Slashdot Mirror
Is Cyberwarfare Fiction?
An anonymous reader writes "In response to calls by Russia and the UN for a 'cyberwarfare arms limitation treaty,' this article explains that 'cyberwar' and 'cyberweapons' are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and the tools hackers use are nothing like weapons. Putting 'cyber' in front of something is just a way for people to grasp technical concepts. The analogies quickly break down, and are useless when taken too far (such as a 'cyber disarmament treaty').'"
'Think of the cyberchildren.' that and the cybercitizens who elect cybersenators...
http://www.beanleafpress.com
One of the common claims regarding "cyber warfare" are attacks against the power grid. What I'd like to know is this: why is the power grid accessible to any outside system?
Living With a Nerd
Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer.
You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode. Second, if you mess with the supply chain electronically, it's possible to do some really interesting stuff with medical supplies, parts for just in time manufacturing, etc. Could go on - but the overall effect is direct, substantial life threatening consequences.
When millions of people in key positions have artificial hearts, limbs, microchips in their body, nanotechnology with RFID in their clothes, then cyberwarfare becomes something physical.
If hackers can stop the artificial heart of somebody important, this is no different than assassinating the person.
whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off
I'm not confident that you fully understand the perceived danger on the part of world leaders. The issue is that people with an inordinately high ability to compromise computer systems might have access to information. Consider information like troop movements, secret bomb/nuclear supply facilities, infrastructure weak points, and financial information (account balances, passwords, etc). While compromising a system with this information may not kill somebody directly, the information could most certainly be used to kill many people, or perhaps to temporarily stunt or even cripple entire economies.
No you haven't; at least not in the sense that matters. Even if there is a country stupid enough to connect it's "off switch" to the internet, all they have to do is pull the ethernet cable and switch it on again. Even if you can break a small proportion of power stations, the rest will come on again. You are a "cybervandal" not a "cyberwarrior".
The real serious cyberwarfare people would do both. A disable the off switch (force it on) and b) drop a graphite bomb at a key place to do weeks worth of damage. That's proper "cyber" warfare.
Cyber"warriors" know the exploit for the radar station and disable the air defences as they fly in with real bombs.
Cyber"guerilla"s mess with account numbers in the fund transfer excels of most of the big companies in the place they target.
There's a whole load of resources which are needed for this stuff. Real test suites where you actually have the control systems of your enemies nuclear power plants; actual buildings where you can try messing up the air conditioning system, people who can actually write serious, fully EAL7 compliant defence systems. People who can write EAL7 compliant versions of exploits (have you seen the state of security software????). etc. etc. etc.
If you think your country's military doesn't have a valid role to play in a "cyberwar" then you haven't understood the difference between a "cyberterrorist" putting an "easter egg" into a flight control system and a "cyberwarrior" diverting all your civilians into the area where his nukes can strike them most effectively.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
This is not the first time Russian government reveals its unique idiotic approach to technology. As a former Russian citizen I am following the drama of Russian government politics in technology, which, synthetically speaking, is a laughing stock of Russian technoblogging community.
Basically, the technology policy of the Russian government does not differ much from:
1. New exciting promising technology discovered!!
2. ???
3. Profit (get recognition, re-establish mother Russia as a world superpower, look wise, etc)
Replace ??? with "flood zillions of roubles into this technology without any sense of balanced budget" (which was the case of "nanotechnologies") or in this case "propose a treaty to curb technology".
One would think that smartass KGB spy would do better than idiot Khruschev, but no... the result is the same: embarrassment and ostracism of Russia on the international level.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
And yet, the CIA was able to explode a Soviet natural gas pipeline simply by inserting some code into the pipeline control software the Soviets were stealing from the Canadians. "The result was the most monumental non-nuclear explosion and fire ever seen from space,..."
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
The convenient thing about "cyberwar" as a slogan is how it allows you to extend the notions of "wartime" into virtually every nook and cranny of life and infrastructure.
The term "cyberwar" quietly implies that virtually any net-connected system is a potential or actual combatant. From here, it's just a hop, skip, and a jump to applying military/wartime standards for such niceties as atttacking systems, or requisitioning access. Even better, since "cyberwar" is, for suitably nebulous definitions, something that occurs pretty much constantly, among a wide variety of state and nonestate actors, with various levels of covertness, the mandate covers basically everybody, everywhere, and is of unlimited duration(See also: "Global war on terror").
Who needs bullshit like "warrants" or "due process" when any computer system can simply be declared to be an "enemy combatant" or "materially supporting an enemy combatant"? If you think the notion of charging an object in order to avoid procedural restrictions is absurd, be aware that it is already standard practice in the context of "asset forfeiture". (which makes for some rather ridiculous case names...)
Sticking a stupid name on something and overblowing what it means isn't the same thing as it not existing to begin with. Computers are vulnerable. People who don't like us can exploit those vulnerabilities. But this is really just another arena of non-shooting conflict, all under cloak and dagger.
The CIA has a long history of trying this sort of thing, sometimes successfully, many times not. There's directly funding revolutionaries, slipping agents into countries, running guns, sponsoring assassination attempts, economic sabotage, infrastructure sabotage, spying with human intelligence, electronic intelligence, satellite intelligence, etc. The CIA has a history of over-promising and under-delivering but this doesn't mean they won't still try.
The Russians have traditionally been much better at running spy rings. The beauty of hacking is you don't even have to put your own assets in-country and risk their capture.
On one hand, I don't think we'll ever get to the point where it can be Die Hard 4 info-Armageddon with hackers blowing up power plants at will. I think that public screwups will force a higher level of security and more rigorous design so that we are less vulnerable to external attacks. On the other hand, the BP fuckup shows that reason and logic are poor tools for explaining the behavior of large organizations. BP should have taken drilling seriously. They should have realized that they had no good plans for capping an uncontrolled well so if they were going to drill, the only option would be making sure they would never, ever, ever have an uncontrolled well. All the internal warnings they had in the months leading up to the disaster should have been their opportunities to stop the disaster before it happened. And we can see how it turned out.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Cyber-warfare is not about killing people, it's about killing the country.
Think: no mains power, the backup generators can only sustain so much equipment for so long. Since the fuel pumps don't function either, you can't hop down to the gas station to buy some more fuel, and it will eventually run out. Then what? Production grinds to a halt, administration is disabled, communication services non-functional.
All you need then is one act of terrorism. No ambulances, no firefighters, as nobody can call for help. If someone does make it to the hospital, no X-ray, no life-support, no vital monitors, no defibrillator.
And this is just one scenario. Use your imagination!
Hyperbole: I use it liberally!
"Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer."
What the hell are you doing on Slashdot?
Turn all the traffic lights green in even a small part of Los Angeles, and I think it's likely someone will die in an accident caused, proximately, by the hacking of the traffic control system. Simple enough.
Crippling a cell system might result in the failure of any number of people to make contact and deliver critical information, resulting in accidents, mistakes, lack of care, and those could result in needless deaths.
If your definition of 'warfare' must include deadly force, then much of what we think of as 'cyberwarfare' doesn't meet that definition. Emptying bank accounts, DDOS attacks, defacing websites, etc. probably don't quite rise to the definition of deadly force. But I have only the one example of traffic control. Oh, another one - disabling at least some of the electrical grid seems to be possible, and blackouts can easily result in deaths.
There's plenty of hype around 'cyberwarfare'. Now to listen to the hype around 'smart grids', and how people will feel when their refirgerators get turned off during the day, or the furnace runs continuously on 103 days. Or any number of interesting nuisances that aren't fatal (except for your plants, pets, and bed-ridden grandmother) but are sure a pain.
Oh yeah. Grandma. She might not think it's to hot until she's too faint to reach the phone.
Food for thought. Go smart grids, go!
deleting the extra space after periods so i can stay relevant, yeah.
But that was just possible because the Soviets were stupid enough to use something that was created in the western world. We'd never be so stupid to use electronics made in... oh... umm... well...
Next question?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Hmm... an incoherent, constantly squabbling group of people who spend more time fighting amongst themselves than getting their act together and working for the common goal, self absorbed and hardly in touch with reality, dreaming up pipe dreams of greatness while at the same time accomplishing nothing...
Call me a conspiration crackpot, but could it be that they're sitting in congress?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Maybe, but probably not: http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage#Hoax.3F
God invented whiskey so the Irish would not rule the world.
Putting 'cyber' in front of something is just a way for people to grasp technical concepts
... in bed.
The analogies quickly break down, and are useless when taken too far
[signature]
No matter how ridiculous it sounds, we should do our best to keep up the whole "cyber-war", "cyber-weapons", "cyber-attack" theme.
That way, we can invoke the Second Amendment when the government tries to restrict strong encryption, copyright circumvention software or whatever other "cyber-weapons" they find threatening. Sorry Feds, you were the ones that started this whole theme about electronics and software being "weapons", and as such, you have no power to restrict the citizens from owning them.