Slashdot Mirror
The US-Soviet Cyber Cold War
Roberto123 writes "A security expert with the NSA says a cyber cold war is being waged that has significant parallels to the Cold War between the US and Soviet Union. Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software."
Uh huh. Is his assistant Mike Hunt by any chance?
RIP America
July 4, 1776 - September 11, 2001
Anyone else amused that the word "cyber" is still in use?
Living With a Nerd
Anyone else amused that the word "cyber" is still in use?
At least they didn't say "E-War"!
RIP America
July 4, 1776 - September 11, 2001
I don't want transparent security technology. I want security technology that I can see and touch and NEED to think about.
1.When its transparent it just gets abused and used against me for crap like DRM by people who haven't the right.
2.I want the confidence of knowing I have protection because I put it in place.
3.I want to be able to turn it off when need be to understand where a problem exists, the security layer or something else.
4.I don't trust my government to have my interests in mind much of the time, and as much as I distrust foreign governments and foreigners even more that dose not make me included to put the security of my information and communication in the hands of my own government which has proven its often inept and at times malicious.
5.Its my stuff nobody should be dictating to me how I protect it or don't as a matter of principle. Just as with my house its my right to leave the door unlocked if I want to and useless as that right might sound I am unprepared to give it up.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Cyberwar! It's like war, but for people too dumb to protect themselves.
Don't put critical systems or private data on anything attached to the public Internet. Regularly verify the physical integrity and isolation of all secure systems. For everything else, make regular backups to prevent wiping attacks. This is basic vigilance to protect vital assets.
What I'd like to suggest to every cheap-ass corporate exec that is counting on the government instead of internal IT staff to protect their networks, is to listen to how stupid that sounds.
(It's never too late to join the Renaissance)
What I'd like to suggest to every cheap-ass corporate exec that is counting on the government instead of internal IT staff to protect their networks, is to listen to how stupid that sounds.
It's only stupid if the execs in question are actually responsible, and held responsible, for failing to do proper due diligence. However, as corporate behaviour in the US has consistently shown for some time now, execs are routinely let off essentially scot-free, even in the case of obviously willful and malicious profit-seeking at the expense of the company and even market -- just have a look at Enron a few years ago, or Wall Street today.
Meanwhile, if execs can save a few bucks by essentially outsourcing network security to the Feds, and pocket the savings themselves in the form of bonuses or other compensation perquisites, then, in the ethical vacuum of US board rooms, they'd have to be mad to do otherwise.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
That wouldn't be just a Cold War, that would be a seriously Cool War.
Ezekiel 23:20
From TFA:
Oh noes!!! The Nigerian scammers are taking our Freedom! Teenagers downloading our movies are stealing our way of life!!!
How about we focus on the real issues? Why don't the banks have a better means of verifying transactions?
I'm still more worried about nuclear missiles than I am about whether the newest Harry Potter movie is available on a torrent.
But that's just me.
Want to see more Russian women? There are ways. I even hear there are websites that let you "order" one as a kind of live-at-home model/spy. YMMV.
I live in constant fear of the Coming of the Red Spiders.
He's propping up his job with whatever rhetoric he can dig up.
zOMG!!! It's like the nukes are coming back! But they're even badder now. We must fears them even moars! Fearz them! It's the only way I'll keep my job!
Instead, just a bit of modification on the side of the banks and we'd have almost no "identify theft" fraud.
But that doesn't happen because the banks don't want the cost of improving their security.
Not when that cost can be dumped onto us (the customers) and the retailers.
In the cold war, Americans were afraid of losing their freedom to the Soviet Union. But according to the article, the cyber cold war is about America holding on to its "intellectual property":
Uh, the Soviet Union has been gone for 19 years. I watched the Russian Federation flags go up 26 December 1991.
The Russian Federation is not the USSR. Neither is the PRC.
So, who, exactly is cyber-warring with whom ?
Some ("Many" might be more appropriate here) of us still remember the cold war and lived in the small countries that bordered the soviet union. I lived in a country that bordered the soviet union and the risk of invasion was very real (the communist party also planned a revolution, even though they failed to carry that out) even without a large scale nuclear war. But the risk of the war - That only a few people would need to be too trigger happy and tomorrow the world as we know it might not exist - was always in the back of our minds. (Not saying that it was constant terror: Some of the best years of my life were during the cold war. But even if we were able to put the fear in the background, it was always there. Every news broadcast about the latest political tension between us and our large neighbour was a reminder of it.)
Speaking of "cyber war" is in itself a bit silly (cyber bombs destroying your house? cyber soldiers raping civilians? people dying on cyber prison camps? people starving and resorting to cannibalism under cyber siege? Cyber war has nothing to do with anything that we assosciate with war) but it might have some justification as we become more and more dependant on our IT infrastructure. However, it's rediculous to compare it to the cold war: If it would be like cold war (=we would have to live constantly aware of the fact that it is very possible that the world as we know it ceases to exist due to a few trigger happy officers) we wouldn't really need articles to tell us about it.
This guy gets it:
"The cyber security professionals that we are creating today have to make security invisible to the end user. "They have to make it inherent in the out-of-the-box product that you buy and the only way to do that is for us all to work together, industry, government and academia. We need to be partnering on this."
All this crap about "user awareness" is a dead end. It takes too much attention. The mess underneath needs to be fixed. It has to be automatic. (And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems._
The last high-level US Government professional to publicly point this out was Amit Yoran at Homeland Security. He named Microsoft as the problem. He was canned and replaced with a lobbyist.
Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software.
From the earliest days of the ARPAnet that led to the Internet, people have pointed out that it's pointless to build security into the network layer(s). Putting it there is a single point of failure that can be defeated by a single bribe to the right person. And the end users won't know that the network-level security has been compromised. If your security is supplied by a vendor along your message's route, that vendor has access to your message's contents, to do with as they please.
For this reason, it has been long understood that the only real security is in end-to-end encryption. Security at any lower level is merely a waste of cpu cycles and bandwidth. It can't be trusted by the users, who must supply their own security. So the network layer should work on supplying fast, reliable packet transport. Security belongs a higher level, out of control of the companies that deliver the packets.
Note that the most-used widely-available security package, SSL, works solely at the sender and receiver ends of a connection, and relies on the network for nothing but packet transport. And it supplies a list of encryption schemes, so if you learn or suspect that someone along the route has managed to crack your encryption, you can quickly change the scheme without the cooperation of any vendor supplying the links.
It is slowly getting through to a lot of people that the commercial Internet vendors have become a common source of data leaks, for well-understood commercial reasons. So relying on them to supply network-level security is an especially stupid idea. They will simply decode your data, and sell the contents to interested parties without your knowledge. Your only defense against this is to use encryption that they can't decode.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
War. War is Hell.
Cyber-war is cyber-hell. Full of cyberdemons. Bring a shotgun.
"Why don't the banks have a better means of verifying transactions?"
Why indeed.
There was a time when they did, and investment banks actually invested rather than allowing failed math and physics grad students self-restyled as "quants" and "wiz kids" gin up things like CDOs on Excel.
You'd think the gubmint would pay a little bit more attention to monitoring and regulating the practices that *have* *already* destroyed our country.
These Wall Street spreadsheet jockeys have already destroyed more wealth in this country than all the "cybercriminals" combined.
But going after Wall Street fraudsters just isn't a priority, because they have only destroyed middle-class people and shifted the blame to the poor.
By contrast "Cybercriminals" are actually a threat to the rich and the super-rich, and the government's job is to protect the wealth of the super-rich.