A Cyber Year In Review: 2013

Jan 1st, 2013 Uncategorized

Another year past, another year full of cyber news.  I’ve been writing for roughly 2 years now, and in that time, there has been an explosion of cyber-related news stories.  I don’t know whether the news media is paying closer attention or whether there is more to report on (or both).  Regardless, it’s been a big year.

I’ve assembled what I feel to be the most significant cyber stories of 2012, broken down into categories.  Of course, these are just the highlights, so I’ve left off a large number of quite noteworthy news stories.  If you’re interested in some particular topic, I’d recommend using our categories feature to hunt down old blog posts.  Hopefully this list is useful, perhaps as a research tool, perhaps as just something to review in your free time.  If you’re interested, here’s 2011’s A Year in Review.

Reviewing my list, here’s my thoughts on 2012 and what we may see in 2013:

  • China continued its campaign of pervasive cyberexploitation.  When I started writing for this blog in 2011, I was just shocked with the brazen way in which Chinese hacker’s vacuumed up IP.  They literally worked a 9-5 breaking into foreign computer systems and stealing everything they could find.  In my poor attempt attempt at a 2012 prediction post, I predicted that the highest levels of the USG would do something about it; maybe President Obama would get on national t.v. and demand the Chinese stop.  Well, that was naive, and nothing came from President Obama, but there was some response.  I noticed a perceptible change in lawmaker’s and commentator’s comments wherein they began publicly criticizing China.  SecDef Panetta and Secretary of State Clinton raised the cyberexploitation issue with Chinese leadership.  The Chinese played it off, of course, but it was still notable that both officials brought it up.  Then the whole Huawei/ZTE fiasco.  Then the news that the DOJ will go after foreign hackers.  My point is that officials within the USG are taking steps–albeit very measured steps–to let the Chinese know we’re sick of their game.  Diplomacy matters, so I doubt we’ll ever see a strongly worded rebuke from the highest levels of the USG.   And I doubt the Chinese really care about any of this anyways (don’t forget, they’re victims of cyberespionage too!).  But I’m at least mildly encouraged that the USG is taking some sort of action.  They’d better, because . . .
  • The private sector is beginning to fight back.  In my mind, 2012 was the year in which hackback/private sector active defense/reprisal/cyber vigilantism/counterstriking fully entered the public discourse.  Just take a look below at all the stories on hackback.  Look at the ferocious debate it has started.  I’m interested to see if the USG will do anything about it: whether to enable the practice under extremely limited circumstances or explicitly outlaw it (say what you will, there’s still a sliver of uncertainty whether it’s legal under the CFAA and whether it’s legal notwithstanding the CFAA).  In any event, three things are clear to me: (1) there are companies currently engaged in hackback; (2) unregulated hackback is dangerous; and (3) hackback will remain on the legal/policy discussion plate well into 2013 and beyond.
  • The military continued its takeover of cyberspace.  Yeah yeah, I know, the military doesn’t have the legal authority to defend domestic computer systems.  But just take a look at some of those stories below under the military and US Law/Policy headings.  A number of commentators feel that the U.S. military is creeping into domestic systems.  The NSA wanted to monitor domestic networks.  Is this good?  Bad?  Depends on who you ask.  I tend to like it because we’re immediately placing cybersecurity responsibility in the most capable hands during our hour of greatest need.  There’s a perception that civil liberties may suffer, but truth be told, I’d rather trust some Airmen who could care less about my browsing habits than the FBI/DHS/law enforcement community.  Anyways, $10 says CyberComm goes full Combatant Command status in 2013.
  • Our elected officials failed to address cybersecurity.  I predicted–again naively–that Congress would pass cybersecurity legislation in 2012.  There was a lot of positive talk in December of 2011, and it seemed everyone agreed on the magnitude of the threat and the need for action.  Unfortunately, the rancorous debate over cybersecurity legislation stopped nearly everything in its tracks, and the best we could get was House passage of CISPA.  The sticking point was mostly over whether cybersecurity standards should be voluntary or mandatory.  A few news sources have reported that cybersecurity legislation will be back in 2013, but I’m not holding my breath.
  • The failure of ACTA/PIPA/SOPA demonstrated that the Internet has a voice.  Remember Internet blackout day?  The day when a number of popular websites went offline in a coordinated protest against SOPA/PIPA?  That day proved that the denizens of our beloved internet have power.  SOPA/PIPA went down shortly after that day.  I remember reading that a number of lawmakers were nervous about touched cybersecurity legislation precisely because of the reaction against ACTA/PIPA/SOPA.  Any future cyber legislation (and probably cybersecurity legislation) will have to contend with a mobilized internet citizenry.
  • The revelation (in that Sanger NYT article) that the US was behind Stuxnet was big.  I mean, not that big . . . pretty much everyone suspected the US was behind Stuxnet.  But Sanger’s article touched off a huge debate over whether the Stuxnet/Olympic Games reveal would hurt US strategic interests.  I didn’t think it really changed anything, but a number of commentators thought we crossed the Rubicon when Stuxnet was attributed back to us.  Then the news that the US was also (probably) behind Flame and mini-Flame followed.  I don’t know the implications of all this, but it’s going to make for an interesting 2013.

 

I’m not going to make a prediction post again, because I’ll probably embarrass myself.  Dan Lohrmann had an extremely useful blog post for Government Technology which surveyed all of the blogs/news sites/reports for their cybersecurity predictions.  Here’s Symantec’s 2013 predictions, via Lohrmann’s post:

–          “Cyber conflict becomes the norm – In 2013 and beyond, conflicts between nations, organizations, and individuals will play a key role in the cyber world….

–          Ransomware is the new scareware – As fake antivirus begins to fade as a criminal enterprise, a new and harsher model will continue to emerge. Enter ransomware….

–          Madware adds to the insanity – Mobile adware, or “madware,” is a nuisance that disrupts the user experience and can potentially expose location details, contact information, and device identifiers to cybercriminals….

–          Monetization of social networks introduces new dangers – …Symantec anticipates an increase in malware attacks that steal payment credentials in social networks and trick users into providing payment details, and other personal and potentially valuable information, to fake social networks

–          As users shift to mobile and cloud, so will attackers – Attackers will go where users go, and this continues to be to mobile devices and the cloud….”

 

 

See below for noteworthy stories of 2012:

 

China

U.S. Law & Policy

Legislation

Malware

Technology

Military

International Law

Anon

Hackback

Conferences/speakers

Cyberespionage

Iran

Please follow and like us:

Tags:

2 Responses to “A Cyber Year In Review: 2013”

  1. […] to toot my own horn, but I had a similar thought in our Year in Review: 2013: the movement that brought down ACTA/PIPA/SOPA demonstrates that the internet has found its […]

  2. […] bias yada yada yada, as I wrote in our Year in Review, I think this news portends the US military’s increasing role in cyberspace.  I’m not […]

Leave a Reply

You must be logged in to post a comment.

Authors

Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Ryan D. White

Ryan D. WhiteRyan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic. Full biography

Shelby E. Mann

Ryan D. WhiteShelby is a second year law student at the Syracuse University College of Law. She is the 2018-9 Editor in Chief of the Syracuse Law Review, as well as a member of the Journal on Terrorism and Security Analysis, and the senior editor for the Syrian Accountability Project. During her final year at the University of Missouri, she served as a full-time news producer for ABC 17 News. Shelby spent her first summer of law school at the Shelby County District Attorney General's Office in Memphis, Tenn., in the Public Corruption and Economic Crimes Unit. Full biography

Christopher w. FolkChristopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Anna Maria Castillo

Anna Maria Castillois 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Categories

RSS
Follow by Email
Facebook
LinkedIn