Slashdot Mirror
US Prepares for Eventual Cyberwar
The New York Times is reporting on preparations in the works by the US government to prep for a 'cyberwar'. Precautionary measures are being taken to guard against concerted attacks by politically-minded (or well-paid) hackers looking to cause havoc. Though they outline scenarios where mass damage is the desired outcome (such as remotely opening a dam's gates to flood cities), most expect such conflicts to be more subtle. Parts of the internet, for example, may be unreachable or unreliable for certain countries. Regardless, the article suggests we've already seen our first low-level cyberwar in Estonia: "The cyberattacks in Estonia were apparently sparked by tensions over the country's plan to remove Soviet-era war memorials. Estonian officials initially blamed Russia for the attacks, suggesting that its state-run computer networks blocked online access to banks and government offices. The Kremlin denied the accusations. And Estonian officials ultimately accepted the idea that perhaps this attack was the work of tech-savvy activists, or 'hactivists,' who have been mounting similar attacks against just about everyone for several years."
"Make cyberlove, not cyberwar!"
Looks like you were right; FTA:
"..through the industrial remote-control technologies known as Scada systems, for Supervisory Control and Data Acquisition. The technology allows remote monitoring and control of operations like manufacturing production lines and civil works projects like dams"
Words fail me.
Welcome to the whitehouse.gov administration panel, please enter your 6 digit password below:
_ _ _ _ _ _
Access granted! Hello Mr. President,
would you like to...
[1] Raise taxes
[2] Open floodgates
[3] Administrate the US Army
[4] Launch nuclear warheads
[5] Play online poker
Not all that unusual. I was visiting a water treatment/chlorination plant in the UK a few years ago (for complex reasons related to archaeology rather than anything particularly on-topic, so it is likely that we got the Cliff Notes version). They pointed to the computer that controls the water chlorination and said 'we control this via this modem right here'. Presumably there are all sorts of security controls around actually accessing via said modem, given that we are talking about a PC controlling the quality of the drinking water supplied to maybe 20,000 people.
This doesn't matter very much anyway. TFA seems to have confused 'you can connect to it remotely via some mechanism or another' and 'anyone connected to the internet can just ssh right in/DDOS it'. FUD.
Why is it that america is always preparing for a war? a war on 'terrer', a cyberwar, a war on drugs, a war on immigrants, a war on pirates, a war on guns. When is the last time america made peace?
I guess big budgets need big reasons
funny pics
So what happens when a technically savvy bunch of folks with a point to make starts off by hijacking Microsoft Update to zombiate millions of PCs,
What makes you think they have to hijack MS Update? It seems to be a problem right now, today. Anybody who thinks this is something new is clueless. It's a problem right now, today.
A few things that can help:
1) Stop using systems that are inherently flaky. (EG: MS Windows) Move on to something that's proven to be resistant to viruses and the like. MacOSX, Linux, BSD, and other *nix variants are a good bet for the immediate future, but I'd wager that the best bet would be to revive DEC VMS! The security on that system is just simply awesome, and its reliability is second to none. Get somebody with chutzpah like Steve Jobs to make it work, and it would. Very well.
2) Demand basic, reasonable security policies in force at ISPs. The federal govt should require that ISPs should use basic technologies to ensure that packets appear to come from the right network, malformed packets are rejected, etc. and it should also provide reasonable initial funding so that they can comply with this law without undue hardship.
Another interesting thought - computers have gotten complex enough that the average person can no longer maintain them. So what if there was a way that the average person could outsource this administration to somebody else? There's quite a few ways this might work:
A) The "pool service" model - some local techie shop periodically accesses your computer (either physically or remotely) and performs a routine maintenance, fixing security holes, ensuring updates are done, performing backups, etc.
B) The "terminal" model - rather than store all your data/files on your local machine, your local machine becomes a dummy terminal, and you access your data and programs remotely. Something like the "terminal" that was common on mini and mainframes in the 1980s. Think Google office? This may be where Microsoft goes with their 'Windows Live' service, and where Linux goes routinely with X11.
C) The "Updater" model - almost in place now, you pay a subscription fee to have software downloaded automagically that takes care of security issues. The main point here is that for this to work, it has to provide a strong assurance of quality, which this does not.
Man, got windy on this post. Hope you enjoyed it!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
OP is right, and he's optimistic about our defenses. Even the military practices "network security" at only a childish level. Most users have no clue how security works, and our military's network security training is horribly remiss.
And of course, the OP only outlined a few attacks that can be conducted from the safety of an office somewhere remotely. We face an enemy who isn't at all afraid to blow stuff up, even if it means the explosives are personally delivered. Anyone take a look at the physical security on a dam recently? Storage sites for nuclear waste? Ferries, busses, trains?
We are ripe for attack from a small team of well-funded and determined enemies, and we're not doing enough to prepare for it.