{"id":17660,"date":"2018-05-20T15:02:42","date_gmt":"2018-05-20T15:02:42","guid":{"rendered":"http:\/\/www.vicsocotra.com\/wordpress\/?p=17660"},"modified":"2018-05-25T15:03:52","modified_gmt":"2018-05-25T15:03:52","slug":"arrias-cyber-and-corporate-responsibility","status":"publish","type":"post","link":"https:\/\/www.vicsocotra.com\/wordpress\/arrias-cyber-and-corporate-responsibility\/","title":{"rendered":"Arrias: Cyber and Corporate Responsibility"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" src=\"https:\/\/www.vicsocotra.com\/wordpress\/wp-content\/uploads\/2017\/02\/Arrias.jpg\" width=\"214\" height=\"288\" \/>The US is only now waking to the threat posed by those who\u2019d use the cyber world to not only steal information (and money), but corrupt data, undermine our politics, and even cripple key industries and infrastructure. Developing cyber capabilities to defend against those nations, groups and individuals who would attack us is essential.<\/p>\n<p>Equally essential, if we are to deter future attacks, are offensive cyber capabilities, the ability to reach out in the cyber world and ensure that those who would attack us would receive far worse than any benefit they gain. Such a capability is the essence of any viable deterrence.<\/p>\n<p>Yet, the very companies that would help provide such capabilities, both to the US and our allies, have said they want out of the game.<\/p>\n<p>In April, 34 major &#8220;high tech&#8221; companies signed an agreement to work together to prevent their (or their customers&#8217;) data from being tampered with, while defending each other from cyber attacks.<\/p>\n<p>They also pledged they wouldn\u2019t aid any state in &#8220;offensive&#8221; cyber attacks.<\/p>\n<p>One writer noted we should applaud their efforts to protect their clients&#8217; data. I suppose&#8230; If you think it&#8217;s applause-worthy that a company obeys the law and protects information clients entrusted to it. I suppose in this day of everyone getting a trophy it&#8217;s appropriate to applaud when someone does the minimum expected.<\/p>\n<p>As for the idea these 34 companies wouldn\u2019t support any state&#8217;s offensive cyber&#8230; There seems to be some sort of strained thinking going on here.<\/p>\n<p>First is an issue of moral equivalency. A request from the US (whether the Intelligence Community or DOD) asking for support when conducting offensive cyber operations would be denied, just as it would be if the request were made by anyone else, say Iran, North Korea, or perhaps the Taliban\u2026<\/p>\n<p>Perhaps this is just commercial-grade cynicism; publicly announce that \u201cwe won\u2019t help develop offensive tools,\u201d but if the DOD or Intelligence Community were to request some sort of cyber tools &#8211; both offensive and defensive, offering perhaps several billion dollars per year for 5 years, and offered the contractor access to the latest technology from DARPA and other US government contracts, then maybe they&#8217;ll make an exception?<\/p>\n<p>Hmmm\u2026<\/p>\n<p>If you recall, following the San Bernadino shooting (December 2015), Apple (not a signatory to this particular agreement) refused to assist the FBI in breaking the encryption on the shooter&#8217;s phone. But in 2017 Apple agreed to, in effect, provide the Chinese government access to its encryption in order to continue doing business in China.<\/p>\n<p>I wonder what the signatories are willing to do to sell in China?<\/p>\n<p>And there\u2019s the issue of responsible citizenship. The companies signing this accord appear to think they can avoid the legal fact of their country of residence. Companies have countries of residence, they are for legal purposes &#8220;citizens,&#8221; and enjoy many of the same rights that human citizens have. (In 1886, for example, the Supreme Court ruled that corporations have the benefit of the Equal Protection clause of the 14th amendment, just as human beings have.)<\/p>\n<p>But, with rights come responsibilities. Corporations must pay taxes and obey the law. They benefit from the protection the nation provides; shouldn\u2019t they also be prepared to assist in the nation\u2019s defense? And a proper defense includes providing for adequate deterrence.<\/p>\n<p>The US government doesn\u2019t have the authority to order a company to work for it. But the cyber world lacks clear boundaries, and the line between offense and defense is very fuzzy at best \u2013 a fact known only too well by the signators. Taking money for \u201cdefense\u201d but eschewing \u201coffensive\u201d cyber begins to look deliberately obscure.<\/p>\n<p>Might corporate directors claim their corporations are &#8220;conscientious objectors?&#8221; Can a corporation have moral and ethical values different from the owners? That seems to be a reach. And if they were to make such a claim, that would seem to require the approval of the ownership. Did the stockholders hold a referendum?<\/p>\n<p>Or is this is a dodge, a legal head-fake to have things their way, an effort to paint themselves as not accountable or responsible if the US and her allies were to find themselves in a cyber-war, trying to protect their own holdings by claiming some sort of neutrality?<\/p>\n<p>But, if they\u2019re neutrals, then there\u2019s no US government responsibility to defend them from either physical or cyber attack.<\/p>\n<p>Can&#8217;t have it both ways.<\/p>\n<p>Copyright 2018 Arrias<br \/>\nwww.vicsocotra.com<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The US is only now waking to the threat posed by those who\u2019d use the cyber world to not only steal information (and money), but corrupt data, undermine our politics, and even cripple key industries and infrastructure. Developing cyber capabilities to defend against those nations, groups and individuals who would attack us is essential. Equally [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"class_list":["post-17660","post","type-post","status-publish","format-standard","hentry","category-arrian"],"_links":{"self":[{"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/posts\/17660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/comments?post=17660"}],"version-history":[{"count":1,"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/posts\/17660\/revisions"}],"predecessor-version":[{"id":17661,"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/posts\/17660\/revisions\/17661"}],"wp:attachment":[{"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/media?parent=17660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/categories?post=17660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vicsocotra.com\/wordpress\/wp-json\/wp\/v2\/tags?post=17660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}