I am surprised that Russia is not doing more, because they have their own problems. A lot of Russian government networks are being hacked right now by opposition parties within Russia or by opposition parties within the Commonwealth of Independent States. They also have a serious problem with some of the hackers being jihadists. So you would think that it would be within their interests to engage with the U.S. and other countries like the U.S. because in a sense we share the same adversaries. But that has not happened.
TNNI: One of the essential problems in cyberspace is the issue of attribution. Why is it so difficult and is there any way around this problem?
Carr: Anonymity is what the Internet provides right now and not attribution. There are just too many ways to disguise who you are. In my view, there is never going to be a technological solution as long as we are using the Internet architecture that we already have. But having said that, I think there is a way to have made an educated assessment of attribution by looking at a much broader picture. And what I mean by that is you need to expand your focus to include an active defense, an active intelligence effort to understand what states are focusing their R&D money on and in what category? What states have active hacker populations and are engaging in geopolitical attacks? You start building profiles of every bad actor that might impact or might go after your assets, meaning U.S. assets. From that broad focus, you can begin to narrow down more specific indicators, looking at the type of malware that can be used, technical signatures, looking at specific patterns of hosting environments. So eventually, you can begin to recognize certain profiles and signatures and attacks and make an informed assessment about who the person or state behind the attack is.
TNNI: You recently published a report called “Project Grey Goose’s Report on Critical Infrastructure,” can you tell us a little bit about it and what are some of its major findings?
Carr: That report originally started to see if we could identify successful hacker attacks against critical infrastructures resulting in a power outage or a blackout or even other types of infrastructures, like water supplies. However, shortly after starting that report, even with that particular focus, we discovered that just is not going to happen. Not because those attacks have not occurred, but because no one is talking about them. People would refuse to cooperate across the board. So the focus of the report turned in a different direction. To look at some of the attacks that were done, or some of the actors that were involved and explore both the vulnerabilities in the critical infrastructure as well as the actors that might be targeting those vulnerabilities and nation-states that also have a marked interest in accessing our networks. So that became a focus of the report. We discovered that Chinese, Russian and Turkish actors, state sponsored in our opinion, are actively targeting aspect parts of our critical infrastructure, including the power grid. We also tried to emphasize that this is an important national security issue.
TNNI: In the next five years, how do you see the issue of cyber developing?
Carr: From a military point of view, countries will continue to develop computer network operations, computer network defense, attack, espionage, and the means to accomplish all of those. So there is active research and development going on in most countries to be able to penetrate networks, to control networks, to shut down networks, to cause cascading failures of networks. All of this R&D will continue. Because of the interconnectedness of research and development in the civilian world, I think it is going to continue at a very rapid pace. The exercising of cyber espionage will of course go up because that allows a state to leap frog its development time. Since the U.S. military is so far advanced in its capabilities, potential adversary states like Russia and China and nations of the Middle East, would have an interest in doing whatever they can in expediting their own R&D. The easiest way to do that of course is through espionage.
TNNI: Do you think that terrorists currently have the capabilities to be able to conduct a massive cyber attack? Or do you think they will at least develop those capabilities in the near future, or is that more of a longer term issue?
Carr: I think that it is possible to conduct a stunt like that today. I don’t think it is impossible by a large group of people, I do think the number would probably be smaller than you might think. There are lots of individuals that are extremist in their religious views that have the technical skills, having degrees in engineering, to do what is necessarily to bring down a piece of critical infrastructure. So I am concerned about that. I think East Africa is a good example of where there is a mix of money and motive. The only thing that is missing now is technical means. Once broadband covers the continent of Africa around mid-2010 then they will have that. So that kind of anarchic group or the Somali pirates, or other groups who have no constraints about what they will do or who they will hurt, that have access to a great deal of money and there is almost no law enforcement oversight, that is where I would focus a lot of my intel in terms of future threats.
TNNI: Anything else you wanted to add?
Carr: My hope is that the book will encourage a conversation and provide some clarity on issues that maybe were a bit clouded or not well known in the past. I think it is an important area and certainly deserves more priority than what it is currently getting. But more importantly, it is important that it be addressed in a collaborative way because the solution to deterrence and attribution is not going to be found in pure, technical analysis. It has to be more of a generalist approach than a specialist approach, in terms of intelligence terminology. So I would like to see broader collaboration among the public and private partnerships to solve the problem.