Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Most Vulnerable To Cyberattack?

Posted by CmdrTaco on from the also-most-vulnerable-to-american-idols dept.

alphadogg writes "Several nations, most prominently Russia, the People's Republic of China and North Korea, are already assembling cyber armies and attack weapons that could be used to attack other nations. Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control, it's particularly vulnerable to the denial-of-service attacks, electronic jamming, data destruction and software-based disinformation tricks likely in a cyberattack. Here's what ex-presidential adviser Richard Clarke, who is releasing a new book called Cyber War, and others are saying needs to be done to keep cyberwars from escalating into full-scale combat."

8 of 118 comments (clear)

  1. FUnny how there's no eviDence... by calibre-not-output · · Score: 3, Insightful

    ...to back any of this up.

    --
    Nothing lasts forever but the certainty of change.
    1. Re:FUnny how there's no eviDence... by calibre-not-output · · Score: 3, Insightful

      I personally think that allowing full disclosure of security problem would greatly help that but what do I know...

      About as much as me, I'd assume.

      The obvious staring-you-in-the-face difference between this and 9/11 is that this book is flinging accusations at specific parties - all of them major world governments - without any evidence. It's very different from saying "a group of cyberterrorists is in principle capable of hijacking our servers and messing with our communications", and more like saying "Iraq has WMD, let's fuck their shit up" - also without evidence.

      --
      Nothing lasts forever but the certainty of change.
    2. Re:FUnny how there's no eviDence... by Seanface · · Score: 4, Informative

      That's an awfully broad statement. There's evidence, though it's mostly based on circumstance. I don't think I need to be linking articles about the China Cyber Attack stuff, or North Korea, as that's all fresh.

      But I'm happy to offer other links from the recent and not so recent past that are relevant.

      Somewhat recent -

      Russian Cyber Attacks on Georgia
      http://blogs.zdnet.com/security/?p=1670

      PowerGrid Vulnerability of the US
      http://www.time.com/time/nation/article/0,8599,1891562,00.html

      In a Galaxy Far Far Away... 1998, a brief description of L0pht testifying before congress.Excerpt included.
      http://hsgac.senate.gov/l0pht.htm

      ""We have become so dependent on communications links and electronic microprocessors that a determined adversary or terrorist could shut down federal operations or damage the economy simply by hacking into our computers. The two General Accounting office reports which will be released at our hearing--one on the State Department and one on the Federal Aviation Administration- -raise serious concerns about the risks to the public because of information security weaknesses.""

    3. Re:FUnny how there's no eviDence... by hedwards · · Score: 3, Insightful

      That's not analogous at all. We know, and have known for some time, that a huge number of attacks come out of China and Russia. While we don't specifically know that the Russian or Chinese government is sponsoring it, we do know pretty reliably that they don't seem to care about it as long as the crimes are being addressed over seas. That's completely different than the claim that the Iraqi government owned and controlled weapons of mass destruction something which was never substantiated following the formal dismantling of those after the first gulf war.

      At the end of the day, the argument you make is disturbingly similar to: because Neo-Nazis just post the details of people they want assassinated that they aren't themselves responsible, when it's almost certain that given and address and a motive somebody will follow through.

      And no, I'm not being as extreme with the examples as it might appear, there's any number of electronic devices which could cause that level of trouble. Ever imagine what would happen if somebody were to screw with the communications infrastructure? It's not that hard to believe that people could die as a result. Especially if done in conjunction with a suspected terrorist attack.

  2. second post by slick7 · · Score: 3, Insightful

    As long as the US outsources IT, it is to be expected that there will be those that will challenge our preeminence in any field related to IT.

    --
    The mind conceives, the body achieves, the spirit manifests.
  3. Clarke's Been Playing This Violin for Years by Jeremiah+Cornelius · · Score: 3, Interesting

    Same damn tune.

    I'm in InfoSec - vulnerability assessment and remediation. I used to see him speak in the Clinton years, when he'd toot the f-ing horn, how he had Big Bill's ear about this. After 911 he went on a book and lecture circuit.

    Bullshit then, and now.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  4. Bill Gates is the "Manchurian Candidate"? by peter303 · · Score: 5, Insightful

    His OS is used 90% of US computers, including military ones. And it security holes you could sail an aircraft carrier through.
    MicroSoft has been more diligent about security lately. But the damage has already been done.

  5. First people have to care about real security... by kbonin · · Score: 4, Interesting

    As nearly anyone working on the "front lines" of security will tell you, most companies don't really care about security past some low level of lip service. Corporate networks [nearly] always have firewalls, but most of the time the IT staff is paid to care more about restricting employees from 'wasting company time' than in managing advanced multi-level defenses (why most networks are 'crunch on the outside, soft and chewy on the inside.') Equipment and software vendors provide password level security, often with authentication integration into LDAP/AD, but rarely support real tokens or PKI's backed by an HSM, as most companies don't want to pay for a real HSM (and with post dot bomb price escalation, that's often understandable - $40k for a 1U server with layered tamper switches and a custom app?) CSO's are treated as a cost center along with the rest of IT, and its often the policy to force people to keep quiet when major breaches occur. Its simpler and cheaper to make sure the board and stockholders don't know how often the databases and repositories are exported to FTP sites in China than to actually make it really difficult to succeed, as real security often costs real money. There's a whole underground industry of targeted penetration, as ethics and patriotism fall to greed - the underlying problems are far deeper than basic "cybersecurity".