Slashdot Mirror
Is Cyberwarfare Fiction?
An anonymous reader writes "In response to calls by Russia and the UN for a 'cyberwarfare arms limitation treaty,' this article explains that 'cyberwar' and 'cyberweapons' are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and the tools hackers use are nothing like weapons. Putting 'cyber' in front of something is just a way for people to grasp technical concepts. The analogies quickly break down, and are useless when taken too far (such as a 'cyber disarmament treaty').'"
'Think of the cyberchildren.' that and the cybercitizens who elect cybersenators...
http://www.beanleafpress.com
One of the common claims regarding "cyber warfare" are attacks against the power grid. What I'd like to know is this: why is the power grid accessible to any outside system?
Living With a Nerd
Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer.
You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode. Second, if you mess with the supply chain electronically, it's possible to do some really interesting stuff with medical supplies, parts for just in time manufacturing, etc. Could go on - but the overall effect is direct, substantial life threatening consequences.
When millions of people in key positions have artificial hearts, limbs, microchips in their body, nanotechnology with RFID in their clothes, then cyberwarfare becomes something physical.
If hackers can stop the artificial heart of somebody important, this is no different than assassinating the person.
whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off
I'm not confident that you fully understand the perceived danger on the part of world leaders. The issue is that people with an inordinately high ability to compromise computer systems might have access to information. Consider information like troop movements, secret bomb/nuclear supply facilities, infrastructure weak points, and financial information (account balances, passwords, etc). While compromising a system with this information may not kill somebody directly, the information could most certainly be used to kill many people, or perhaps to temporarily stunt or even cripple entire economies.
No you haven't; at least not in the sense that matters. Even if there is a country stupid enough to connect it's "off switch" to the internet, all they have to do is pull the ethernet cable and switch it on again. Even if you can break a small proportion of power stations, the rest will come on again. You are a "cybervandal" not a "cyberwarrior".
The real serious cyberwarfare people would do both. A disable the off switch (force it on) and b) drop a graphite bomb at a key place to do weeks worth of damage. That's proper "cyber" warfare.
Cyber"warriors" know the exploit for the radar station and disable the air defences as they fly in with real bombs.
Cyber"guerilla"s mess with account numbers in the fund transfer excels of most of the big companies in the place they target.
There's a whole load of resources which are needed for this stuff. Real test suites where you actually have the control systems of your enemies nuclear power plants; actual buildings where you can try messing up the air conditioning system, people who can actually write serious, fully EAL7 compliant defence systems. People who can write EAL7 compliant versions of exploits (have you seen the state of security software????). etc. etc. etc.
If you think your country's military doesn't have a valid role to play in a "cyberwar" then you haven't understood the difference between a "cyberterrorist" putting an "easter egg" into a flight control system and a "cyberwarrior" diverting all your civilians into the area where his nukes can strike them most effectively.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
The convenient thing about "cyberwar" as a slogan is how it allows you to extend the notions of "wartime" into virtually every nook and cranny of life and infrastructure.
The term "cyberwar" quietly implies that virtually any net-connected system is a potential or actual combatant. From here, it's just a hop, skip, and a jump to applying military/wartime standards for such niceties as atttacking systems, or requisitioning access. Even better, since "cyberwar" is, for suitably nebulous definitions, something that occurs pretty much constantly, among a wide variety of state and nonestate actors, with various levels of covertness, the mandate covers basically everybody, everywhere, and is of unlimited duration(See also: "Global war on terror").
Who needs bullshit like "warrants" or "due process" when any computer system can simply be declared to be an "enemy combatant" or "materially supporting an enemy combatant"? If you think the notion of charging an object in order to avoid procedural restrictions is absurd, be aware that it is already standard practice in the context of "asset forfeiture". (which makes for some rather ridiculous case names...)
Sticking a stupid name on something and overblowing what it means isn't the same thing as it not existing to begin with. Computers are vulnerable. People who don't like us can exploit those vulnerabilities. But this is really just another arena of non-shooting conflict, all under cloak and dagger.
The CIA has a long history of trying this sort of thing, sometimes successfully, many times not. There's directly funding revolutionaries, slipping agents into countries, running guns, sponsoring assassination attempts, economic sabotage, infrastructure sabotage, spying with human intelligence, electronic intelligence, satellite intelligence, etc. The CIA has a history of over-promising and under-delivering but this doesn't mean they won't still try.
The Russians have traditionally been much better at running spy rings. The beauty of hacking is you don't even have to put your own assets in-country and risk their capture.
On one hand, I don't think we'll ever get to the point where it can be Die Hard 4 info-Armageddon with hackers blowing up power plants at will. I think that public screwups will force a higher level of security and more rigorous design so that we are less vulnerable to external attacks. On the other hand, the BP fuckup shows that reason and logic are poor tools for explaining the behavior of large organizations. BP should have taken drilling seriously. They should have realized that they had no good plans for capping an uncontrolled well so if they were going to drill, the only option would be making sure they would never, ever, ever have an uncontrolled well. All the internal warnings they had in the months leading up to the disaster should have been their opportunities to stop the disaster before it happened. And we can see how it turned out.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Cyber-warfare is not about killing people, it's about killing the country.
Think: no mains power, the backup generators can only sustain so much equipment for so long. Since the fuel pumps don't function either, you can't hop down to the gas station to buy some more fuel, and it will eventually run out. Then what? Production grinds to a halt, administration is disabled, communication services non-functional.
All you need then is one act of terrorism. No ambulances, no firefighters, as nobody can call for help. If someone does make it to the hospital, no X-ray, no life-support, no vital monitors, no defibrillator.
And this is just one scenario. Use your imagination!
Hyperbole: I use it liberally!
Maybe, but probably not: http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage#Hoax.3F
God invented whiskey so the Irish would not rule the world.