Network Security, Network Security, Threat Management

Hired guns: Cyberwar PsyOps, Part 1

This article is important to CIOs because your industry may become affected by defacements or DDoS attacks should your sector have impact in Tunisia and Saudi Arabia or if you're involved in social media.

Saudi Arabia: 2011

This week the Saudis drew a line in the sand, requiring bloggers to be licensed:

The Saudi government says the move is simply designed to protect society – and points out that it was already censoring content anyway. Saudi Arabia has one of the highest numbers of bloggers in the Arabic world.

Applicants for a license need to be Saudi, at least 20 years old and to have graduated from high school. They will also need 'documents testifying to their good behavior.'

Anyone caught blogging without a license will be subject to a fine of up to 100,000 Riyal ($26,665), and/or a ban – possibly forever.

While Jordan, Egypt and Saudi Arabia all have restrictive internet café spycam surveillance, this story should be referenced along with the recent Tunisian crackdown on free speech.

"The real reason we should be watching these policies as a Western CIO is simple: If Tunisia's DDoS attacks are perceived as successful, your company's partnerships with Jordanian, Saudi and Egyptian business may lead to your targeting by the 4chan LOIC – Low Orbit Ion Cannon of Operation Payback fame."

Core motivation: Preventing loss of face

Like stand-up and improv comedy, blogs are often successful because they're entertaining or emotionally driven. Blogs have an inherent ability to allow anonymous and often scathing criticism on a topic, often from the shadows through the comments.

Tunisia and Saudi Arabia are two different cultures, yet the loss of face in the Arab cultures was documented by the CIA in this study which lends itself to the effectiveness and BDA of Stuxnet attack – embarrassment in Iran rather than bombs has simply been a more effective warfare method. One example from this publication:

There is a proverb in Chinese which can be roughly translated, "Point at the chicken to scold the dog." On its face incomprehensible to the Westerner, it means that if the dog has done something wrong you should berate the chicken in his presence in order to get at the wrong-doer without causing undue embarrassment. The chicken is not embarrassed because everyone knows it was not he who did it, and the dog does not lose face through public shame or direct censure.

This should put defacement into proper perspective: even though it may be perceived as internet graffiti, to other parts of the world, any loss of face is much more value-added.

CIOs: Persistent threat assessment

As most experts state, cyberwar is the persistent threat of 2011.

Do a threat assessment based on your industry and customer profiles. Ramp up your defensive procedures in case the low orbit ion cannons of protest single your business out for DDoS.

Look at the motivation for defacement differently with a cultural twist. If an equivalent to the Iranian Cyber Army happens to deface your page, consider the full implication of this being more than just graffiti. Take it with a grain of salt if you must, however reporting the act to the IC3.gov will aid global efforts against cyberwarfare, Therefore I urge you to consider adding the reporting step into your procedures.

Attend free first-responder training. Consider sending one or more of your IT folks to the regional and [often] no cost Cyberterrorism First Responder trainings that DHS does.

Personal perspective

My dad, arrested at Sproul Hall in the first major Berkeley protest, used to tell me that restrictions on inherent civil rights lead to civil disobedience no matter what country you're in. My mom, attending Berkeley at the time, told me that she watched Sproul Hall take place and made her decision to work for change within a system, not to tear the system down in place of something indefinably 'better.' With those two viewpoints firmly in mind, I offer the following perspective.

When we look at the cultural and legal restrictions currently in place overseas, it can become a challenge to see through someone else's perspective. At first, we in the United States and EU often state that freedom of speech is a RIGHT. Censorship inherently occurs when you must be held accountable for every word, and I really hope that idea doesn't catch on as a global value.

Yet can there be a black and white view on application of Western ideals and values like free speech to other societies? We may want for them to become Jeffersonian-style democracies, but there is a long road to free speech.

Our government's position (not yet confirmed by WikiLeak-ed State Dept. memos ;-)) is probably one of relief since several of these countries are aligned with the 'program' of combating terrorism. Communication and control via Twitter, along with ideology through blog articles, are two channels of free speech which make law enforcement's job harder.

My regional analysis of the requirement for Saudi citizenship, as well as the age restriction, leads me to believe this is targeted at restricting the speech of non-Saudis, which is a double-edged sword. On one hand, potential terrorists cannot communicate as easily. On the other hand, near-slave working conditions often experienced by non-resident workers cannot be exposed as easily.

Communication through Twitter – on a simple SMS text-capable cell phone – may also be considered blogging and I'll research this further to confirm how their laws see it.

Because I cannot think of something 'better' than the current restrictions in light of the all too important terrorism weight on the scales, I leave this article's perspective on the censorship unresolved. Feel free to comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.