Slashdot Mirror
Behind Cyberwar FUD
Nicola Hahn writes "The inevitable occurred this week as The Economist broached the topic of cyberwar with a couple of articles in its July 3rd issue. The first article concludes that 'countries should agree on more modest accords, or even just informal "rules of the road" that would raise the political cost of cyber-attacks.' It also makes vague references to 'greater co-operation between governments and the private sector.' When attribution is a lost cause (and it is), international treaties are meaningless because there's no way to determine if a participant has broken them. The second recommendation is even more alarming because it's using a loaded phrase that, in the past couple of years, has been wielded by those who advocate Orwellian solutions. The other article is a morass of conflicting messages. It presumes to focus on cyberwar, yet the bulk of the material deals with cybercrime and run-of-the-mill espionage. Then there's also the standard ploy of hypothetical scenarios: depicting how we might be attacked and what the potential outcome of these attacks could be. The author concludes with the ominous warning that terrorists 'prefer the gory theatre of suicide-bombings to the anonymity of computer sabotage — for now.' What's truly disturbing is that The Economist never goes beyond a superficial analysis of the topic to examine what's driving all of the fear, uncertainty, and doubt (PDF), a subject dealt with in this Lockdown 2010 white paper."
Still posting at -1
i guess you have never read it before. Economist is a private interest mouthpiece that serves whatever their financiers tell them to do, depending on what their backers need as policy at any given period. Judging from the contents of your summary, one can easily say that this time the group they are licking the boots of is RIAA.
Read radical news here
The Economist is a bit conservative on the side business, but as far as being their lackey - I'm not so sure about that. Sometimes they come out with things that can be interpreted as almost anti-business. They've also been doing some rather critical pieces on BP lately as an example.
Or is BP behind on their payments to the Economist?
RIP America
July 4, 1776 - September 11, 2001
The internet was designed for convenience and reliability, not security.
The logical conclusion should be, "disconnect security sensitive systems from the Internet, go back to the older ways of managing those systems and design more secure networks for those systems." Oh, sorry, I forgot that convenience is actually more important than anything else, so that will never happen.
Palm trees and 8
>I AM THE PRESIDENT OF THE UNITED STATES
>Greetings Mr. President
>DOWNLOAD ALL SECRET FILES TO DISKETTE
Working....Done.
>DEORBIT SURVEILLANCE AND COMMUNICATION SATELLITES
Working...Done.
>TURN OFF NORTH AMERICAN POWER GRID
Working....D
.
Why did the article make me flash on this anime?
Gotta love this paragraph:
What will cyberwar look like? In a new book Richard Clarke, a former White House staffer in charge of counter-terrorism and cyber-security, envisages a catastrophic breakdown within 15 minutes. Computer bugs bring down military e-mail systems; oil refineries and pipelines explode; air-traffic-control systems collapse; freight and metro trains derail; financial data are scrambled; the electrical grid goes down in the eastern United States; orbiting satellites spin out of control. Society soon breaks down as food becomes scarce and money runs out. Worst of all, the identity of the attacker may remain a mystery.
If you enable above-mentioned critical infrastructure to be controlled over a public network (no matter how well secured), that's a design flaw. Any damage from that should go on the account of the boneheads that designed things that way, not on cybercriminals that find a way in & abuse it. It's okay to use network-connected equipment to help optimize / monitor whatever public utility. But the controls should always go through (on-site) humans and/or network-independent systems.
Such doomsday think is BS anyway: if you keep the above in mind, it couldn't happen as long as attacks are limited to network / cyberwar operations. In case of physical attacks: that's a whole different ballgame. And if systems are designed such that network break-ins alone can disrupt critical infrastructure, then you deserve whatever you get.
What's convenient about electrical grid systems designed to fail? We've even had the East Coast power grid, which includes part of the midwest and Canada fall down, allegedly related to some idiot using Microsoft products in mission critical situations. We've also had extended air traffic shut downs for the world's 8th largest economy. But hey check out that spin. The headline says it's the fault of the flunky who needs to reboot the Microsoft "server" every few hours, rather than hanging up the criminals who replaced working systems with Microsoft products.
Secure systems are convenient: they work.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Before you start dismissing the article without reading it, they do have a very good point that cyberattacks by governments should have consequences for those for those governments. If Russia were to blow up the HQ of a company they didn't like, everybody would up in arms about, but if they hire a bunch of script kiddies to go in an wipe the company's server farm (effectively destroying the company), it probably wouldn't even draw a comment from the State Department. That's not a good precedent to set for the future...
So called followers of Adam Smith have been reading the old boy a bit since the crash,and realised that he would have disapproved of almost everything they were supporting. The Economist hasn't really admitted that they bet their money on the bob-tailed nag - but they do seem recently to have remembered a bit that AS was opposed to cartels, and supported the free exchange of information.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
I've been seeing ads for a new degree program in "cybersecurity" at UMUC (second-career oriented portion of the University of Maryland). But I really wonder how effective such a degree could be if the person in the program isn't required to do some basic programming. From what I can tell, they aren't... they take "network essentials" and classes that include "penetration testing," but if the graduates of this kind of program are up against skilled hackers who are comfortable with bit-banging, I guess we're kind of screwed.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
He was popular for a while after 9/11, at the time he attempted to make it seem as though he was the lone force in the world that had been warning of the threat, and a ll of the powers that be ruffled his hair and told him to be on his way... and now weren't they all sorry they hadn'rt listened. As was the case before, is seeming to be the case now, an author with enough of a grasp of the siuation to make an intelligent commment is simply not enough, he chooses to muddle the waters with a blatantly personal agenda which will ensure that no one gives a shit whatever he says becomes any wisdom needs to be sifted through a mountain of self serving drivel
sig loading.......
Given all the cyber-this and cyber-that, I think cyber has taken on a new meaning in the past several years:
Cyber (prefix) - signal to reader that he need not think critically about what follows.
It's a shortened version of the phrase using a computer, which has also had the same meaning in the context of patents.
What will cyberwar look like?
pretty much presses all the buttons that the gullibly paranoid just love to swallow - after all, everyone loves a crisis.
The things is, all we can say about future threats is that they never turn out the way we've planned for them. Pearl harbour? who'd thought it? Sept 7? oops, didn't see that coming either. Fall of the USSR? dang! we never got to use all those nukes. So if / when there is what historians will look back on as cyberwar (or the first cyberwar), it almost certainly won't be the "war" that the government spent billions preparing for.
Whatever it does turn out to be, there are some blindingly obvious things that can and should be done in preparation. Things like making sure there is absolutely no physical or logical connections between crucial infrastructure and anybodies home computer. Ensuring that none of these mission critical systems, vehicles of war or systems of mass production / finance runs any commercially available software and keeping the knowledge of how they work, or even their existence away from the media, the public and the rest of the planet.
While these measures won't prevent this cyberwar, they might, just, mean that the effects will be reduced to the point that it just seems like a bad day at the office. But at least there's still be an office.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
America. America is driving the cyber war nonsense and the reason is clear. the natural progression of our regularly scheduled wars that operate on ~4 year cycle is boring the american public, who are tired of
sending their kids to the meatgrinder in some third world hell-desert. American voters are also tired of high taxes required to pay for these "necessary wars" that drive GDP up, but in the long term which most americans
and politicians dont concern themselves with, bankrupt a nation.
Drones made war more popular by removing the "little johnny isnt coming home" factor from war, but their most recent theatre also made them politically despicable as they became used casually to invade sovereign states to bomb the living shit out of army bases and cars with "suspected" terrorist leaders. This set the precedent for any country with an agenda to disregard national sovereignty because, well, america does too.
cyberwar is an innocuous catchall thats managed by a US military entity (the airforce,) sufficiently complex as to avoid questioning by the general populous, and can easily be related to americans in terms of website hacks, email hacks, etc...to such an extent as to drive support and backing for cyberwars. Cyberwars, being ambiguous and beyond comprehension by joe six-pack also enjoy the luxury of being cheap, or expensive, depending on the size of the pocketbook and willingness of the nation to spend.
Cyberwar, like the war on terror, is designed as a continued investment by quite likely the very same government entrenched corporations that drove most any of the other wars we've had. it doesnt seek to protect anyone or solve anything, only create new consumer products the likes of the AR-15 and the hummer and line the pockets of the richest and most vile human beings who have ever come under the service of the people of the united states of america. And so long as we have potbellied senators from the carolinas barking cyberwar, there will always be a market for what we fear but do not understand.
Good people go to bed earlier.
There is so much editorializing in the submission, and so little explanation, that I have no idea what the submission is about.
Stick to the facts in the submission. The rest belongs in comments.
For those of us in-the-know, it's painful to see people like you here on Slashdot. Due to NDA and various laws, we obviously can't go pointing out exactly how the USA truly is at risk.
Rest assured that this stuff is on the Internet, it's buggy as hell, it's misconfigured, and the passwords are as lame as you can imagine. We're already hacked into, at all levels, both government and private.
The main limitations for the attackers are a lack of obscure knowledge and their own preference for quietly stealing information. Why screw with a super-crufty undocumented railroad control system when you could be reading Hillary's email or picking up a copy of the F-35 radar software?
that means you havent been following economist.
precisely the articles/views that any given american conglomerate dominant in any given field is publicized in economist exactly at the convenient times. no earlier, no less. american media industry stages an attack against net neutrality ? you will find economist either preceding it with an article or following immediately after it starts. copenhagen talks are coming up in regard to climate ? same. moreover, the views and defenses it reflects also continues in lockstep with whatever that industry is using at any given time - ie, economist does not oppose carbon tax or climate change in ways that are different than the industry it is being a mouthpiece for - it uses the exact chosen argument of that industry at that given time. when the industry drops the 'sun is heating the earth' excuse, economist drops it too. when the industry sees that the 'it is a cycle' approach is not so sound anymore, economist doesnt insist, it updates its approach.
they are doing critical pieces on bp, probably because it is first a british corporation, second, it screwed up SO bad, third, bp going out of scene will make it easier for american oil companies. all is calculated.
Read radical news here
what's the problem with standing a bit to the left of lenin, come again ?
rupert murdoch gets his stomach upset when he sees one ? or, fox news says so ?
Read radical news here
When attribution is a lost cause (and it is), international treaties are meaningless
So the summary's argument is based on the Internet as it is, and the nations forming these international treaties being powerless to change it.
If you honestly believe that, you deserve what you're going to get. Look at the histories of these nations and say with a straight face they cannot change the Internet. Don't say they wont; the very fact that other nations are involved gives them every reason to.
The REAL risk is, of course, SkyNet.
http://en.wikipedia.org/wiki/Jane_Akre
What other "news" organization would go to court to defend their right to lie in a "news" story?
If you tell the viewers what the viewers want to hear (regardless of any factual basis) then you will attract a lot of viewers.
Why, Interpol, of course. Who else? Except the U.N., of course - that's where the world discusses it's problems.
Well, may a panel of world decent cyber-activists. Wikileaks. Civil Watchdogs. Ethical Hackers. ... maybe everyone. And an online voting system to load the vote on what's a cyber-attack and what's due protest, or whistleblowing. Put it under the U.N.'s wing, somehow, without curtailing independence.
It's a can-do. If the people want to.
The wisc.edu is a very good school and nice apple and microsoft place, but not a leader in lockdown anything.
Talking policy with comparatively little or no heuristic experience in the field, does typically indicate a political/corporate agenda, but I could not locate any connection with any FUD/dogma bbbeast.
Anyway war and crime are two different levels of malevolence. War involves total (domestic/external) cultural participation, but crime is a more internal local and limited harm to citizens.
Acts/laws that make a crime an act of war is totalitarianism.
Draconian plutocracies will disenfranchise citizens with laws that make acts of cyber-crimes into acts of cyber-war. Hitler-Himmler, Chaney-Bush ... (great FUD marketeers) are examples of draconian plutocrats.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
It's still better than most publications, but ten years ago it was great.
I have noticed a decline in the quality of their reporting, and a greater willingness to toe the government line.
I recently let my subscription lapse.
I've been reading The Economist for a long time now, and, save for some known idiosyncrasies like plugging CO2 taxes/trading and kicking the Euro, found it to be quite neutral, interesting and well-written. I browse a lot during the week, and the articles always catch on to the buzz, while offering real additional insight. About the only thing I don't care for is too much focus on the politics of countries that used to be part of the former British Empire, but hey, give them nostalgic Brits a break.
The articles in the latest edition are really bizarre. They totally deviate from the quality I'm accustomed to, so much that I wondered what's going on and was about to write a LTTE.
I'm not a coward by any name.
We've even had the East Coast power grid, which includes part of the midwest and Canada fall down, allegedly related to some idiot using Microsoft products in mission critical situations.
1965 Nov 9 Northeast Blackout Cascading series of transmission line overloads traced to safety relay at Niagara's Adam Beck station. (human error)
1977 July 13 New York City Blackout of 1977 (Lightning strikes take out four transmission lines)
1998 January (ice storms)
1999 July 5 (Boundary Waters-Canadian Derecho)
2003 August 14 Northeast Blackout of 2003
In February 2004, the U.S.-Canada Power System Outage Task Force released their final report, placing the main cause of the blackout on FirstEnergy Corporation's failure to trim trees in part of its Ohio service area. The report states that a generating plant in Eastlake, Ohio (a suburb of Cleveland) went offline amid high electrical demand, putting a strain on high-voltage power lines (located in a distant rural setting) which later went out of service when they came in contact with "overgrown trees". The cascading effect that resulted ultimately forced the shutdown of more than 100 power plants.
Computer failure
A software bug known as a race condition existed in General Electric Energy's Unix-based XA/21 energy management system. Once triggered, the bug stalled FirstEnergy's control room alarm system for over an hour. System operators were unaware of the malfunction; the failure deprived them of both audio and visual alerts for important changes in system state. After the alarm system failure, unprocessed events queued up and the primary server failed within 30 minutes. Then all applications (including the stalled alarm system) were automatically transferred to the backup server, which itself failed at 14:54. The server failures slowed the screen refresh rate of the operators' computer consoles from 1-3 seconds to 59 seconds per screen. The lack of alarms led operators to dismiss a call from American Electric Power about the tripping and reclosure of a 345 kV shared line in northeast Ohio. Technical support informed control room personnel of the alarm system failure at 15:42.
2003 Sept 29 (Hurricane Isabel)
2005 Dec 19 (ice storms)
2006 July 17-18 (severe thunderstorms)
2006 Oct 12 "October Surprise" (lake-effect snow storm, Buffalo, NY)
List of notable wide-scale power outages
Not one of the - world's great - power outages on the Wikipedia's list is linked in any way to Microsoft or Windows.
On Tuesday, FAA officials had insisted that the more than three-hour system shutdown posed no safety risks. But they acknowledged Wednesday that they were investigating five incidents in which planes lost the required separation distance during the first 15 minutes of the communications breakdown.
In two cases, large airliners -- a UPS cargo plane and a Northwest Airlines flight bound for Southern California airports -- came much closer to small corporate jets than federal guidelines allow, requiring at least one pilot to take corrective action. FAA officials repeated Wednesday that they did not believe lives were ever at risk.
The agency's radio system in Palmdale shut itself down Tuesday afternoon because a technician failed to reset an internal clock -- a routine maintenance procedure required every 30 days by the FAA. Then a backup system failed, also as a result of technician error, officials said.
The radar system in Palmdale, contrary to what some FAA and union officials had said Tuesday, did not shut down.
FAA officials said they had known for more than a year that a software glitch could shut down radio communications and were in the process of fixing it. In the m
I'm not the brightest bulb on the block and that manifests it self as fear when I don't understand something. I am petrified of cancer and of some sort of sudden brain injury (my dad suffered many strokes before his death and my mom died of cancer). The author of the article probably has a couple of fears too. Couple that with his 'marching orders" which was probably something like "Write a doom and gloom article about the cyber-security risks to America's infrastructure for July 4th" and you get a superficial fluffy article that is intended to scare people who read The Economist.
The author probably read a lot of background matterial and understood about 20% of it (like when I tried to read about cancer in medical jounals). He was left concernd and still not understanding most of what he needed to know. Bear in mind he writes for a magazine called "The Economist" and not one called "Slashdot". On top of that there do seem to be a lot of authorities that sound terribly concerned about security (and sell products to protect you).
Anyway the editors got what they wanted and he got published.
The forthcoming cyberwar will be isolated to the Microsoft ecosystem, use of MS Windows attcking malware is almost a prerequisite in a large scale cyber attack. *nix OSes are fundamentally more resistant in practice, automated/self-replicating attacks.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
The problem every politician faces is that without some mind-gripping fear, for which the politician has *The Answer*, it is hard to unseat an incumbent. Cyber warfare is the New Fear.
Without the prospect of CYBER WARFARE, the critical infrastructure on which our political process takes place can remain controlled by private parties, some of whom are legitimately indifferent to the political process, even to the point where they are non-partisan, so long as the politician elect can be bought. This is clearly a problem for political parties, especially those in power, who have a vested interest in controlling political debate. Without control over the public square - that is, the means by which public debate happens - they have no reasonable assurance of controlling the debate itself. You see, there are *certain things* about which you aren't supposed to talk. The political debate has to be controlled in such a manner to keep people thinking about those ethereal fears which allow politicians to get elected.
And the problem with the Internet is that it can't be controlled by the party elect. Free debate happens - on any subject, mind you! And this is a real problem, especially if you need to control the thoughts of your subjects, er - citizens. Enter CYBER WARFARE: a threat, that if real, can be used as justification for grabbing "emergency" control of our public square should the natives become restless. Surely no one would argue against NATIONAL SECURITY. Hence, the effort to conflate the internet with being vital to national security, and to conflate cyber warfare with a legitimate threat to the national security of this nation. Once this lie is believed by the public at large, any *problematic* groups developing a political following can be neutralized in the name of protecting the nation.
This is not new, folks. There were power grabs under the notion of national security long before the Internet became the dominant means of public debate. During the civil rights era, the police broke up political protests and gatherings in the name of "law and order". This is no different - an attempt by the incumbents to retain their control over the political process. Every red-blooded American should reject this mindless fear-mongering, and those who mention "cyber warfare" should be upbraided as ignorant fools, preferably in as public a manner as possible, to "encourage the others".
Now this is not to say that there are real threats with vital systems connected to the internet, but this is a matter of engineering standards and ethics, not of actual national security. The distinction is important.
The society for a thought-free internet welcomes you.
uhaha huahahap hahap yeap yeap.
Read radical news here