"espionage norms are such a weird nuanced place, that, it amazes me that people think cyber espionage can have a regular old norms framework" - @jckichen

let's talk about this *absolute unit* of wisdom for just a minute. we'll only scratch the surface, but that's ok (1/7)
During the Cold War, the major espionage norm that held between states was "We don't kill each other's intelligence officers". Now, this wasn't uniformly held but it was generally consistent across the big players for most of the conflict. But...that was kinda it. (2/7)
I am sitting next to five bookshelves worth of examples showing how everyone pretty much spied on, sabotaged, and manipulated everyone else when they felt it was in their national interest during the Cold War...but they tried hard to avoid killing each other's officers. (3/7)
So what's the cyberspace operations equivalent of the "don't kill each other's officers" norm? The one that everyone can pretty much agree upon and still play the game? I'd say it's probably "don't make tools that can fuck the whole the world and lose control of them". (4/7)
So in that context, trying to demonstrably punish activity like NotPetya and WannaCry make sense. "If you're gonna make destructive/disruptive tools, make sure you can control them - try to introduce a little discretion...please?" feels like a reasonable rule of the road. (5/7)
That said, actors with flexible ethical views (as @jckichen noted in another tweet) will continue to give zero fucks and do whatever they deem necessary to accomplish their objectives in the timeframes they are dealing with. So in that case, this norm fails too. (6/7)
So, while even a pretty reasonable desire about avoiding collateral damage in computer network attack operations can fail rapidly in comparison to "don't kill our officers" as a norm. ¯\_(ツ)_/¯ For more food for thought, read James Olson's book "Fair Play". (7/7)

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Horkos

Horkos Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WylieNewmark

22 Dec
While the first installment of this series focused on how China identified and redressed core issues in its counterintelligence posture, the second primarily shows the consequences of that reversal: namely, a reduction in insight available from intelligence for USG. (1/5)
Proper counterintelligence isn't just about the threats posed to your own intel or military services. It's not just OPSEC or force protection. If you can carry it off coherently and strategically, CI oriented around an "offensive defense" can handicap foreign policymakers. (2/5)
This article provides an excellent summary for the layperson of the scale and scope of China's bulk PII targeting and supplementary collection against targets associated with the travel sector (as @JohnHultquist noted earlier this week). A very useful little graphic here. (3/5) ImageImage
Read 6 tweets
22 Aug
Given that Debbins appears to be a "true believer" in the cause of Russian nationalism, his public commentaries on security matters offer a unique pool of data against which to evaluate his thinking and actions.
So far, I've found 6 pieces of such content related to Debbins - between 2015 and 2020. The first is a 2015 opinion piece advocating for the US stop trying to "Westernize" Ukraine and instead attempt "to foster an ethnic Russian civil society" there. (1/x)
Second, from 2017, is Debbins' appearance on a security podcast. He offers insight into his ethnic Russian family and presents a (retrospectively) sympathetic account of Russia's strategic perspective. -10 points for parroting "Gerasimov Doctrine" BS (2/x)
Read 13 tweets
24 Mar
Tonight I found myself thinking about how it's been awhile since I submerged myself in the sort of academic works on intelligence that were essentially my professional incubator. So I read this piece comparing "APTs" and Russian illegals. (1/7) academia.edu/37636326/Human…
The authors are U.S. counterintelligence professionals with significant experience on Russia and some experience in teh cyberz. And while I very much want to find compelling parallels between cyber actors and illegals, I find the overall argument comparatively weak. (2/7)
The argument's Achilles' heel IMHO is that it attempts to too thoroughly align the phases of an illegals operation to the general stages of the cyber kill chain. Relatively weak points of similarity are used to justify broad alignments, which I feel dilutes the argument. (3/7)
Read 7 tweets
26 Jul 19
Deeply tired of how little the SVR gets covered as a threat so let's rant about it. First and foremost, it's the successor to the First Chief Directorate (PGU) of the KGB. PGU was responsible for KGB foreign operations and was -no joke-. (1/9)
All those accounts you've read about the KGB manipulating governments, running major penetrations, conducting massive influence operations and other active measures abroad? All KGB PGU. Those assholes did not play. (2/9)
And they descended (mostly organizationally but sometimes genetically) from the people who ran the Trust op and all of whom bought/buy into Chekist humanism, a perverse moral structure that justifies just about any horrible act in the name of the state. (3/9)
Read 9 tweets
23 Nov 18
This law will mean nothing to Russian security services that may want to steer targeted media outlets towards certain pieces of information, say to shame rival services, contained in these readily available databases. (1/x) reuters.com/article/us-rus…
Let‘s hypothesize for just a second: Say one of those contacts that gave Bellingcat passport or other key data related to the Skripal operators was controlled - directly or indirectly - by the FSB as part of an effort to embarrass the GRU as part of interservice rivalry (2/x)
In that case, the data provided by the FSB-controlled source *could’ve* been critical in nudging Bellingcat into uncovering the (apparently formulaic) method the GRU uses to build covers/legends for field officers. That could be a big win for the FSB. (3/x)
Read 6 tweets
21 Nov 18
Leave to Korobov to “succumb to an illness” during what amounts to one of the four most reliable long weekends in America meduza.io/en/news/2018/1…
My money is that Sergei Aleksandrovich Gizunov, currently a Deputy Director under the late Korobov, is likely to be the next D/GRU. (1/5) russiandefpolicy.blog/2018/04/14/gru…
Gizunov has been described as “is probably a computer expert or mathematician from the GRU SIGINT apparatus. He was chief of the Moscow-based 85th Main Center of Special Service which deciphers foreign military communications.” (2/5) russiandefpolicy.blog/2016/01/23/sti…
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!