Slashdot Mirror
Behind Cyberwar FUD
Nicola Hahn writes "The inevitable occurred this week as The Economist broached the topic of cyberwar with a couple of articles in its July 3rd issue. The first article concludes that 'countries should agree on more modest accords, or even just informal "rules of the road" that would raise the political cost of cyber-attacks.' It also makes vague references to 'greater co-operation between governments and the private sector.' When attribution is a lost cause (and it is), international treaties are meaningless because there's no way to determine if a participant has broken them. The second recommendation is even more alarming because it's using a loaded phrase that, in the past couple of years, has been wielded by those who advocate Orwellian solutions. The other article is a morass of conflicting messages. It presumes to focus on cyberwar, yet the bulk of the material deals with cybercrime and run-of-the-mill espionage. Then there's also the standard ploy of hypothetical scenarios: depicting how we might be attacked and what the potential outcome of these attacks could be. The author concludes with the ominous warning that terrorists 'prefer the gory theatre of suicide-bombings to the anonymity of computer sabotage — for now.' What's truly disturbing is that The Economist never goes beyond a superficial analysis of the topic to examine what's driving all of the fear, uncertainty, and doubt (PDF), a subject dealt with in this Lockdown 2010 white paper."
Economist is a private interest mouthpiece that serves whatever their financiers tell them to do, depending on what their backers need as policy at any given period. Judging from the contents of your summary, one can easily say that this time the group they are licking the boots of is RIAA.
The Economist has been around since 1843.
It is anchored in a classically liberal and centrist tradition - and has never been particularly well-known for boot-licking.
Too often when visiting here I find evidence that the eternally adolescent geek simply can't accept that there can be a principled opposition to his own set beliefs.
The Economist is the world's best weekly newspaper. If you read what they say about the RIAA, including the first article which mentions how the RIAA's agressive tactics aren't working and are a lesson to other industries on what _not_ to do, you'd know that the Economist takes a moderate view on intellectual property.
In particular, they often report on academic research showing that IP laws are too strong. For instance, this article (subscription required) called "Killing Creativity" is about how overly strong IP laws can smother innovation.
The logical conclusion should be, "disconnect security sensitive systems from the Internet, go back to the older ways of managing those systems and design more secure networks for those systems."
The reason that some people give 'cyberwar' more thought than that is that it's not as simple as you make it out to be. I'm a coauthor on a DOE sponsored paper (under security review, so no citation for now) that covers some more subtle aspects of the problem. The electrical grid can be attacked by compromising the control system if that system is internet connected, true. However, if a significant proportion of the electrical load for any one generator can be controlled via the internet, then that generator can be attacked via the internet without requiring any direct internet contact. Case in point, X10, Google, Microsoft, and many other companies are currently looking into home automation and controlling the home's electrical system via the computer. So, what happens the next time there's a runaway MS worm, but instead of just sending spam it gives control of the home automation system to the attacker? Simply by turning the power off in enough houses in an area, an attacker could actually cause physical damage to the power plant.
That's why we can't just dismiss the problem as "unhook the power plants from the internet." In a world that's increasingly hooked to the internet, we can't afford to overlook how the internet-connected components can possibly have an effect on the non-connected components.