Slashdot Mirror
US Most Vulnerable To Cyberattack?
alphadogg writes "Several nations, most prominently Russia, the People's Republic of China and North Korea, are already assembling cyber armies and attack weapons that could be used to attack other nations. Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control, it's particularly vulnerable to the denial-of-service attacks, electronic jamming, data destruction and software-based disinformation tricks likely in a cyberattack. Here's what ex-presidential adviser Richard Clarke, who is releasing a new book called Cyber War, and others are saying needs to be done to keep cyberwars from escalating into full-scale combat."
They have super duper ultra evil weapons that only those in the upper echelons (hehe) of the government know about! Give up more of your freedoms, citizen!
Same damn tune.
I'm in InfoSec - vulnerability assessment and remediation. I used to see him speak in the Clinton years, when he'd toot the f-ing horn, how he had Big Bill's ear about this. After 911 he went on a book and lecture circuit.
Bullshit then, and now.
"Flyin' in just a sweet place,
Never been known to fail..."
As nearly anyone working on the "front lines" of security will tell you, most companies don't really care about security past some low level of lip service. Corporate networks [nearly] always have firewalls, but most of the time the IT staff is paid to care more about restricting employees from 'wasting company time' than in managing advanced multi-level defenses (why most networks are 'crunch on the outside, soft and chewy on the inside.') Equipment and software vendors provide password level security, often with authentication integration into LDAP/AD, but rarely support real tokens or PKI's backed by an HSM, as most companies don't want to pay for a real HSM (and with post dot bomb price escalation, that's often understandable - $40k for a 1U server with layered tamper switches and a custom app?) CSO's are treated as a cost center along with the rest of IT, and its often the policy to force people to keep quiet when major breaches occur. Its simpler and cheaper to make sure the board and stockholders don't know how often the databases and repositories are exported to FTP sites in China than to actually make it really difficult to succeed, as real security often costs real money. There's a whole underground industry of targeted penetration, as ethics and patriotism fall to greed - the underlying problems are far deeper than basic "cybersecurity".
Indeed, that prefix really makes no sense. To quote Ted Nelson:
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
They could use a data diode to make a read-only copy of the flight tracking information available to all, with zero risk to the air traffic control network. These devices are in use by goverments to protect really secret stuff... so they should work for this as well.
Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control,
Given that every country in the whole world is dependent on the same technology for literally everything --down to irrigation control in agriculture in some cases-- it doesn't seem to me like the USA are automatically the "most" vulnerable country.
Alright, the US has been the host of the most part of the internet for years. It's been the main, or one of the main, repositories of technology worldwide, for years. And yes, it's been the place where the most renowned cybercrimes were perpetrated... for years. But then, and for the same exact reasons, it's one of the places where security has been taken seriously the earlier... (right?)
Oh, was it just a book presentation? Written by a former government advisor? Nevermind.
Mostly harmless.
A noble goal. Forget trying to prevent cyberwars, but definitely contain them so that there is no actual physical combat. That way there are no real casualties, right? Somehow this instantly reminded me of the Star Trek episode "A Taste of Armageddon" (http://memory-alpha.org/en/index.php/A_Taste_of_Armageddon_%28episode%29) where two societies wage war using computer simulation, but with real human casualties. Star Trek really was ahead of its time on so many levels.
That's not analogous at all. (...) At the end of the day, the argument you make is disturbingly similar to: because Neo-Nazis just post the details of people they want assassinated that they aren't themselves responsible, when it's almost certain that given and address and a motive somebody will follow through
Please, do point out to me where I said that it was analogous. What I did say is that
It's very different from saying "a group of cyberterrorists is in principle capable of hijacking our servers and messing with our communications", and more like saying "Iraq has WMD, let's fuck their shit up" - also without evidence.
which is very different from your Neo-Nazi analogy. By the way, how is that different from when the police or news outlets divulge photos and information on wanted criminals? someone might decide to hunt them down and do justice with their own hands as well. Or is the fact that the known criminals happen to be missing somehow a merit of the people who are setting the hounds on them?
Your example is extreme, and it is not even close to the point. A government cannot be blamed for the isolated actions of a minority group of citizens, so it is very relevant whether they authorities sponsored the attacks or not. And as long as Russian property or the rights of Russian citizens are not being harmed, the Russian government has no civic obligation to stop these attacks, unless it is a part of an international treaty that says otherwise.
Nothing lasts forever but the certainty of change.