Who Is This Guy?
My name is Klon Kitchen (yes, that’s my real name). By way of background, I spent 15 years in the U.S. intelligence community (IC) working on counterterrorism, counterproliferation, covert action, and cyber issues. I was also Nebraska GOP Sen. Ben Sasse’s national security adviser for three years. After that, I spent another three years at the Heritage Foundation as the founder and director of its Center for Technology Policy. In early 2021, I made the move to the American Enterprise Institute (AEI), where I’m loving life as a senior fellow in the foreign and defense policy shop.
You can click here if you want a little more on my background. If you want a lot more, however, I’ll have to kill you. (Just kidding. I don’t do that anymore.)
You can also follow me on Twitter (@klonkitchen).
The best part of me is my family. My wife Tracy and I have four kids and we’re on the cusp of gradually sending them off to college and becoming empty nesters. While we’re far from perfect, we enjoy one another and I’m proud to say all four kids are “weird” in all the right ways.
I also think it’s helpful for you to know that I’m an evangelical Christian. I don’t typically post about religion, but knowing this about me will help you understand and interpret my views because they’re the foundation of what I believe about truth, morality, humanity, and society.
Why ‘The Current’?
It’s a play on words. In professional intelligence, new information and analysis about current events is called “current intelligence.” That’s what I hope to provide in this newsletter—new information and insights on the most important technology and national security issues.
Metaphorically, I also like the idea of wading with my readers into the technological “currents” that are shaping and moving history and global events.
Every week I intend to provide a mix of reporting, analysis, and commentary that considers foreign policy and national security primarily through the lens of technology. These topics will include, but not be limited to, “Big Tech,” geopolitics, artificial intelligence (AI), robotics, drones, quantum science, cybersecurity, and lots of other cool stuff.
Does this mean you need to be a tech expert to read this newsletter? Absolutely not! In fact, my driving aim is to demystify these issues and to make them accessible for everyone.
I also want to hear and learn from you—so comment early and often.
Ok, let’s get to the good stuff!
A Little Cybersecurity 101
Because we’re just starting our conversation, I thought it’d be helpful to cover some basics. Words like “cyber” and “hacker” are frequently used but are not always understood.
Below is a series of basic questions about cybersecurity—a topic we’ll cover frequently—along with some high-level, mostly non-technical explanations. Don’t worry, you don’t need to memorize anything but you may want to bookmark this post so that you can refer back to it from time to time.
What is “cybersecurity?” Cybersecurity is the protection of data and networks from bad guys who want to steal information or do damage to computers or other systems.
What are the three core aspects of cybersecurity? The three basic aspects of cybersecurity are confidentiality (limiting access to only the users you want to have access), integrity (making sure data is reliable and not manipulated), and availability (making sure you can get the data you need, when you need it).
What is a hack? A hack is the unauthorized access to data or a network that is typically made possible when an attacker exploits a vulnerability (aka, a “vuln”).
Tell me more about “vulns.” There are four kinds of vulnerabilities that hackers exploit. First, there are operational vulnerabilities—things like poor data management, bad security awareness, or the reusing of passwords. Second, there are personnel vulnerabilities—these include poor hiring and training practices as well as risks that arise when employees become disgruntled. Third, there are physical vulnerabilities—bad facility security, poor access controls, and even broken door locks. Finally, fourth, there are technical vulnerabilities—this includes weaknesses in the design, configuration, or maintenance of technology that allow unauthorized activity.
What’s the difference between a hack and a data leak? A data leak is when a system or network is set up in an insecure way that enables information to be accessed without technically breaking into the system itself. Think of it like this: a hack is when a burglar breaks into your house and steals your TV. A data leak is more like someone taking your wallet after you left it on your car’s passenger seat with the windows rolled down.
What are the two primary types of hack? First, there’s computer network exploitation (CNE)—this is when attackers are focused on stealing information (e.g., espionage or intellectual property theft). Second, there’s computer network attack (CNA)—this is when bad guys damage or break a system (e.g., ransomware, distributed denial of service [DDos] attacks, etc.).
Who are these hackers? Cybersecurity threats come in a variety of types, including insider threats (people within an organization who seek to do it harm), criminals, terrorists, hacktivists (hacker activists), state actors, and advanced persistent threats (APTs).
Wait, I’ve heard of APTs, what are they again? In the information security (“infosec”) community, any attack campaign that establishes a long-term presence inside a target network is called an advanced persistent threat. This term or acronym can also be used as shorthand for the attackers themselves (e.g., “The APT was able to steal data undetected for more than three months”).
So where do all the cool hacker names come from? It’s common in hacker culture for individuals to adopt a nom de guerre as a means of hiding their identity. Groups of hackers who work together can also choose a collective name, such as the REvil or DarkSide ransomware groups. Finally, cybersecurity researchers and firms will also assign nicknames to APTs as a means of connecting them with certain attacks, targets, or methodologies. For example, hackers associated with Russia’s military are known as “Fancy Bear” (APT28) and those within Moscow’s intelligence services are called “Cozy Bear” (APT29).
Aren’t there some good guy hackers? Yes, they’re called “white hat” hackers and they’re typically security researchers or other cybersecurity professionals. Bad guy hackers are called “black hats” and the people who straddle the line—typically for personal financial gain—are called “gray hats.” “Red hats” are like vigilante white hat hackers, they’re focused on preventing bad guy hacks but they do it in an aggressive and punitive way (kinda like Batman with a keyboard). Finally there are “green hats” or “script kiddies,” these are amateur or inexperienced hackers who are still learning the ropes, with the latter nickname being more derogatory.
What is the “cyber kill chain?” While the term was coined by Lockheed Martin, it describes the basic stages of a that which preexist this term. Depending on the sophistication of the hacker, and the relative strength of the defender, some of these phases may be longer than others. Here are the seven parts of the cyber kill chain:
Reconnaissance. This is where hackers identify which computer, network, or data set they want to target and begin collecting information to identify vulnerabilities.
Weaponization. Once a vulnerability is identified, the hacker either buys or creates a piece of code (a “payload”) that exploits this vulnerability and gives the attacker access to the target.
Delivery. The attacker introduces the payload into the targeted network. This is frequently done using phishing emails, infected hardware like thumb drives, or lots of other ways.
Exploitation. The delivered payload activates within the targeted system and essentially opens the door for the attacker to have continued access. This is the beginning of the actual compromise.
Installation. Once the hacker gains access to the system, they install other malicious software (“malware”) that gives them remote access and the ability to move around the hacked network. They can also remotely update the malware so that it becomes more powerful and harder to detect.
Command and Control (C2). Once the malware has been installed on the target, the hacker establishes the ability to communicate with and control the compromise via an external server or network—this reduces their “signature” and lessens the likelihood of being discovered.
Actions on Objectives. The hacker now either conducts a computer network attack or computer network exploitation.
Ok, those are the basics. I hope that was helpful. Now go impress your friends with your new cyber knowledge.
When Tech Goes to War
You will frequently read and hear me say that the national security burden is shared between the government and the private sector—particularly the technology industry. I believe this because the technologies that will shape and win tomorrow’s wars—artificial intelligence, robotics, biotechnologies, etc.—are overwhelmingly being developed by private companies for commercial applications.
If you want to know more about why I think this is happening and what I believe it means for the future, you can read my essay in National Affairs, The New Superpowers: How and Why the Tech Industry is Shaping the International System.
But this reality is also on full display in Ukraine, where tech companies are playing critical roles in protecting innocents, constraining Russia, and even enabling the Ukrainian military.
I’m confident we’ll discuss these developments further over the coming weeks, but here’s a quick rundown of just some of the actions tech companies have taken in response to Russia’s invasion of Ukraine:
Elon Musk is providing his Starlink satellite internet service for free in Ukraine, in an effort to ensure the government and its civilian population have access to internet communications in the midst of Russian cyber and kinetic attacks.
Microsoft’s Threat Intelligence Center (MSTIC) is detecting and mitigating destructive cyberattacks directed against Ukraine’s digital infrastructure.
Apple has stopped all product sales in Russia and exports to Russia. The company is also pulling Russia Today and Sputnik News (two state-run media outlets) from the app store outside of Russia and is disabling traffic data on Apple Maps in Ukraine.
Google’s Threat Analysis Group is also battling Russian hackers and disabling maps traffic data in Ukraine.
Facebook is doing real-time threat monitoring and labeling content from all Russian state media. It is also prohibiting these outlets from advertising or monetizing on the platform anywhere in the world.
Twitter and several other social media companies have issued instructions to users in Ukraine on how to secure their information, turnoff geolocation data, and generally protect themselves from Russian cyber threats.
The Premise micro-tasking platform has suspended all of its operations in Ukraine for fear that Russia might leverage users’ geolocation data for targeting or other purposes.
The bottom line here is that private technology companies are playing a critical role in preservation of human life, the protection of sensitive data, and the conduct of war. While I’m sure none of these companies’ founders ever intended to have such wartime influence, they have it and need to get used to it. Because it’s not changing anytime soon.
That’s it for our first edition of The Current. Be sure to comment on this post and to share this newsletter with your family, friends, and followers. Thanks again for taking the time and I’ll see you next week!