This appeared a day or so ago.
A chance to get smarter in cyber space of intelligence
In mid-November last year, WeChat users in China started discussing a new virus spreading in Wuhan.
Words and phrases such as SARS, coronavirus, novel coronavirus, Feidian (the Chinese equivalent of SARS), shortness of breath, dyspnoea and diarrhoea all began to increase in use across China’s most popular messaging app. As the virus spread, volunteer open-source researchers in China began collecting and archiving online material, including through GitHub, a Microsoft-owned coding and collaboration platform, to protect and preserve information at risk from China’s internet censors. Later, some of these open-source researchers, web archivists and citizen journalists would be detained, their online projects shut down.
We will never know how many governments were monitoring and collecting these early signs of COVID-19, and we will hear only snippets about what they found. Like advice from public health agencies and diplomatic cables, intelligence provides another source of information for governments. And for those intelligence agencies that pivoted quickly as the virus spread around the world early this year, online open-source collection, including data scraped from Chinese social media networks, blogs and archived databases, had the potential to alert them to the seriousness of what was to come.
On January 6, eight days before the now notorious tweet by the World Health Organisation announcing that Chinese authorities had “found no clear evidence of human-to-human transmission of the novel #coronavirus”, cyber-espionage actor APT32 was on the hunt, trying to find out more about the unnamed virus spreading in Wuhan and beyond. APT32 (also known as OceanLotus), long believed by cyber-security researchers to be operating on behalf of the Vietnamese government, used COVID-19 themed malicious email attachments in an attempt to compromise the professional and personal email accounts of officials working for the government of Wuhan and China’s Ministry of Emergency Management. We don’t know how successful APT32’s attempted cyber intrusions were, or what prompted this operation.
But we do know that Vietnam — like Australia — acted quickly, closing its 1400km border with China on February 1. By the end of April, the Vietnamese government had reported no deaths and fewer than 300 cases of COVID-19.
Alongside most industries, intelligence agencies — including Australia’s — will be assessing whether the global disruption caused by COVID-19 will change the way they operate. Will it accelerate evolutions in tradecraft? Will the expectations and priorities of intelligence customers shift as these types of global events become more frequent?
They will need to take stock of their response. As the virus began its rampant spread, were they set up and resourced to respond in a timely fashion? Crucially, as other sources of information signalled danger, were they able to move fast to collect information, much of which, in the early stages at least, was not necessarily “secret”?
For governments wrestling with difficult decisions such as border closures and public safety measures, having accurate data about the virus and its spread was essential. But responding quickly isn’t always easy because intelligence collection is challenging, labour-intensive and complicated.
Agencies can’t ordinarily pivot quickly between targets. In China, which has invested heavily in sophisticated surveillance and public security technologies to monitor and control its population, collecting on-the-ground human intelligence is becoming more dangerous and expensive.
The demands of dealing with, and protecting, sources means human intelligence may not be easily redirected. Signals intelligence also needs time to change course; penetrating a network requires figuring out a way in, and exploitable vulnerabilities are hard to find. Only certain intelligence collectors, such as those working in open-source and geospatial information gathering, can manoeuvre more readily.
Intelligence collection during the early months of COVID-19 would have required agencies to work creatively and flexibly. They would have had to gather information, much of which existed only in, for example, municipal and provincial medical circles, high-resolution satellite imagery or archived online databases and Chinese social media channels.
This would have raised another challenge for intelligence agencies: as the data poured in, were they able to quickly process and analyse what they had?
But the most important questions are the ones that can’t be answered yet. With nations still emerging from this crisis, intelligence communities need to forecast what a world after COVID-19 abates will look like. Because they need to make decisions now about how they will operate in this new environment.
…..
Danielle Cave is deputy director of the Australian Strategic Policy Institute’s International Cyber Policy Centre. This is an edited extract of her essay, Data Driven, in the new issue of Australian Foreign Affairs, Spy v Spy, published on Monday.
More here:
Here is a link to the relevant section of the ASPI Web-site.
https://www.aspi.org.au/program/international-cyber-policy-centre
Here is the link to the issue of the magazine.
https://www.australianforeignaffairs.com/essay/2020/07/spy-vs-spy
I find this interesting in the sense that it seems at least Vietnam (and certainly Taiwan) were more than aware that something serious was happening in Wuhan at least a week before the WHO said there was a problem and were acting to control the virus entry into their country.
I wonder how many stories of other really smart people figuring out what was going on – using public information – long before China fessed up!
David.
No comments:
Post a Comment