Slashdot Mirror
The US-Soviet Cyber Cold War
Roberto123 writes "A security expert with the NSA says a cyber cold war is being waged that has significant parallels to the Cold War between the US and Soviet Union. Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software."
I expected the "Cyber cold war" to be way more matrix-y than this.
Uh huh. Is his assistant Mike Hunt by any chance?
RIP America
July 4, 1776 - September 11, 2001
Anyone else amused that the word "cyber" is still in use?
Living With a Nerd
meaning, 'controlling them'. maybe it would be much better if this 'security' shit is altogether forfeited. to provide 'security', we are restraining and controlling ourselves much more than a foreign occupant would actually do.
Read radical news here
Anyone else amused that the word "cyber" is still in use?
At least they didn't say "E-War"!
RIP America
July 4, 1776 - September 11, 2001
I don't want transparent security technology. I want security technology that I can see and touch and NEED to think about.
1.When its transparent it just gets abused and used against me for crap like DRM by people who haven't the right.
2.I want the confidence of knowing I have protection because I put it in place.
3.I want to be able to turn it off when need be to understand where a problem exists, the security layer or something else.
4.I don't trust my government to have my interests in mind much of the time, and as much as I distrust foreign governments and foreigners even more that dose not make me included to put the security of my information and communication in the hands of my own government which has proven its often inept and at times malicious.
5.Its my stuff nobody should be dictating to me how I protect it or don't as a matter of principle. Just as with my house its my right to leave the door unlocked if I want to and useless as that right might sound I am unprepared to give it up.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
This is where they argue that the "pipes" need to be smarter and the terminals (our devices) dumber.
Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
to provide 'security', we are restraining and controlling ourselves much more than a foreign occupant would actually do.
And that's much more profitable anyway if we do it ourselves. C.f. Chertoff's gains from his buddies at Rape^Hiscan.
Fed-up-edly,
"What in the name of Fats Waller is that?"
"A four-foot prune."
Cyberwar! It's like war, but for people too dumb to protect themselves.
Don't put critical systems or private data on anything attached to the public Internet. Regularly verify the physical integrity and isolation of all secure systems. For everything else, make regular backups to prevent wiping attacks. This is basic vigilance to protect vital assets.
What I'd like to suggest to every cheap-ass corporate exec that is counting on the government instead of internal IT staff to protect their networks, is to listen to how stupid that sounds.
(It's never too late to join the Renaissance)
What I'd like to suggest to every cheap-ass corporate exec that is counting on the government instead of internal IT staff to protect their networks, is to listen to how stupid that sounds.
It's only stupid if the execs in question are actually responsible, and held responsible, for failing to do proper due diligence. However, as corporate behaviour in the US has consistently shown for some time now, execs are routinely let off essentially scot-free, even in the case of obviously willful and malicious profit-seeking at the expense of the company and even market -- just have a look at Enron a few years ago, or Wall Street today.
Meanwhile, if execs can save a few bucks by essentially outsourcing network security to the Feds, and pocket the savings themselves in the form of bonuses or other compensation perquisites, then, in the ethical vacuum of US board rooms, they'd have to be mad to do otherwise.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
It makes those articles much more interesting to read.
From TFA:
Oh noes!!! The Nigerian scammers are taking our Freedom! Teenagers downloading our movies are stealing our way of life!!!
How about we focus on the real issues? Why don't the banks have a better means of verifying transactions?
I'm still more worried about nuclear missiles than I am about whether the newest Harry Potter movie is available on a torrent.
But that's just me.
Read up on Kerckhoff's principle. If you understand the principle then
Follow the rules of the Cyberwarfare Club
"The US-Soviet Cyber Cold War"
Silly me, I thought the Soviet Union hadn't existed for nearly two decades. Clearly I was mistaken, it has simply moved into the cyber-realm with cyber-Stalin at it's cyber-helm.
Cold War Two - Not 'Cyber Cold War'
Want to see more Russian women? There are ways. I even hear there are websites that let you "order" one as a kind of live-at-home model/spy. YMMV.
I live in constant fear of the Coming of the Red Spiders.
TFA makes no mention of a US-Soviet Cyber War. It instead compares current events to the actual US-Soviet cold war. Interesting that China wasn't mentioned at all.
He's propping up his job with whatever rhetoric he can dig up.
zOMG!!! It's like the nukes are coming back! But they're even badder now. We must fears them even moars! Fearz them! It's the only way I'll keep my job!
Instead, just a bit of modification on the side of the banks and we'd have almost no "identify theft" fraud.
But that doesn't happen because the banks don't want the cost of improving their security.
Not when that cost can be dumped onto us (the customers) and the retailers.
In the cold war, Americans were afraid of losing their freedom to the Soviet Union. But according to the article, the cyber cold war is about America holding on to its "intellectual property":
left hand of propoganda fails to meet right hand of propoganda.
Can't we simplify all this by saying Russia is Teh Evil Haxor on the odd hours and Russia is Teh Good Guy, helping out with the missile shield (and supplies to the US troops in Afghanistan) on the even hours?
Somehow, everyone is supposed to conveniently forget how the Clinton administration, with Richard Clarke as the national security advisor, handed the Chicoms the over-the-horizon missile targeting, placing them on par with the USA. And everyone is supposed to conveniently forget how the Bush administration, when Clarke was still in as national security advisor, allowed the highly classifed ball bearing factory in Ohio to be sold to the Chicoms. Sorry, Clarkey, but we won't but your trash.
Do you have to post at least 1 fear mongering story a day? Get off the CIA's propaganda payroll..
Uh, the Soviet Union has been gone for 19 years. I watched the Russian Federation flags go up 26 December 1991.
The Russian Federation is not the USSR. Neither is the PRC.
So, who, exactly is cyber-warring with whom ?
Are our kids going to have Global Cyber Annihilation Threat drills in school now?
Some ("Many" might be more appropriate here) of us still remember the cold war and lived in the small countries that bordered the soviet union. I lived in a country that bordered the soviet union and the risk of invasion was very real (the communist party also planned a revolution, even though they failed to carry that out) even without a large scale nuclear war. But the risk of the war - That only a few people would need to be too trigger happy and tomorrow the world as we know it might not exist - was always in the back of our minds. (Not saying that it was constant terror: Some of the best years of my life were during the cold war. But even if we were able to put the fear in the background, it was always there. Every news broadcast about the latest political tension between us and our large neighbour was a reminder of it.)
Speaking of "cyber war" is in itself a bit silly (cyber bombs destroying your house? cyber soldiers raping civilians? people dying on cyber prison camps? people starving and resorting to cannibalism under cyber siege? Cyber war has nothing to do with anything that we assosciate with war) but it might have some justification as we become more and more dependant on our IT infrastructure. However, it's rediculous to compare it to the cold war: If it would be like cold war (=we would have to live constantly aware of the fact that it is very possible that the world as we know it ceases to exist due to a few trigger happy officers) we wouldn't really need articles to tell us about it.
Seriously folks, how is my previous comment here off-topic? Executive malfeasance is a large part of what has made "cyberwar" possible. But for cutting corners, many of the glaringly large holes in the US national infrastructure vis-à-vis the internet would not exist.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
This guy gets it:
"The cyber security professionals that we are creating today have to make security invisible to the end user. "They have to make it inherent in the out-of-the-box product that you buy and the only way to do that is for us all to work together, industry, government and academia. We need to be partnering on this."
All this crap about "user awareness" is a dead end. It takes too much attention. The mess underneath needs to be fixed. It has to be automatic. (And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems._
The last high-level US Government professional to publicly point this out was Amit Yoran at Homeland Security. He named Microsoft as the problem. He was canned and replaced with a lobbyist.
Mr. Gorbachev, tear down this wall!
They'll say anything to get more control over the internet and your free expression.
Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software.
From the earliest days of the ARPAnet that led to the Internet, people have pointed out that it's pointless to build security into the network layer(s). Putting it there is a single point of failure that can be defeated by a single bribe to the right person. And the end users won't know that the network-level security has been compromised. If your security is supplied by a vendor along your message's route, that vendor has access to your message's contents, to do with as they please.
For this reason, it has been long understood that the only real security is in end-to-end encryption. Security at any lower level is merely a waste of cpu cycles and bandwidth. It can't be trusted by the users, who must supply their own security. So the network layer should work on supplying fast, reliable packet transport. Security belongs a higher level, out of control of the companies that deliver the packets.
Note that the most-used widely-available security package, SSL, works solely at the sender and receiver ends of a connection, and relies on the network for nothing but packet transport. And it supplies a list of encryption schemes, so if you learn or suspect that someone along the route has managed to crack your encryption, you can quickly change the scheme without the cooperation of any vendor supplying the links.
It is slowly getting through to a lot of people that the commercial Internet vendors have become a common source of data leaks, for well-understood commercial reasons. So relying on them to supply network-level security is an especially stupid idea. They will simply decode your data, and sell the contents to interested parties without your knowledge. Your only defense against this is to use encryption that they can't decode.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
NSA SIGINT guy, to paraphrase, claims that we really need to do something about this end-user "reasonable expectation of privacy," or my agency can collect no domestic signals intelligence, and I'm out of a job. It's just like the "Cold War!" Panic everybody.
And Microsoft stands behind him, ready to sell it, just like they were there to sell DRM/Palladium to Hollywood and the RIAA in 2000. Selling the same basic product. Trying to solve a human problem in software. How's that working out?
It is clear, however, that simplified, out-of-the-box security is the next big thing, as soon as we drum up a good reason to "need" all of it.
Microsoft is going to be a security company, not an OS vendor, in 20 years. That is, if they don't fail to deliver entirely. The "Cloud" plays into this, as it is inherently (and perhaps deliberately) less secure than storing your data on your own hardware, where you have that expectation of privacy. Just watch. Create the crisis then sell the solution. They'll have an entire campus in the National Business Park in Maryland.
I, OTOH, want my reasonable expectation of privacy. This is what the future looks like. MS is stepping up to the military-industrial complex. I encourage our government to opt-out, unless they prove they can deliver with a real respect for the law.
--
Toro
This is probably just PR crap like the last cold war....
Hardly. The sheer number of Chinese penetrations into our commercial and govt networks is astounding. The media is only reporting a few of the incidents, and the major breaches into the DOD are classified and never publicly disclosed.
The Soviet Union hasn't existed since 1991. Some of the countries that made up the Soviet Union are our allies. Are we at war with them too?
the communists! Actually, i think its a problem with the former soviet countries that have a low economic base, that turn to enterprises such as hacking, where there is money to be made and little penalties if your'e caught. The same can also apply to China and N. Korea, however there i think the motives may be more state sponsored. Think of the diaster the US would be in if china cut off all trade with us? Not to mention if they pentrated our finincial and corprate networks to steal money or intellectual property. You think the US is bad now...
But on a lighter side, they probally all hack away to the drumbeat of UVB-76!
War. War is Hell.
Cyber-war is cyber-hell. Full of cyberdemons. Bring a shotgun.
"Why don't the banks have a better means of verifying transactions?"
Why indeed.
There was a time when they did, and investment banks actually invested rather than allowing failed math and physics grad students self-restyled as "quants" and "wiz kids" gin up things like CDOs on Excel.
You'd think the gubmint would pay a little bit more attention to monitoring and regulating the practices that *have* *already* destroyed our country.
These Wall Street spreadsheet jockeys have already destroyed more wealth in this country than all the "cybercriminals" combined.
But going after Wall Street fraudsters just isn't a priority, because they have only destroyed middle-class people and shifted the blame to the poor.
By contrast "Cybercriminals" are actually a threat to the rich and the super-rich, and the government's job is to protect the wealth of the super-rich.
We the Collective welcome the deaths of each and every employee of The Transportation Securiy Administration.
Facts about T.S.A.:
1. T.S.A. has never identified a Terrrorist.
2. T.S.A. has never arrested a Terriorist, known or alledged.
3. Airline security has nothing to do with the Transporation Security Agency.
Why does the Transportation Security Agency exist?
T.S.A. exists for the pleasure of the President of the United States of America.
Given that the United States of America Citizens rebuked the infantile mind of Barak Hussain Obama, there is little doubt that the "Enhanced" airline passenger sucurity measures ... sexual harrasment by an agency of the Federal Government of the United States of America ... is retrobution by the President of the United States of America upon his presumed Subjects. Citizen does not equate with Subject ... Obama-kun.
Welcome to 1984.
I think ground zero in the security war always begins and ends with the spam industry, which seems to be at the forefront of exploitation.
Listen to that funding-generating rhetoric. We can kiss the open internet goodbye now. From now on it will be 'You can choose to have your packets x-rayed or groped.'
- For the complete works of Shakespeare: cat
This is probably just PR crap like the last cold war....
Hardly. The sheer number of Chinese penetrations into our commercial and govt networks is astounding. The media is only reporting sensational incidents, and the major breaches into the DOD are classified and never publicly disclosed.
There, fixed that for ya.
But the Cold War is over! David Kuo told me that the US won. Say it's still so, Kuo!
Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user
In contrast where the NSA has had the potential to hide backdoors (since Windows 95) and make everything so non-tranparent as they work on MS Windows security.
Since the work is undisclosed no one can confirm or deny these backdoors.
Makes you wonder what they're up to now.
http://support.microsoft.com/kb/885409
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems/microsoft_windows.shtml
I don't really see how this is like the Cold War. That would involve Soviet Russia. Seems to be closer to terrorism. Cyber terrorism...I think I've heard that one before...
"A security expert with the NSA .. says the way to fight the cyber cold war is by .. monitoring networks"
I don't know, how would giving the worlds number one spy agency access to my 'computer' make me more secure from the cyberterrorists? Just another pretext to spy on your own people. See the secret of room 641A
"It depends. If a "cyberwar" could do real damage to our infrastructure -- shutting down the power grid is the most commonly used example"
Look, anyone who connects the power grid to the Internet is criminally negligent and is the true 'cyber terrrorst'. Oh, wait you mean connecting Windows SCADA units to the Internet in the middle of a Windows virus infestation, no need to invoke terrorist their, just home grown idiots.
Blaster_worm_linked_to_severity_of_blackout
Is it cyber war or is it cyber crime?
http://www.examiner.com/independent-in-boston/the-growing-threat-of-economic-cyber-crime
Whats the difference?
the growing threat of cybercrime
Hey, maybe I shouldn't be critical of such positive mods, but I'm a bit worried that my post has a "5 insightful" mod, with most of the mods being "insightful". This could be taken as a sign of the low quality of a lot of the moderation here. After all, I didn't write anything the least bit original. I was just saying what any number of security people have been saying for longer than I've been involved in computer software. Everything I wrote is common in the technical literature about network security. So there's really nothing "insightful" at all about it on my part. Maybe "informative", since that reasonably applies to writing about specialized knowledge in a forum where people may not be familiar with the specialty. But it takes no insight at all to merely quote what the technical experts have been saying for decades.
I wonder if there's something we can do to improve this sort of mis-moderation? After all, poorly-done positive mods are every bit as misleading as poorly-done negative mods. Both produce poor results that don't help the reader. Anyone got any good suggestions?
Oh, yeah: ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.