Big Tech S3E10: Nicole Perlroth On the Cyber Weapons Arms Race

Listen to this week’s new episode of Big Tech, where Taylor Owen speaks to Nicole Perlroth, how the way in which nation-states go about acquiring cyber weapons through underground online markets creates an incentive structure that enables the entire cyberwarfare complex to thrive while discouraging these exploits from being patched.

In this episode of Big Tech, Taylor Owen speaks with Nicole Perlroth, New York Times cybersecurity journalist and author of This Is How They Tell Me the World Ends: The Cyberweapons Arms Race. 

Nicole and Taylor discuss how that the way in which nation-states go about acquiring cyber weapons through underground online markets creates an incentive structure that enables the entire cyberwarfare complex to thrive while discouraging these exploits from being patched. “So they don’t want to tell anyone about their zero-day exploits, or how they’re using them, because the minute they do, that $3 million investment they just made turns to mud,” Perlroth explains. As Perlroth investigated the world of cyberwarfare, she noticed how each offensive action was met with a response in kind, the United States is under constant attack. The challenge with countering cyber-based attacks is the many forms they can take and their many targets, from attacks on infrastructure such as the power grid, to corporate and academic espionage, such as stealing intellectual property or COVID-19 vaccine research, to ransomware. “The core thesis of your book,” Taylor reflects, “is for whatever gain the US government might get from using these vulnerabilities, the blowback is both an unknowable and uncontrollable uncontainable.” 

Early on, Perlroth was concerned about the infrastructure attacks, the ones that could lead to a nuclear power plant meltdown. However, the main focus of cyberattacks is on intelligence and surveillance of mobile phones and internet-connected devices. There is a tension between Silicon Valley’s efforts to encrypt and secure user data and law enforcement’s search for tools to break that encryption. Several jurisdictions are looking to force tech companies to build back doors into their products. Certainly, providing access to devices to aid in stopping terrorist attacks and human trafficking would be beneficial. But back doors, like other vulnerabilities found in code, can be weaponized and used by authoritarian regimes to attack dissidents or ethnic minorities. 

Cybersecurity is a multi-faceted issue that needs to be addressed at all levels, because the nature of cyberwarfare is that we can no longer protect just our physical borders. “We have no choice but to ask ourselves the hard questions about what is in our network and who’s securing it — and where is this code being built and maintained and tested, and are they investing enough in security?” says Perlroth.