Slashdot Mirror
Is Cyberwarfare Fiction?
An anonymous reader writes "In response to calls by Russia and the UN for a 'cyberwarfare arms limitation treaty,' this article explains that 'cyberwar' and 'cyberweapons' are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and the tools hackers use are nothing like weapons. Putting 'cyber' in front of something is just a way for people to grasp technical concepts. The analogies quickly break down, and are useless when taken too far (such as a 'cyber disarmament treaty').'"
In response to calls by Russia and the UN for a "cyberwarfare arms limitation treat"
And then we can all dress up as h4x0r3z, maybe call the event Geek-o-Ween.
'Think of the cyberchildren.' that and the cybercitizens who elect cybersenators...
http://www.beanleafpress.com
They are all FBI Agents.
One of the common claims regarding "cyber warfare" are attacks against the power grid. What I'd like to know is this: why is the power grid accessible to any outside system?
Living With a Nerd
Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer.
You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode. Second, if you mess with the supply chain electronically, it's possible to do some really interesting stuff with medical supplies, parts for just in time manufacturing, etc. Could go on - but the overall effect is direct, substantial life threatening consequences.
When millions of people in key positions have artificial hearts, limbs, microchips in their body, nanotechnology with RFID in their clothes, then cyberwarfare becomes something physical.
If hackers can stop the artificial heart of somebody important, this is no different than assassinating the person.
Anyone who does not take cyberwarfare seriously is not envisioning a world where nanotechnology is everywhere in everything. Where the enemy can create a bomb that you shallow in a pill, or that is sprinkled on your food. Where the enemy can use nano bots too small to see to kill people, or hack into or reprogram, etc.
It's definitely not fiction, it's reality. The technology to do this already exists and for all we know governments could be launching their attacks as we speak. Whoever controls the nanotech weapons will control the future.
whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off
I'm not confident that you fully understand the perceived danger on the part of world leaders. The issue is that people with an inordinately high ability to compromise computer systems might have access to information. Consider information like troop movements, secret bomb/nuclear supply facilities, infrastructure weak points, and financial information (account balances, passwords, etc). While compromising a system with this information may not kill somebody directly, the information could most certainly be used to kill many people, or perhaps to temporarily stunt or even cripple entire economies.
No you haven't; at least not in the sense that matters. Even if there is a country stupid enough to connect it's "off switch" to the internet, all they have to do is pull the ethernet cable and switch it on again. Even if you can break a small proportion of power stations, the rest will come on again. You are a "cybervandal" not a "cyberwarrior".
The real serious cyberwarfare people would do both. A disable the off switch (force it on) and b) drop a graphite bomb at a key place to do weeks worth of damage. That's proper "cyber" warfare.
Cyber"warriors" know the exploit for the radar station and disable the air defences as they fly in with real bombs.
Cyber"guerilla"s mess with account numbers in the fund transfer excels of most of the big companies in the place they target.
There's a whole load of resources which are needed for this stuff. Real test suites where you actually have the control systems of your enemies nuclear power plants; actual buildings where you can try messing up the air conditioning system, people who can actually write serious, fully EAL7 compliant defence systems. People who can write EAL7 compliant versions of exploits (have you seen the state of security software????). etc. etc. etc.
If you think your country's military doesn't have a valid role to play in a "cyberwar" then you haven't understood the difference between a "cyberterrorist" putting an "easter egg" into a flight control system and a "cyberwarrior" diverting all your civilians into the area where his nukes can strike them most effectively.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
It is warfare in the same sense that computers think or ships swim. In other words, it really isn't, but it's a convenient metaphor to use because the truth is too complicated for the average person.
Anyone who puts the word 'cyber' in front of something should probably be shot.
Moving along to more immediate activities, we are actively seeing 'Information Warfare' being executed on the Internet. The latest widely heard event was the Israeli-flotiilla debacle, and subsequent dis-information campaign from every possibly side. Ask someone who has stated they have been following it, and see what factual information they can give you, and have them list multiple non-governmental independent investigatory sources for validation. It isn't possible.
This is not the first time Russian government reveals its unique idiotic approach to technology. As a former Russian citizen I am following the drama of Russian government politics in technology, which, synthetically speaking, is a laughing stock of Russian technoblogging community.
Basically, the technology policy of the Russian government does not differ much from:
1. New exciting promising technology discovered!!
2. ???
3. Profit (get recognition, re-establish mother Russia as a world superpower, look wise, etc)
Replace ??? with "flood zillions of roubles into this technology without any sense of balanced budget" (which was the case of "nanotechnologies") or in this case "propose a treaty to curb technology".
One would think that smartass KGB spy would do better than idiot Khruschev, but no... the result is the same: embarrassment and ostracism of Russia on the international level.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
In the same sense that nuclear war is real, cyberwar is real. We've seen both only in limited fashion. We know the technology exists and works. We've just never seen two well-armed adversaries thoroughly go at it.
There's a lot of fiction about full-scale nuclear war. That doesn't mean nuclear war itself is fiction.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
And yet, the CIA was able to explode a Soviet natural gas pipeline simply by inserting some code into the pipeline control software the Soviets were stealing from the Canadians. "The result was the most monumental non-nuclear explosion and fire ever seen from space,..."
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
The convenient thing about "cyberwar" as a slogan is how it allows you to extend the notions of "wartime" into virtually every nook and cranny of life and infrastructure.
The term "cyberwar" quietly implies that virtually any net-connected system is a potential or actual combatant. From here, it's just a hop, skip, and a jump to applying military/wartime standards for such niceties as atttacking systems, or requisitioning access. Even better, since "cyberwar" is, for suitably nebulous definitions, something that occurs pretty much constantly, among a wide variety of state and nonestate actors, with various levels of covertness, the mandate covers basically everybody, everywhere, and is of unlimited duration(See also: "Global war on terror").
Who needs bullshit like "warrants" or "due process" when any computer system can simply be declared to be an "enemy combatant" or "materially supporting an enemy combatant"? If you think the notion of charging an object in order to avoid procedural restrictions is absurd, be aware that it is already standard practice in the context of "asset forfeiture". (which makes for some rather ridiculous case names...)
> Shut something life threatening down or screw it up by hacking into it?
I was really hoping you were going to end that sentence with, "There's an app for that."
Bark less. Wag more.
They also run on their own closed-circuit network, so good luck causing trouble without physical access or making yourself pretty obvious digging up the cables.
Even if you can break a small proportion of power stations, the rest will come on again.
Many large power plants need quite a bit of energy to jump start from an 'off' condition (normally they never go 'off' just in lower power mode). Turning off all power plants at once would be a much bigger mess then you think. I don't think you ever could do it because of fail-safes, but if you could you would start a big mess.
Sticking a stupid name on something and overblowing what it means isn't the same thing as it not existing to begin with. Computers are vulnerable. People who don't like us can exploit those vulnerabilities. But this is really just another arena of non-shooting conflict, all under cloak and dagger.
The CIA has a long history of trying this sort of thing, sometimes successfully, many times not. There's directly funding revolutionaries, slipping agents into countries, running guns, sponsoring assassination attempts, economic sabotage, infrastructure sabotage, spying with human intelligence, electronic intelligence, satellite intelligence, etc. The CIA has a history of over-promising and under-delivering but this doesn't mean they won't still try.
The Russians have traditionally been much better at running spy rings. The beauty of hacking is you don't even have to put your own assets in-country and risk their capture.
On one hand, I don't think we'll ever get to the point where it can be Die Hard 4 info-Armageddon with hackers blowing up power plants at will. I think that public screwups will force a higher level of security and more rigorous design so that we are less vulnerable to external attacks. On the other hand, the BP fuckup shows that reason and logic are poor tools for explaining the behavior of large organizations. BP should have taken drilling seriously. They should have realized that they had no good plans for capping an uncontrolled well so if they were going to drill, the only option would be making sure they would never, ever, ever have an uncontrolled well. All the internal warnings they had in the months leading up to the disaster should have been their opportunities to stop the disaster before it happened. And we can see how it turned out.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Cyber-warfare is not about killing people, it's about killing the country.
Think: no mains power, the backup generators can only sustain so much equipment for so long. Since the fuel pumps don't function either, you can't hop down to the gas station to buy some more fuel, and it will eventually run out. Then what? Production grinds to a halt, administration is disabled, communication services non-functional.
All you need then is one act of terrorism. No ambulances, no firefighters, as nobody can call for help. If someone does make it to the hospital, no X-ray, no life-support, no vital monitors, no defibrillator.
And this is just one scenario. Use your imagination!
Hyperbole: I use it liberally!
"Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer."
What the hell are you doing on Slashdot?
Turn all the traffic lights green in even a small part of Los Angeles, and I think it's likely someone will die in an accident caused, proximately, by the hacking of the traffic control system. Simple enough.
Crippling a cell system might result in the failure of any number of people to make contact and deliver critical information, resulting in accidents, mistakes, lack of care, and those could result in needless deaths.
If your definition of 'warfare' must include deadly force, then much of what we think of as 'cyberwarfare' doesn't meet that definition. Emptying bank accounts, DDOS attacks, defacing websites, etc. probably don't quite rise to the definition of deadly force. But I have only the one example of traffic control. Oh, another one - disabling at least some of the electrical grid seems to be possible, and blackouts can easily result in deaths.
There's plenty of hype around 'cyberwarfare'. Now to listen to the hype around 'smart grids', and how people will feel when their refirgerators get turned off during the day, or the furnace runs continuously on 103 days. Or any number of interesting nuisances that aren't fatal (except for your plants, pets, and bed-ridden grandmother) but are sure a pain.
Oh yeah. Grandma. She might not think it's to hot until she's too faint to reach the phone.
Food for thought. Go smart grids, go!
deleting the extra space after periods so i can stay relevant, yeah.
But that was just possible because the Soviets were stupid enough to use something that was created in the western world. We'd never be so stupid to use electronics made in... oh... umm... well...
Next question?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
They also run on their own closed-circuit network, so good luck causing trouble without physical access or making yourself pretty obvious digging up the cables.
Or find out that the closed-circuit network was not that close as you thought...
"Many large power plants need quite a bit of energy to jump start from an 'off' condition"
Coal fired plants maybe. Pretty much everything else just requires someone to press an on button. Gas turbines are easy to start, nuclear never really goes off even with the rods in and hydro is as simple as opening the sluice gates.
They also run on their own closed-circuit network, so good luck causing trouble without physical access or making yourself pretty obvious digging up the cables.
They also have fixed electromechanical failsafes. I think that most electrical engineers are sufficiently aware of the fact that computers go wrong not to put protection solely in the hands of software.
Pirate Party UK
..cyber veterans day!
Hmm... an incoherent, constantly squabbling group of people who spend more time fighting amongst themselves than getting their act together and working for the common goal, self absorbed and hardly in touch with reality, dreaming up pipe dreams of greatness while at the same time accomplishing nothing...
Call me a conspiration crackpot, but could it be that they're sitting in congress?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Maybe, but probably not: http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage#Hoax.3F
God invented whiskey so the Irish would not rule the world.
Think of the children!
I really don't want a visit from a partyvan.
Anything can be found funny, from a certain point of view.
Printing up counterfeit currency during WW2 by the Germans to destabilize Britain's currency certainly was part of the war and pieces of paper certainly aren't weapons in the killing and blowing up of things. They certainly are weapons in the sense of destroying the economy. So from that point of view any cyber attacks which aid in destabilizing the economy could be part of a war and would be weapons.
As far as there being some sort of treaty to prevent this, that's probably the most stupid thing I have ever heard of. It sounds like people are making things up to either create jobs or keep them. Just another waste of money and time by the useless UN.
Putting 'cyber' in front of something is just a way for people to grasp technical concepts
... in bed.
The analogies quickly break down, and are useless when taken too far
[signature]
I think that although cyberweapons do not exist, government can implement a best next thing: killswitch for individual networks at the backbone level. Seriously, consider that US owns majority of the Internet. Say they find some sort of DDOS attack that originated in Russia against Estonia. They would be able to immediately cut off some Russian networks out of the main backbones on various levels (cut off access to root DNS if they are naugty, and if they are especially bad -- cut off all their IP blocks).
No matter how ridiculous it sounds, we should do our best to keep up the whole "cyber-war", "cyber-weapons", "cyber-attack" theme.
That way, we can invoke the Second Amendment when the government tries to restrict strong encryption, copyright circumvention software or whatever other "cyber-weapons" they find threatening. Sorry Feds, you were the ones that started this whole theme about electronics and software being "weapons", and as such, you have no power to restrict the citizens from owning them.
Nuclear plants won't run without an external power source. It's a safety feature. If the plant can't get power from the grid, the reactor shuts down automatically.
Sir –
You're right that nuclear power plants need external power to operate as a safety feature - to keep the water pump providing coolant flowing so the reactor doesn't melt. However, the need to be connected to the grid differs from my experience working at nuclear power plants. At the plant I worked at (a CANDU reactor) if the reactor itself wasn't operational there was a grid-backup, a diesel backup, and a battery backup. The battery was the most impressive. The plant could be started and was designed to operate with any of these sources of power at any given time. Of course, other plants may have different, less redundant, designs — as you suggest.
You might lead the casual reader to think that merely throwing a switch has no real world consequences, which is anything but the truth. When you are dealing with systems of such magnitude of energies even the smallest delay in rectifying an issue has a very lasting effect. e.g http://englishrussia.com/index.php/2009/08/17/hydro-electic-power-plant-explosion/ There are any number of ways to force mechanical failures simply by using 'control' software. Any mechanical system can be forced to fail if you know how it is built, and what problems plague the internal design of that system. The US is vulnerable to many such attacks against the control systems (e.g. SCADA ) and these threats should be taken VERY seriously until such time that we know the internal control networks are unreachable from any outside influence. http://www.securityfocus.com/news/11465