The Hysteria of the Cyber-Warriors

Willfro sends in a piece by Evgeny Morozov at the Boston Review about the hyperbole and the reality of "cyber war." Quoting: "At the end of May, President Obama called cyber-security 'one of the most serious economic and national security challenges we face as a nation.' His words echo a flurry of gloomy think-tank reports. Unfortunately, these reports are usually richer in vivid metaphor — with fears of 'digital Pearl Harbors' and 'cyber-Katrinas' — than in factual foundation. So why is there so much concern about 'cyber-terrorism?' Answering a question with a question: who frames the debate? Much of the data are gathered by ultra-secretive government agencies — which need to justify their own existence — and cyber-security companies — which derive commercial benefits from popular anxiety. Journalists do not help. Gloomy scenarios and speculations about cyber-Armaggedon draw attention, even if they are relatively short on facts."

Ignorance Leads to Fear Leads to Profit

[eldavojohn]

Unfortunately, these reports are usually richer in vivid metaphor -- with fears of 'digital Pearl Harbors' and 'cyber-Katrinas' -- than in factual foundation. So why is there so much concern about 'cyber-terrorism?'

Because no one fully understands it. And not understanding something can easily lead to fear. And those standing to make money off that fear (journalists, contractors, agencies) are unashamed to exploit it.

I'm a computer scientist and I don't even understand or know about every potential vulnerability. It's simply too complex ... and that's easy to turn into fear when you're talking to the people who are in charge of protecting us from threats. And the potential mitigation techniques are another endless myriad of complex software/hardware. All I can say is that it is highly unlikely that a Live Free or Die Hard 'fire-sale' scenario will happen. I can't in good conscious tell you it's impossible. I can tell you that the probability of it happening within a year would most certainly be dealt with in multi-digit negative powers of ten. Then there's the possibility of lesser attacks which are highly probable but I feel that the cost-risk ratio is all messed up. Again, I believe this is due to ignorance.

You get into a weird sort of emperors-new-clothes kind of situation when the only people who understand your problems are also the ones trying to sell you a solution. And they're just not being openly honest nor realistic with you.

Re:Ignorance Leads to Fear Leads to Profit

[FriendlyLurker]

Not to mention that in the process of securing against the "cyber-terrorism" bogeyman, an big added benefit for ruling elites will be removing net anonymity and related speech in the name of national security, bringing all those blogs and uncontrollable information channels under heel in a more hierarchical system - or at least more accountable to an "authorized views", type system - ("Take down that anti-war protest site and uncensored video footage - preempt information warfare against our war, sir") and of course, only authorized p2p channels and protocols allowed in this future we are manufacturing, thanks.

Re:Ignorance Leads to Fear Leads to Profit

"I'm a computer scientist and I don't even understand or know about every potential vulnerability. It's simply too complex"

And yet you're claiming that "the probability of it happening within a year would most certainly be dealt with in multi-digit negative powers of ten."

Not sure where you're getting your confidence from. You've basically just said that these complex systems are extremely vulnerable. Meaning, even you can't be clear to what extent these vulnerabilities can be used to cause damage.

Comment removed

[account_deleted]

Comment removed based on user account deletion

No "cyberwarriors needed", first round

[SgtChaireBourne]

Look, for the first round of clean up no "cyberwarriors" are needed. We just had yet another article about how single city, for a single Windows worm, lost millions due to clean up. In that case it lost over $2.5 million, including rewarding the designers of the security flaws to the tune of $1 million. Knocking down a water tower would probably cost less to repair. So why are not the defense and law enforcement agencies stepping in here?

It's not a nameless or faceless "terrorist" group that is costing our businesses, shutting down our infrastructure, tangling our air traffic control, our power grid, or our hospitals. The people promoting Windows and Microsoft technologies have real names and faces and walk among us every day. Take them out and we've won the first round. It could be as simple as organizing a large scale round up under the RICO Act.

From there we can go on to hardening the net with IPv6 and dealing with the usual intelligence / counter-intelligence activities. But the first step, before we can stop the economic bleeding is to deal with the cause of the problem: the people who promote and profit from known defective technology.

Re:Are you kidding?

[TerranFury]

Yeah, but it's not cyber-"terrorism;" nothing is going to blow up. It's just espionage.

Plus, I've got to wonder how much of this is truly "hackers" from the outside, and how much is just the result of employees taking data with them -- whether they're just being sloppy, or actually malicious (e.g., ethnic Chinese with misplaced loyalties (god do I hate nationalism)).

Whatever the case, without disclosure for each "incident" of what actually happened in technical terms, we the public will never understand what's going on at any level besides "OMG HACKERS" -- which can mean anything.