Slashdot Mirror
There Is No Cyberwar
crowfeather notes an interview with cybersecurity czar Howard Schmidt that Wired's Threat Level conducted this week. "Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing. 'There is no cyberwar,' Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco. 'I think that is a terrible metaphor and I think that is a terrible concept,' Schmidt said. 'There are no winners in that environment.' Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage. His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it. ... There's been much ink spilled in recent years over the turf battles in D.C. over whether the NSA (representing the military) or DHS (on the civilian side) takes the lead role in cybersecurity. But... "I haven't seen that tension," Schmidt said. As for which will take the cybersecurity lead, Schmidt simply says it's a shared effort."
I have actually always wondered about this. I remember how we had to write a school subject about "chinese superhackers" newspaper article in the early 2000's. The Google thing was also showed off to be a work of amateurs, not some Chinese superhackers working for their government. For me it just starts to look like trying to put fear into people for whatever personal reason. "Chinese hackers working for their country to break into US systems" sure sounds cool and creates fear in people, but is there any actual truth behind it? As it is now it's almost like cold war carried over to new technological area. It also looks to be a common thing here on slashdot too - without actually even questioning if theres any truth behind it.
... we have always been at war with Eurasia.
XML is a known as a key material required to create SMD: Software of Mass Destruction
It's not a war if only one side is putting up a fight.
The higher the technology, the sharper that two-edged sword.
He's been in office THREE MONTHS and he's not only got a handle on this, but is proclaiming that nothing is going on. WTF?
This guy sounds out of touch, like he is more concerned with the politics of appeasing China than the job of securing our country. Can we somehow get this guy removed from office for incompetence?
Are you telling me I planted my Cyber War Victory Garden and bought Cyber War Bonds for nothing?!
There is no Cyber-War ...and these are not the droids you are looking for.
You can say there's no war because there's no structure. That's quaint. You're lying about it, if for no other reason that our own military's cyber 'forces'.
The risks are real and the burden is being carried by civilians. Just like it was out on the last frontier. Eventually larger and larger organizations will come into conflict and some will aptly begin to label that as 'war'.
There is no war, but if you use IE, acrobat and flash, you are standing up in a front-line trench. It is only a matter of time before a bullet hits you in the head.
Ok, ratings out of 10 for this analogy.
There is no spoon.
Athy, athier, athiest.
The chocolate rations went up.
Mit der Dummheit kämpfen Götter selbst vergebens
This is just a brief note to non-Americans, to help you avoid some potential confusion.
The following is from the article:
There's been much ink spilled in recent years over the turf battles in D.C. over whether the NSA (representing the military) or DHS (on the civilian side) takes the lead role in cybersecurity.
Keep in mind that in this context, "civilian" means "transnational corporations".
Sounds familiar?
Yet Another Tech Blog
(but so much more, including game and movie reviews)
http://yanteb.peasantoid.org
You don't need religion. You don't need dogma. You don't need issues.
They're all rooted in basic primal emotions..
You just need to instill fear in people, and they will give you that much more power, status and sex.
Best way to gain power and stop intelligent discussions is to start a war.
You've just given me an idea for Teenager Top Trumps.
Player1: Average fat +40kg ...Awww
Player2: Average fat -30kg
Player 1: Erm, Indoctrination 500
Player 2: Indoctrination 9000+
Woot!
Does this mean that the Information Superhighway has NOT become the Information Western Front?
The US owns the sea. the Chinese know this. Their sub technology is borrowed from the Soviets, and the Akula class is a barge underwater and it's all they got, and their Navy sucks.
The US has shown it possess the technology to splice underwater fiber cables and tap them. Google it, they've already done it in the North Sea.
And that is the trump card. China launches a major offensive against the world, they better have routes down through Korea, because every trans-pacific cable leading to the mainland will get cut in minutes.
FBI director warns of 'rapidly expanding' cyberterrorism threat
This "there is no cyberwar" business plays right into Singel's agenda that anything related to cyber war is really a conspiracy to kill the open internet.
All the "cyberwar" stuff may be overplayed, and no, we're not in a "war", per se, at the moment, but we are most certainly unprepared, as are many open, information-dependent societies...
If it's a war, then the Constitution requires Congress to declare it. We have wars on poverty, drugs, terrorism; why do we need to further dilute what it means to be at war? I find Schmidt's comments refreshing; perhaps we could have a rational discussion about security without needlessly ratcheting up the fear machine. Traditionally wars had beginnings and endings -- that is to say, they had structure (not to be quaint). When we're eternally at war with concepts, it numbs the sentiment.
The wheel is turning, but the hamster is dead.
In this case given that nobody is actually getting shot civilians in the form of sys admins and programmers are far better equipped to fight this one.
They're more numerous, they're just as skilled and they're on their home ground.
I think all that China is doing is not employing bored script kiddies. From all accounts these hackers have no day jobs. Our biggest online security threats come from people trying to trick folks into clicking links about viagra and SEE BRITTANY SPEARS NUDE!
This means we can fire Howard Schmidt since his position is not needed and we can put his salary towards the Fed. deficit.
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
We had a War on Poverty, and poverty increased.
We had a War on Drugs, and drugs increased.
We had a War on Terror, and terror increased.
So, yeah, let's have a War on Cyber, and maybe cyber will increase too. Cybernetics? Cyborgs? Cyberspace? Cybering? I guess you take the good with the bad.
-- 77IM
Student: Is it true that the foundation of the universe is paradox?
Master: Well, yes and no.
If only they could apply the same rationale to the "drug war".
In a war both sides are fighting... but so far, only the bot(net)s are attacking, and what the "attacked" front does efficiently is giving them more drones. Is not war, is harvest.
The First Rule of Cyberwar is...
Watch out for the following: "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
Don't fight for your country, if your country does not fight for you.
I'd call it "the daily life of a firewall". Seriously, check your firewall logs. Mine are being "attacked" every hour of every day and I'm not a military installation.
If you ask me, most of the rhetoric one hears from government officials is more about money than anything else; warning of a 'rapidly expanding cyberterrorism threat' is mainly scaremongering that translates to 'give us a bigger budget than ever'. Not saying there aren't vulnerabilities; certainly there are, just look at all the Windows botnets and viruses (and nowadays PDF seems to be a primary attack vector). If there was a "cyberwar" already being waged, it would probably already have been lost. But giving more money to some state department to employ a building full of people somewhere to 'tackle the problem' is hardly going to fix things like IE and Adobe's PDF reader.
These aren't the droids you're looking for!
The internet is essentially a massive number of walled communities.
There is nothing that any potential adversary could do which isn't already being done by the botnet herders and we seem to be doing fine despite them.
In any case I see little or no way in which the government could do a better job than the current crop of sys admins.
It sounds right out of When Mars Attacks, misdirection. We need Articles of Impeachment, before these people (run by the International bankers) can fully crash the global economy. Converting the Internet to their police state grid is just part of their plans. But while we can still communicate over the Internet, there is still time to impeach and throw a wrench in their plans.
IBM has recently started directly laying off American developers and replacing them with Chinese developers working in the "CDL labs". They're doing this for code designed to run on System z mainframes, such as Rational HATS (half the team just moved to China in the past couple of weeks). The main reason why companies use System z at all is because it's supposed to be ultra-secure, and therefore it is used for the most sensitive of processes (like banks, etc...). How unrealistic would it be for a Chinese developer (either willingly, or coerced by the Chinese government) to plant security holes in IBM mainframe products? They did it with Google...isn't it logical that they'd also be trying to target IBM? It scares the heck out of me thinking how many Fortune 500 companies that use System z for their ultra-secure mainframes might be getting exposed to Chinese corporate espionage.
So does he just not getting the data from his IT people on the constant SSH scans and Remote Desktop attacks aimed at every computer on the network?. And we are suppose to think this isn't a concerted effort by foreign entities to take over US government property and steal information? I guess it's just a bunch of vitamin 'D' deprived adolescents doing it.
It all starts at 0
This is just a prelude to cost cutting. No cyberwar, no funding required.
just wait until they run into real missile-toting kangaroos!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The problem with kneejerk cynicism and paranoia is that if (when) there is a real threat we might not be prepared to respond to it. We might choose to not respond. Maybe the boy shouldn't be crying wolf so often, but the village should at least think about what to do when the wolf comes calling.
Let's take as a given that there is no cyberwar. Does that mean that China, Russia and anyone else with an interest in hurting the US isn't working on a plan to attack us? They might be able to keep a secret. The plans we make to thwart a cyber attack might be useful in dealing with some unforseable problem.
Are we pretending that the internet is unimportant to our economy and culture just because we don't trust anyone over 30?
If a panel of Hitler, Stalin, Pol Pot, George Bush, a box of hair and Jeffrey Dahmer advised us to look both ways before crossing the street it would be good advice. We shouldn't dismiss what the gov't says out of kneejerk mistrust. Even if the gov't is out to get YOU (unlikely), they might be right about something anyway. Sure, we should question their motives and approach but on the merits of the claim... not by "is he wearing a suit".
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
...he would re-release that same statement, with:
s/cyber.?war/terrorism/i
Then we would start to get somewhere... and maybe fix more important problems.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
What amateurs use zero day exploits alongside rootkits? Tailoring their hacks to specific companies?
You should read the security considerations from iSEC https://www.isecpartners.com/files/iSEC_Aurora_Response_Recommendations.pdf regarding the "Aurora Response Recommendations". The truth is that every organisation has some people that are a liability on the internet.
Apparently Google found over 30 companies had been totally compromised - and over 100 had been targeted. Of course it's probably not the same gang, as Gary McKinnon said, there are loads of people from all around the world hacking into insecure systems. Some for fun, some to see secret / privilledged information.
Of course the new guy says, don't worry folks everythings OK, there is no war. That is because hacking is not about distruction, it's about knowledge. In the right hands, knowledge really is power.
Hmmm... State sponsored attacks, carried out from known state funded locations, with state controlled hardware, by personnel under the direction and pay of representatives of a state - what the heck other definition does one need?
Of course, this is the administration that doesn't see attacks on the US from a group funded by other governments as a war either, so I guess I shouldn't be surprised.
The military generally calls a spade a spade, so they will see it for what it is, a war. Just one in which no one has directly been killed - although we'll conveniently close our eyes to that pipeline that blew up because someone monkeyed with the sensor feedback mechanism...
Just like there was No Such Agency back in the 1950'ties and 1960'ties ?
It's more like this shit has been going on since the public internet exploded in 1994. (Actually before that even.)
What we really need is a more security conscious culture and more competent and caring admins in the govt. Not some attempt at eroding privacy and giving control to some politicians. (As that cyberwarwafe simulation attempted to convince us we needed.)
There was once a time in the 80s where one guy w/ a bug in his experimental self replicating worm code brought the entire internet to it's knees. There's always been people running attacks on various hosts on the internet and it will only grow as the technical competence of the world increases over time and as the population grows and there are more bored teenagers and full blown asshats out there.
As a matter of fact, the Homeland Security Advisory System has never been set to either of the two lowest (out of 5) levels.
It's nothing but fear-mongering.
Do what thou wilt shall be the whole of the Law
So what do we do? We improve our fucking infrastructure. China is not going to attack our infrastructure and attempt to kill Americans and cripple our country. Why? For starters, they'd lose the money they invested in us. Additionally, their economy is hugely dependent on us. If America falls, China and most of the developed world falls. Lastly, how would America respond? In all likelihood, with nuclear weapons. Our best bet is to improve our infrastructure and when we trace back hackers to a government, we retaliate just as we do in all other forms of espionage- with political and economic sanctions.
Good ol' politicians spreading FUD. The stakes are higher, but the problems are still the same at the core.
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
Peace in our time?
-- Wodin
An official report released Friday said the number of attacks on Congress and other government agencies had risen significantly in the past year to an estimated 1.6 billion every month.
C'mon. The jackass is hired to be Microsoft's number on apologist. His office can now be abused to cover the situation up. If he admitted to the cyberwar that has been going for two years at least, then he'd open the door to an investigation of the situation the US finds itself in and how it got there. He and the other Microsoft party members would find themselves in very hot water, fast.
Besides, with all the Microsoft products permeating even military bases, it's not a war it's nasty beating.
It's only a war if it's possible to fight back. The US is permeated with Windows, which is a system designed to be taken over back door or outright bad design security hole. There's no reason why any Microsofter, from your average asshole MCSE on up to the party chairman Bill Gates should be walking free. It's one thing for them to be racketeering and destroying the US' ability to compete in research or industry. It's an entirely additional problem once it affects national defense and standing. From Bill's party, we've already had a sampler of navy ships dead in the water, power blackouts, disaster recovery clusterfucks, air traffic outages, and many hundreds of billions of malware damage.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.