive capacities (which undoubtedly exist but given the classified nature of such, it is hard to know quite how well developed or capable they are). Undoubtedly we should also try to knock off Chinese government servers periodically as they do to ours just to be certain that we can -- and a private Blackwater might be just the ticket.
Oh yes, I used to work for the DoD.
JoachimSchipper|14 years ago
sorbus|14 years ago
brohee|14 years ago
officemonkey|14 years ago
(http://chertoffgroup.com/cgroup/2010/03/general-michael-v-ha...)
unknown|14 years ago
[deleted]
unknown|14 years ago
[deleted]
bsergean|14 years ago
[deleted]