Slashdot Mirror
US Most Vulnerable To Cyberattack?
alphadogg writes "Several nations, most prominently Russia, the People's Republic of China and North Korea, are already assembling cyber armies and attack weapons that could be used to attack other nations. Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control, it's particularly vulnerable to the denial-of-service attacks, electronic jamming, data destruction and software-based disinformation tricks likely in a cyberattack. Here's what ex-presidential adviser Richard Clarke, who is releasing a new book called Cyber War, and others are saying needs to be done to keep cyberwars from escalating into full-scale combat."
Quis custodiet ipsos custodet
The mind conceives, the body achieves, the spirit manifests.
...to back any of this up.
Nothing lasts forever but the certainty of change.
Pray tell, why should a system such as Air Traffic Control even be accessible on a public network such as the internet? To the best of my knowledge air traffic controllers aren't allowed to telecommute. Why aren't networks such as this hardened and kept off public networks?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
They have super duper ultra evil weapons that only those in the upper echelons (hehe) of the government know about! Give up more of your freedoms, citizen!
As long as the US outsources IT, it is to be expected that there will be those that will challenge our preeminence in any field related to IT.
The mind conceives, the body achieves, the spirit manifests.
Another govt stooge in management like Melissa Hathaway that lacks a background in computer security and only knows what layers of bureaucrats said. Maybe he is qualified to be a CIO?
Same damn tune.
I'm in InfoSec - vulnerability assessment and remediation. I used to see him speak in the Clinton years, when he'd toot the f-ing horn, how he had Big Bill's ear about this. After 911 he went on a book and lecture circuit.
Bullshit then, and now.
"Flyin' in just a sweet place,
Never been known to fail..."
His OS is used 90% of US computers, including military ones. And it security holes you could sail an aircraft carrier through.
MicroSoft has been more diligent about security lately. But the damage has already been done.
Whats so special about the fact that the US is more vulnerable? Just because the government is vulnerable, that doesn't mean that everyone is vulnerable. If my proposed standard occured, a DDoS attack would actually benefit the internet.
As nearly anyone working on the "front lines" of security will tell you, most companies don't really care about security past some low level of lip service. Corporate networks [nearly] always have firewalls, but most of the time the IT staff is paid to care more about restricting employees from 'wasting company time' than in managing advanced multi-level defenses (why most networks are 'crunch on the outside, soft and chewy on the inside.') Equipment and software vendors provide password level security, often with authentication integration into LDAP/AD, but rarely support real tokens or PKI's backed by an HSM, as most companies don't want to pay for a real HSM (and with post dot bomb price escalation, that's often understandable - $40k for a 1U server with layered tamper switches and a custom app?) CSO's are treated as a cost center along with the rest of IT, and its often the policy to force people to keep quiet when major breaches occur. Its simpler and cheaper to make sure the board and stockholders don't know how often the databases and repositories are exported to FTP sites in China than to actually make it really difficult to succeed, as real security often costs real money. There's a whole underground industry of targeted penetration, as ethics and patriotism fall to greed - the underlying problems are far deeper than basic "cybersecurity".
Just as most users will never secure their PCs unless Something Very Bad happens, neither will many businesses and government agencies.
Virus and malware attacks provoke some immune response, but if we are to become strong something must weed out the weak.
Parasites, botnets, etc, aren't enough of a threat. The only thing that will provoke intelligent security practice is attacks that disrupt, disable, damage and destroy.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
There is no "cyber". It's just the internet. These politicians sound like they've been briefed out of a copy of Mondo2000 from 1994.
I bet the postage-stamp countries in Africa are LEAST vulnerable to cyber attack.
I want to delete my account but Slashdot doesn't allow it.
That's easy, the internet is all hooked up through cybernetics! Cyborgs actually have to run to carry packets of data around, that's why there are so many lag issues. But with new advances in robots it's getting easier.
Twinstiq, game news
well I requested an access to a machine where the procedure to get access are crazy (as in checking you are not a known terorist and making notarized declarations). When I had a problem login onto the machine, I sent a uncrypted/unsigned email to help@service and the admin replied by giving me a password in clear...
Or it could just be good old fashioned xenophobia
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Has anyone wonder why we need to scrap liberties in the name of security that we seemed to do fine with even during World War II or the Cold War? I mean, once upon a time, we actually had to worry about British spies (for the 19th century), German spies (two world wars), Soviet Spies (the Cold War), and yet we kept to open borders. Why now, is it, that a penny anny bunch of backwards people have us ripping up the Constitution? It's just not worth it.
This is my sig.
If they call it a war, you know what will happen to peace-time law.
Colorless green Cthulhu waits dreaming furiously.
For what I know the NK people does not have access to a computer on school, so how can they be a threat to US? Unless the "great leader" is a genius with computers. I read somewhere that he is the only citizen with Internet access on NK.
I don't know if any one saw this or takes Wired seriously for that matter, but here is an "article" about cyberwar attacks being an urban legend. There was an article on Wired a while ago about the same thing, it also brings up the idea that using the word "Cyber" is a very negative prefix for an internet based situation usually before an equally negative word like terrorism or war http://www.wired.com/threatlevel/2010/03/urban-legend/ Have at it.
Nail Randall Monroe. He's a terrorist advocating the use of computers as weaponry. http://xkcd.com/504/
Colorless green Cthulhu waits dreaming furiously.
They could use a data diode to make a read-only copy of the flight tracking information available to all, with zero risk to the air traffic control network. These devices are in use by goverments to protect really secret stuff... so they should work for this as well.
The next thing people need once they care about security is real options which make them secure. By default its not possible to run an untrusted program on a PC in a safe manner. There needs to be a way to do that. There needs to be a way to specify the capabilities a program is going to have at run time, to limit the side-effects to those designated by the user.
Useful steps in this direction include AppArmor and chroot jails on the Linux side, and SandboxIE on the windows side.
This is just lobbying for a powerful special interest group that wants lots of tax money.
The US is deployed in two nations at extreme cost. People ignore the brutal financial hit these military interventions are making. We're acting like an enraged bull. Our enemies win when they make us exhaust ourself. The military industrial complex is blind to this issue. They are a hammer that sees problems as nails--and they are self interested. The contractors are in it for the money. The military is focused on "defense." There is nothing wrong with either position--but we must DIRECT them--not let them direct us.
What worries me is overdependence on GPS. There are a small number of GPS satellites, there aren't as many on-orbit spares as there are supposed to be, and there's one central GPS control center. Migration to GPS as the primary air traffic navigational system is risky.
The satellites can survive 14 days of control center downtime, and the newer satellites with "autonav" capability can operate on their own for 180 days. If the USAF launches the ten additional satellites now being built on schedule, the system robustness will increase. But they're not up yet.
*home* broadband speed. I wonder what our enterprise fiber roll outs look like.
Non impediti ratione cogitationus.
Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control,
Given that every country in the whole world is dependent on the same technology for literally everything --down to irrigation control in agriculture in some cases-- it doesn't seem to me like the USA are automatically the "most" vulnerable country.
Alright, the US has been the host of the most part of the internet for years. It's been the main, or one of the main, repositories of technology worldwide, for years. And yes, it's been the place where the most renowned cybercrimes were perpetrated... for years. But then, and for the same exact reasons, it's one of the places where security has been taken seriously the earlier... (right?)
Oh, was it just a book presentation? Written by a former government advisor? Nevermind.
Mostly harmless.
I'm in the industry and can tell you we are VERY weak. There are relatively simple meathods an attacker could take out nearly everything inside the US. Here's a pretty simple meathod: 1. Hack several PBX's (happens all the time. Most companies don't secure them at all) 2. compile a list of every Tech support number in the US. I happened to have such a list as do most people that work for ISPs. Customer calls you, the problem is someone elses, so you transfer them. It's good to have a list. 3. Setup the PBXs to ghost call your list of numbers repeatedly. It's really easy to setup and you can hit hundreds of numbers per minute. Filling up every support que of every company, basically crippling their support infrastructure. You could even easilly get a list of all their internal numbers to. Usually they are in convenient blocks like 555-555-0001 through 9999. Start hitting all their internals as well. Companies like Cisco, HP, Dell, AT&T, everything would be completely unable to recieve phone calls. 4. Start what ever attack you want. ISPs would be completely unable to respond.
The cheapest solution is to outsource the security problem to either 1) India or 2) China. Outsourcing to China can lead to better cost benefits, but is in general less established than the outsourcing establishment already in place in Bangalore. American soldiers trained in IT can train the people replacing them in the PLA (Chinese Peoples Liberation Army) on how to keep America safe, and how to monitor America's networks. Similarly, the PLA can just take over for the Department of Homeland Security as they are already in similar roles (spying on locals, etc) and the cost savings are tremendous. Isn't it wonderful how we can save money by going with the lowest bidder? Is there no problem that Corporate Management/Capitalism can't solve? Look at the great job they have done with the whole banking sector over the past few years! Certainly an amazing job! Its left many people stupefied! I know many people refuse to admit it, but corporate management did a great job with health care prior to the Obama administration doing its changes. Corporate profits were fantastic! Its only right to refuse people to hospitals who are sick. Only the healthy should be allowed into hospitals as they cost so much cheaper to care for. Its an individuals own fault for getting sick/getting into an accident, and they should be made to suffer financially as well as physically. See, the cheapest solution is always best. Capitalism wins again! Yaaaaaay!
We still can disconnect the trunk lines and satellite feeds to any nation that tries this, and they all know it.
Besides, it won't impact the 1000 Gpbs Internet 2 that most major universities and other important things use - that runs on more secure protocols with more secure devices.
Not that it won't shut down Facebook ...
-- Tigger warning: This post may contain tiggers! --
supplie5 to private this mistake or minutes. At home, was what got me consider worthwhile
So, are people using slashdot to coordinate terrorist attacks or something? I could see if this were some kind of coherent ad for Viagra, but barring that, my only guess is that the purpose of the communication isn't obvious to me... But it must be valuable to someone, enough so to go through the effort of doing it.
A noble goal. Forget trying to prevent cyberwars, but definitely contain them so that there is no actual physical combat. That way there are no real casualties, right? Somehow this instantly reminded me of the Star Trek episode "A Taste of Armageddon" (http://memory-alpha.org/en/index.php/A_Taste_of_Armageddon_%28episode%29) where two societies wage war using computer simulation, but with real human casualties. Star Trek really was ahead of its time on so many levels.
> Here's what ex-presidential adviser Richard Clarke...and others are
> saying needs to be done to keep cyberwars from escalating into full-scale combat
How about threats of full-scale combat to keep cyberwars themselves from escalating?
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
You must be new here. I have been around since "Chips & Dips" - when Malda was famous for writing Enlightenment DR 0.9 modules and themes. He had Window Maker themes, too.
I got my UID in the first few hours that Slashdot began the system 1997, I think. I am pretty sure I am now the lowest active UID on /. - other than the original crew of Hemos, Malda, etc. (Remember "Blockstackers"? Of course you don't.) I also snagged UID 167 for Technocrat.com - when Perens used slashcode to start that site. BTW: Bruce is a 4-Digit.
You will find my posts to be pretty stylistically consistent, and related in theme, over the years. I went dark a couple of times - even pulling down hundreds of journal entries at one point - because of an unpleasant collision of my /. writing and the meatspace.
Everybody from that time (almost everybody) buggered off to Multiply.com, in the Circular Refuge. Still, I plug away, just as I did from the floor of LinuxWorld 2000 in San Jose.
But... This eBay thing could be lucrative. How much did you say they can fetch? :-)
"Flyin' in just a sweet place,
Never been known to fail..."
I mean an attack by US citizen(s) acting in the interest of foreign power. The Prague agreement should be sufficient example.
Well, in this case at least the US citizenship has been contested.