Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schmidt Predicts Digital Sky Is Falling

Posted by michael on from the dict-cullion dept.

Danse writes "Former Microsoft security chief Howard Schmidt now works for the government as the vice chairman of the Critical Infrastructure Protection Board. According to this article on Security Focus, he has been touring the country, proclaiming the dangers of "zero-day viruses" and "affinity worms" that will create the kind of havoc that nothing else short of a nuclear exchange could cause. "Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005!" How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?"

9 of 506 comments (clear)

  1. I didn't know all IP = Internet by stuyman · · Score: 5, Informative

    While it seems that the phrase "snake oil salesmen" has passed out of the vernacular in favor of "really good excuse to sell product," Schmidt is really nothing more than a fearmonger. While I could imagine a worm moving through the internet fairly quickly, I can't imagine it doing too much serious harm. I mean, nothing could be much more serious that code red or Melissa or something. The net is fairly heterogeneous, so if a big chunk of end-user windows machines become infected, who gives a crap? Worst thing is a slight dip in sales at Amazon or buy.com, and McAfee, Symantec, etc get some new sales. Even a windows machine can be armored against these things if you try. Also, spreading instantly isn't even feasible. It takes time for a machine to find connected hosts, transmit and process things, etc.

    What worries me most is this absurd prediction that traffic lights and the power grid etc will become part of the internet. There are no good reasons for traffic lights to be on the public internet, and lots of good reasons for them not to be. However, there are lots of good reasons to control such things by computer, and the best way to take advantage of this is by using economies of scale through the use of commodity hardware. In other words, over TCP/IP. So, the traffic light network assigns all lights an IP address. This isn't the same as being on the internet. And despite all the fearmongering it's unlikely to happen.

    Remember, these people have been predicting critical infrastructure death for 10 years, and their theoretical net-wide worm actually hit 14 years ago! Be fearless, build firewalls, and update your software, and ignore this moron (though if you can use it to convince your boss you need a new dual 1.5ghz machine with a giant plasma display, go for it...)

    --
    Q:Doctor, how many autopsies have you performed on dead people?
    A:All my autopsies have been performed on dead peop
  2. Re:Wait a minute... by mgibbs · · Score: 2, Informative
    I knew it was going to happen, just not this soon..
    Is this the kind of FUD we're going to come to expect from security focus now that they sold out^H^H^H^H^H^H^H^H are under the symantec "corporate umbrella"?

    Actually, the article is by George Smith of SecurityFocus criticizing Howard Schmidt formerly of Microsoft fame. (The write-up incorrectly combines these names.) Read the article before you post next time...

    --Matt

  3. The Importance of Hardware and Software Diversity. by jellomizer · · Score: 4, Informative

    This is mostly all garbage because there is still to much hardware and software diversity. Sure this could POSSIBLY HAPPEN if everything was running off Windows on an x86 chip. But still now that is not the case There are still differnt breads of processors SPARC, MIPS, GX, ARM, Aplha, etc... And there are differnt Operating Systems that run each Processor. So making a killer worm that will distroy all Computers is near impossible because there is to much diversity. and I for one would want to keep it that way, actually I want to get more diversity. More different ways of solving the same problems is a good method each set may have bugs and holes but each one will be a different set of bugs and holes. Just as long as we dont follows MS idea of using a x86 chips and XP for every thing eltronic we should be OK.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  4. Re:Must be a joke. by mikvo · · Score: 5, Informative
    I hate to spoil the party, but traffic lights are already controlled via TCP/IP networks. And although these may not, technically, be "public" networks, they can still be hacked into. Have you ever taken a look at how advanced some of the ITS (Intelligent Traffic Systems) are these days? I happen to work at a state agency on their ITS system, and I can assure you that we are already on the edge of that very thing.

  5. They've been in bed together for a while by drew_kime · · Score: 3, Informative
    From a March 2000 press release:
    The Information Systems Audit and Control Association (ISACA) has been invited and has agreed to serve as a member of a newly created public-private initiative, the Partnership for Critical Infrastructure Security.
    ...

    An initial, formative meeting of the Partnership was held in December 1999 in New York City. The meeting was hosted by [list of names] and Howard Schmidt, Chief Security Officer, Microsoft.
    This has been in the works for over two years. Schmidt was involved from the beginning in defining the scope and purpose of the position he now holds. Microsoft has been involved in the process throughout the time they were responsible for the most disruptive, expensive virus/worm attacks in history.
    --
    Nope, no sig
  6. TLA. by Noryungi · · Score: 3, Informative

    This is what I have to say to Mr Schmidt:

    Y2K

    The end of the world was predicted. Nothing happened. Why? Because good people worked their asses off and prevented the Y2K "damage".

    Hint: want to avoid 90% of all problems on the Internet? Follow this three step program:

    1. Avoid ALL M$ products like the plague.
    2. Whatever system you use, keep it up-to-date, apply the patches and the security upgrade religiously.
    3. Whatever system you use, lock down all un-necessary services and ports.
    4. Whatever you do, don't put everything on the Internet! Pacemakers, energy grid and air-traffic systems don't have anything to do on the Internet. period.

    And no, I won't buy Palladium just because it's the One True Technology That Will Save Our Sorry Asses From Evil Hackers! ;)

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  7. Yes, there's a Windows-based pacemaker controller by Animats · · Score: 4, Informative
    The PaceArt 2000 is a desktop Windows-based system for doctors which interfaces with pacemakers over a short-range RF link.

    See their download page.

  8. Some pacemakers ARE remotely accessable. by Ungrounded+Lightning · · Score: 5, Informative

    Anyone who engineers anything as critical as the controls to a pacemaker or a traffic light to be remotely configurable or writable is just asking for trouble.

    Unfortunately, remote adjustment of medical implants (including pacemakers and drug-delivery systems) is sometimes life-critical, often greatly health-enhancing. So many of the devices are remote-accessable. Some of them (such as implanted defibrilators) also log info about the patient (i.e. when / how many times he had to be de-fibbed) and can be interrogated remotely.

    But "remotely" means "via a nearby inductive loop (or the like) on a special-purpose device", not an internet link. (The interrogation device, of course, will have a computer in it and might be networked - but that's a separate issue.)

    But don't you think the people who design the device and its software don't KNOW that? Medical device hardware and software is built by engineers working to a standard above that of telephony, which is in turn far beyond mil spec. (Yes you can get screwups. But they really do put in the effort. The management knows that killing a couple patients will kill the company, and they have the money to pay for good work rather than cutting corners.)

    anything that has incoming can be flooded to death whether it wants to respond or not

    Not true. Anything with an incoming link can have the link itself DOSed and taken down for the duration of the interference. Any radio can be jammed, too. But a communication module can be designed so that it doesn't exhaust resources needed by the rest of the system, and so that it will recover from the exhaustion of its own resources as soon as the attack ends.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  9. Traffic lights *can* be controlled from the web by throx · · Score: 3, Informative

    They don't have to be on the net. I used to work for a government department that controlled traffic lights. From my workstation I could change the state of almost any traffic light in the state. From my workstation I could also browse the internet.

    Consider then a virus that allowed someone to put a back door into my workstation. They would then have the ability to sniff passwords and ultimately give them control over the traffic lights.

    A similar thing could be said for any device which can be controlled from a machine which is either connected to the net, or can be accessed by other machines ultimately connected to an untrusted network.

    While the chance is slim that any of this could happen, don't discount the possibility just through your ignorance of how these systems could be attacked. Sure the traffic lights aren't directly connected to the net, but that's not the point.

    --

    Fear: When you see B8 00 4C CD 21 and know what it means