Slashdot Mirror
Chertoff Advocates Cyber Cold War
Jack Spine writes "The US and allied countries should formulate a doctrine to apply the principles of nuclear deterrence to cyber attacks and cyber espionage, according to former US Homeland Security secretary Michael Chertoff. No matter that it's very difficult to attribute the source of cyber attacks — just take punitive action against the platform being used to attack, says Chertoff."
...nation states should be able to act against technologies in countries being used as a platform for attack...
So, nuke Redmond?
So long as they don't respond to a DDoS with one of their own, but with a targeted attack designed to silence the particular nodes in question, then it's probably a good thing. It's not like it's not possible to keep logs to see if these guys are operating outside their mandate.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Just like we took punitive action against Logan Airport and United Airlines for 9/11? Oh, right.
When "our adversary" uses the likes of Google or Akamai or British Telecom against us in a cyberattack, we're going to return fire on those platforms?
Hey, I'm putting a scheme together about the RIAA...
[
"Cyber" is the vague sort of word that Government Management uses in an attempt to sound technologically astute. As soon as you hear a phrase such as "cyber war", you know you are dealing with a management automaton paddling beyond its depth.
It's interesting to note that this term is a back-formation made from "cybernetics":
"From Greek kubernts, governor, from kubernn, to govern."
Makes it sound as though this is another war that being invented by the government to spend the people's money to take the people's freedom away.
Rich And Stupid is not so bad as Working For Rich And Stupid.
Maybe we should all take our shoes off for inspection before we get online. Or make us wait in an unguarded corral area for half an hour before we can enter the secured area. Or randomly pull users aside for full system scans. Or force users to their own drink breast milk before logging in.
I sure as hell don't want them "attacking" computers online.
Anyone can fake the origin of a attack, so the basic rule about this is: never attack the attackers. If you do this, you can be used as a means to attack others!.. like your cpu power be used as part of a DDoS against a third party.
Internet just don't work like that.
-Woof woof woof!
For once, this is a proposal from the security theater industry that isn't batshit insane. You DDOS us, we null-route the offending nodes, or we politely ask whoever supplies your country with connectivity to do it on our behalf. You DDOS an airline reservation system, stranding millions, and we null-route your country until its uncooperative ISPs learn to play nice. You DDOS an air traffic control system so hard that you actually start killing people, and we not only null-route the country until the dust settles, but we also reserve the right to shut down the offending data center with a LART, presumably in the form of an earth-penetrating mallet. (And we expect that you will do the same to us, if our roles are reversed.)
The present situation is that we run around like chickens with our heads cut off, make vague fearmongering sounds about "what if", and apply for increased funding. That'll happen too, but at least this way there'll be some ground rules as to what sort of retaliation is permissible. Go ahead and spy on us (if we catch you, we'll block you). Try to poke at us (but don't do much damage) and we'll get annoyed. Break our toys, and we'll break your toys. Do collateral damage, and the gloves come off.
Seems to me these people still do not understand the threat. This is not warfare. It is vandalism, petty theft, corporate espionage and maybe some extortion. You cannot fight crime of this sort with a cold-war strategy. Several reasons:
This strikes me as basically an over-aggressive, "bully"-type strategy by people that like to employ violence, but are not very bright. It is doomed to fail from the onset. The situation is a bit similar to the "war on terror", but more like a "war on (petty) Internet crime". Fighting crime with military means has never worked and will never work. The way to fight crime is by I) better securing your property (but especially the government and military seems to be hugely incompetent in that area) and II) standard police work. The added complication is that this is an international problem, something the US is notoriously bad at tackling, since they do not understand the rest of the world at all. But bombing shoplifters is not something that is going to work, ever, and even not very bright people should be able to understand that.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Its such a great idea. The first cold war was so successful, lets have another...
There is no -1 disagree
While I'm sympathetic to Chertoff's views, the problem remains that the tools he suggests are both too blunt for the purpose and may actually reveal important, low risk information for the adversary. As the title suggests, the US has a many decades history, since the Second World War, of using progressively more selected and targeted means of killing people. There are two reasons for this. A more focused weapon inflicts more damage on the intended recipients and less damage on third parties. However, to be used effectively, you need to have intelligence on your foes and sufficient control of the weapon so that it hits what you want it to hit.
For example, in the absence of any intelligence, other than that "bad guy" insurgents are hiding in a certain city, then a nuclear bomb would be more effective than a smart bomb for causing harm to the enemy. The drawbacks of such a brutal and lazy strategy are pretty obvious, from huge loss of innocent life to the possibility that most of the bad guys survive the nuclear attack (maybe they're in a bunker or spread out so that a nuclear burst takes out only a few at a time). A smart bomb would be useless, a bad guy is more likely to die from traffic accidents.
OTOH, intelligence on where exactly the "bad guys" are leads to the smart bomb being much more effective. A smart bomb delivered right to the basement is more effective than a nuclear bomb blindly lofted a dozen miles away.
That sums up what I see as the first problem with Chertoff's proposals. Since the force is not focused nor based on decent intelligence, it doesn't harm the foe and harms innocents instead.
Second, unfocused harm has the tendency to warn the enemy that you know something before you get a chance to significant damage to them. A worst case here would be a rigid retaliation procedure that a foe could use to map out the sensitivity of your defenses and deliberately trigger unpopular retaliation attacks on innocent targets.
As it stands, there apparently is a large scale, systematic looting of US (and developed world) knowledge by unknown parties (often thought to be the Chinese government or Russian underworld). There should be a price paid for trying to steal millions or billions of dollars of information. I think that Chertoff's suggested approach is a losing strategy that doesn't help the US mitigate the loss from such activities.
I'm all for cyber espionage, especially if the data is leaked all over. Perhaps people would figure out how manipulated they are.
Build your own energy sources from scratch. http://otherpower.com/
The problem is collateral damage. What is more likely the nation of Elbonia is attacking the United States by DOSing an airport reservation system? or a competing airline hired some crackers to harm the competition, and those crackers have rooted some machines at the national ISP of Elbonia, that they do it with?
So we respond by routing the entire nation via 127.0.0.1, which is great in that it solves the problem but it probably denies all sorts of services to innocent people, and I am not talking about Mohamed's Netflix subscription, what about that X-Ray the surgeons there wanted a consult on, and the nations telephone system which is IP based at least for international calls. Oh and hey the assembly plant GM is trying to operate there, etc etc. All this is going to do is make small problems big ones.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Terrorism is only scary to people who shouldn't have been let past the third grade. Even irrational people understand their risk of death by terrorism is pretty much nil, compared to say their risk of horrible death involving decapitation and other hilarious ends while driving.
"Cybersecurity", though?
Computers are strange, wondrous magic boxes for the vast majority of the population. Even for the supposed tech whiz 'next generation'. Oh, sure, kids these days understand Twitter. They sure as hell don't understand TCP/IP. What better platform, then, to force Americans to do what we do best? Wet our pants in baseless fear and beg our government to strip us of our freedom.
OH NOES OSAMA IS WHISTLIN' INTO A PHONE AND LAUNCHING NOOKS FROM SATELLITES! :O SAVE ME, GOVERNMENT!
*sigh*
Destroying the countries where attacks originate is a broken doctrine, IMO. Use of force should always be measured, and focused, lest history revile us. The ease of false flag operations in "cyberspace" make the nature of our responses to attacks even more important. I would dismiss Chertoff out of hand were it not for the possibility that, rather than harmless BS, talk like this may encourage a doctrine that will allow our government to start wars and engage in various intrigues, to evil ends. Chertoff co-birthed the anti-Christ fetus disingenuously called the "USA PATRIOT" act, so we should tell him to take his "overwhelming force" and sell crazy some place else. We seem to be stocked up already.
I propose ignoring Chertoff.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
The other sad thing is that we still haven't paid for it.
There is no way it was successfull for the US, it was a stupid and unnecessary pissing match from day one. An embarassment for the country. I am still against having a standing army. We have no need to have forces outside of our borders. Its a shameful waste.
-Steve
"I opened my eyes, and everything went dark again"
Perhaps. The operating theory here, I think, is that at some point, a government will stop doing such idiotic things as cyber warfare because the costs are too high. Just like the threat of economic sanctions.
Part of the problem, however, is that for all the "control" we might have over the internet, it's a global network that by design can't just be turned off like that. Personally, I think that good old fashioned, "Oh, you shutdown our air traffic control system? Here, we'll shut down your airspace by destroying anything that gets more than five feet off the ground." is more effective. Excessive? You bet. That's the whole bloody point of MAD. Cyberwarfare cannot be part of a MAD policy unless you are prepared to destroy the physical connections.
Frankly, this proposal sounds like someone doesn't understand how this works. Countries like China really don't give a hoot if you block them from the internet - they'll find a way around whatever blocks you put in place, and crush (literally) anyone who internally dissents against their policies. Most of the general public has no idea this is happening. Perhaps a better solution would be raising a stink in a very public fashion at the UN, getting an international treaty in place, and *then* make it your official policy to react to cyber attacks with real, physical attacks. Otherwise, this is going to just keep happening with no real danger of reprisal that means anything to most of the countries engaged in this. Meanwhile, those nations that aren't actively trying to break things (merely spy, which is quite different) are going to get hit worse and worse with public sector damage.
No big surprise.
Chertoff was the head of DHS who hired Stasi officers - like Markus Wolf - to design plans fro a mandatory ID programme, like that used to control freedom of movement in the former East Germany.
"Chertoff is credited with authoring the Patriot Act, the 300-plus page blueprint for the modern National Security State; patterned to great extent on the successes of the KGB in the Soviet system. He's admired among his Bush cadres for making sure that government surveillance operates at maximum efficiency. Under his stewardship at the Dept of Justice, the 4th amendment has withered like summer grass. The long-held belief that citizens, have a right to a "reasonable expectation of privacy" has buckled under the demands of
"Big Brother" and the new "intrusive" security paradigm."
And: "Chertoff's record of failure at Justice is second only to that of Ashcroft. His 4 year tenure hasn't produced even one identifiable success. (Check out his "obstruction of justice" in the John Walker Lindh case on Democracy Now)
Instead, his personal ineptitude and his palpable contempt for the law have only showered more disgrace on the institution of American justice. That probably explains why he's being moved up the bureaucratic dog-pile to the top rung of Homeland Security. In Bush-world "failing upwards" is more commonplace than cowboy boots at a Crawford tent-show."
Falliing Upwards: The Rise of Michael Chertoff
Before this? He was an Assistant Attorney General - who enabled Chiquita to escape prosecution for hiring private, right-wing death squads - to suppress fair-trade practices from emerging in the banana plantations of Colombia.
"Chiquita, [company officials told Chertoff], would have to pull out of the country if it could not continue to pay the violent right-wing group to secure its Colombian banana plantations. Chertoff...affirmed that the payments were illegal but said to wait for more feedback, according to five sources familiar with the meeting...Sources close to Chiquita say that Chertoff never did get back to the company or its lawyers. Neither did Larry D. Thompson, the deputy attorney general, whom Chiquita officials sought out after Chertoff left his job for a federal judgeship in June 2003. And Chiquita kept making payments for nearly another year."
Chertoff, Chiquita and Death Squads
Now, this Mossad-tool wants to escalate the idea - absurd to those with a deep, functional knowledge of IP switched networking - of Cyber Cold War.
This is another part of the steady drumbeat to get a CCOIA type law passed - so the US gets its own "Great Firewall of China".
Chertoff DOES have a real enemy that he wants to damage in his cyberwar: the enemy is YOU.
"Flyin' in just a sweet place,
Never been known to fail..."
The worst part about a standing army is that it creates two functional classes of citizens that do not share the same fundamental need.
Those that have signed their right of refusal over to the government should not be permitted to vote or participate in political events or debates until the right of self-determination is legally returned to them.
During their period of service they must be treated as exactly what they signed up to be - fleshbots for whoever comes to power during their tour.
Chertoff was behind the preposterous program on CNN where a collection of lawyers sat around trying to play techies on TV. Most of them were probably technology challenged, and they focused on legal nonsense to deal with a weird technical scenario (a malicious cell phone app goes wild and shuts down the power grid).
His crazy ideas led to the proposal to shut down the Internet in the event of national emergency.
When he was in office he was behind a stunt where a cybersecurity attack was assumed and a piece of equipment was misused and rigged to tear itself apart -- on TV -- by doing something that has been known for decades to be a no-no.
The only value of Chertoff's nonsense is publicity for the issue. Everything beyond that is idiocy.
Cybersecurity is clearly a serious concern and work needs to be done to improve it for critical infrastructure. But off-the-wall ideas coming from Chertoff are not the way to move forward. Instead, we should have people who know what they are doing lead the effort.