Slashdot Mirror
Chertoff Advocates Cyber Cold War
Jack Spine writes "The US and allied countries should formulate a doctrine to apply the principles of nuclear deterrence to cyber attacks and cyber espionage, according to former US Homeland Security secretary Michael Chertoff. No matter that it's very difficult to attribute the source of cyber attacks — just take punitive action against the platform being used to attack, says Chertoff."
...nation states should be able to act against technologies in countries being used as a platform for attack...
So, nuke Redmond?
Just like we took punitive action against Logan Airport and United Airlines for 9/11? Oh, right.
When "our adversary" uses the likes of Google or Akamai or British Telecom against us in a cyberattack, we're going to return fire on those platforms?
Hey, I'm putting a scheme together about the RIAA...
[
"Cyber" is the vague sort of word that Government Management uses in an attempt to sound technologically astute. As soon as you hear a phrase such as "cyber war", you know you are dealing with a management automaton paddling beyond its depth.
It's interesting to note that this term is a back-formation made from "cybernetics":
"From Greek kubernts, governor, from kubernn, to govern."
Makes it sound as though this is another war that being invented by the government to spend the people's money to take the people's freedom away.
Rich And Stupid is not so bad as Working For Rich And Stupid.
Anyone can fake the origin of a attack, so the basic rule about this is: never attack the attackers. If you do this, you can be used as a means to attack others!.. like your cpu power be used as part of a DDoS against a third party.
Internet just don't work like that.
-Woof woof woof!
For once, this is a proposal from the security theater industry that isn't batshit insane. You DDOS us, we null-route the offending nodes, or we politely ask whoever supplies your country with connectivity to do it on our behalf. You DDOS an airline reservation system, stranding millions, and we null-route your country until its uncooperative ISPs learn to play nice. You DDOS an air traffic control system so hard that you actually start killing people, and we not only null-route the country until the dust settles, but we also reserve the right to shut down the offending data center with a LART, presumably in the form of an earth-penetrating mallet. (And we expect that you will do the same to us, if our roles are reversed.)
The present situation is that we run around like chickens with our heads cut off, make vague fearmongering sounds about "what if", and apply for increased funding. That'll happen too, but at least this way there'll be some ground rules as to what sort of retaliation is permissible. Go ahead and spy on us (if we catch you, we'll block you). Try to poke at us (but don't do much damage) and we'll get annoyed. Break our toys, and we'll break your toys. Do collateral damage, and the gloves come off.
Seems to me these people still do not understand the threat. This is not warfare. It is vandalism, petty theft, corporate espionage and maybe some extortion. You cannot fight crime of this sort with a cold-war strategy. Several reasons:
This strikes me as basically an over-aggressive, "bully"-type strategy by people that like to employ violence, but are not very bright. It is doomed to fail from the onset. The situation is a bit similar to the "war on terror", but more like a "war on (petty) Internet crime". Fighting crime with military means has never worked and will never work. The way to fight crime is by I) better securing your property (but especially the government and military seems to be hugely incompetent in that area) and II) standard police work. The added complication is that this is an international problem, something the US is notoriously bad at tackling, since they do not understand the rest of the world at all. But bombing shoplifters is not something that is going to work, ever, and even not very bright people should be able to understand that.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
While I'm sympathetic to Chertoff's views, the problem remains that the tools he suggests are both too blunt for the purpose and may actually reveal important, low risk information for the adversary. As the title suggests, the US has a many decades history, since the Second World War, of using progressively more selected and targeted means of killing people. There are two reasons for this. A more focused weapon inflicts more damage on the intended recipients and less damage on third parties. However, to be used effectively, you need to have intelligence on your foes and sufficient control of the weapon so that it hits what you want it to hit.
For example, in the absence of any intelligence, other than that "bad guy" insurgents are hiding in a certain city, then a nuclear bomb would be more effective than a smart bomb for causing harm to the enemy. The drawbacks of such a brutal and lazy strategy are pretty obvious, from huge loss of innocent life to the possibility that most of the bad guys survive the nuclear attack (maybe they're in a bunker or spread out so that a nuclear burst takes out only a few at a time). A smart bomb would be useless, a bad guy is more likely to die from traffic accidents.
OTOH, intelligence on where exactly the "bad guys" are leads to the smart bomb being much more effective. A smart bomb delivered right to the basement is more effective than a nuclear bomb blindly lofted a dozen miles away.
That sums up what I see as the first problem with Chertoff's proposals. Since the force is not focused nor based on decent intelligence, it doesn't harm the foe and harms innocents instead.
Second, unfocused harm has the tendency to warn the enemy that you know something before you get a chance to significant damage to them. A worst case here would be a rigid retaliation procedure that a foe could use to map out the sensitivity of your defenses and deliberately trigger unpopular retaliation attacks on innocent targets.
As it stands, there apparently is a large scale, systematic looting of US (and developed world) knowledge by unknown parties (often thought to be the Chinese government or Russian underworld). There should be a price paid for trying to steal millions or billions of dollars of information. I think that Chertoff's suggested approach is a losing strategy that doesn't help the US mitigate the loss from such activities.
Terrorism is only scary to people who shouldn't have been let past the third grade. Even irrational people understand their risk of death by terrorism is pretty much nil, compared to say their risk of horrible death involving decapitation and other hilarious ends while driving.
"Cybersecurity", though?
Computers are strange, wondrous magic boxes for the vast majority of the population. Even for the supposed tech whiz 'next generation'. Oh, sure, kids these days understand Twitter. They sure as hell don't understand TCP/IP. What better platform, then, to force Americans to do what we do best? Wet our pants in baseless fear and beg our government to strip us of our freedom.
OH NOES OSAMA IS WHISTLIN' INTO A PHONE AND LAUNCHING NOOKS FROM SATELLITES! :O SAVE ME, GOVERNMENT!
*sigh*
Destroying the countries where attacks originate is a broken doctrine, IMO. Use of force should always be measured, and focused, lest history revile us. The ease of false flag operations in "cyberspace" make the nature of our responses to attacks even more important. I would dismiss Chertoff out of hand were it not for the possibility that, rather than harmless BS, talk like this may encourage a doctrine that will allow our government to start wars and engage in various intrigues, to evil ends. Chertoff co-birthed the anti-Christ fetus disingenuously called the "USA PATRIOT" act, so we should tell him to take his "overwhelming force" and sell crazy some place else. We seem to be stocked up already.
You're right. An eye for an eye, a tooth for a tooth, and soon you need seeing-eye dogs and dentures.
With two million botted machines in the US alone (a conservative estimate), you could piss off a lot of homies, too. I don't think Chartoff realizes just how many pawns there are, ready to march, and give him a bad day. That we don't consider those pawns as attackers-in-waiting is a fool's blindness.
---- Teach Peace. It's Cheaper Than War.
The other sad thing is that we still haven't paid for it.
There is no way it was successfull for the US, it was a stupid and unnecessary pissing match from day one. An embarassment for the country. I am still against having a standing army. We have no need to have forces outside of our borders. Its a shameful waste.
-Steve
"I opened my eyes, and everything went dark again"
the morality may be flawed.
"May be?" Saying the morality of this "may be flawed" is like saying my pet unicorn "may be flawed". There is no morality in it, period. It's completely immoral, plain and simple. The Stasi are evil, and so is Chertov. But it is logical to hire a man without morals to head an immoral agency that should never have existed in the first place.
Free Martian Whores!