Slashdot Mirror

← Back to Stories (view on slashdot.org)

The US-Soviet Cyber Cold War

Posted by samzenpus on from the mutually-assured-ddos dept.

Roberto123 writes "A security expert with the NSA says a cyber cold war is being waged that has significant parallels to the Cold War between the US and Soviet Union. Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software."

6 of 117 comments (clear)

  1. Screw transparency by DarkOx · · Score: 4, Insightful

    I don't want transparent security technology. I want security technology that I can see and touch and NEED to think about.

    1.When its transparent it just gets abused and used against me for crap like DRM by people who haven't the right.
    2.I want the confidence of knowing I have protection because I put it in place.
    3.I want to be able to turn it off when need be to understand where a problem exists, the security layer or something else.
    4.I don't trust my government to have my interests in mind much of the time, and as much as I distrust foreign governments and foreigners even more that dose not make me included to put the security of my information and communication in the hands of my own government which has proven its often inept and at times malicious.
    5.Its my stuff nobody should be dictating to me how I protect it or don't as a matter of principle. Just as with my house its my right to leave the door unlocked if I want to and useless as that right might sound I am unprepared to give it up.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  2. Re:Question by maxwell+demon · · Score: 5, Insightful

    Anyone else amused that the word "cyber" is still in use?

    I'm more amused about the "Soviet" part.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  3. It's even more boring. by khasim · · Score: 4, Interesting

    From TFA:

    "This is life and death and about our freedom and our way of life," he's not talking about the Soviet Union firing nuclear missiles at the U.S. or infiltrating our government with spies bent on subversion. He's talking about cyber criminals hacking into personal, business or government computers, stealing information, intellectual property and/or money.

    Oh noes!!! The Nigerian scammers are taking our Freedom! Teenagers downloading our movies are stealing our way of life!!!

    How about we focus on the real issues? Why don't the banks have a better means of verifying transactions?

    I'm still more worried about nuclear missiles than I am about whether the newest Harry Potter movie is available on a torrent.

    But that's just me.

  4. Re:Cyberwar is for the incompetent by Sulphur · · Score: 4, Funny

    Check to see if your mouse is roaring.

  5. Someone who gets it. by Animats · · Score: 5, Insightful

    This guy gets it:

    "The cyber security professionals that we are creating today have to make security invisible to the end user. "They have to make it inherent in the out-of-the-box product that you buy and the only way to do that is for us all to work together, industry, government and academia. We need to be partnering on this."

    All this crap about "user awareness" is a dead end. It takes too much attention. The mess underneath needs to be fixed. It has to be automatic. (And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems._

    The last high-level US Government professional to publicly point this out was Amit Yoran at Homeland Security. He named Microsoft as the problem. He was canned and replaced with a lobbyist.

  6. Network security an oxymoron? by jc42 · · Score: 4, Insightful

    Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software.

    From the earliest days of the ARPAnet that led to the Internet, people have pointed out that it's pointless to build security into the network layer(s). Putting it there is a single point of failure that can be defeated by a single bribe to the right person. And the end users won't know that the network-level security has been compromised. If your security is supplied by a vendor along your message's route, that vendor has access to your message's contents, to do with as they please.

    For this reason, it has been long understood that the only real security is in end-to-end encryption. Security at any lower level is merely a waste of cpu cycles and bandwidth. It can't be trusted by the users, who must supply their own security. So the network layer should work on supplying fast, reliable packet transport. Security belongs a higher level, out of control of the companies that deliver the packets.

    Note that the most-used widely-available security package, SSL, works solely at the sender and receiver ends of a connection, and relies on the network for nothing but packet transport. And it supplies a list of encryption schemes, so if you learn or suspect that someone along the route has managed to crack your encryption, you can quickly change the scheme without the cooperation of any vendor supplying the links.

    It is slowly getting through to a lot of people that the commercial Internet vendors have become a common source of data leaks, for well-understood commercial reasons. So relying on them to supply network-level security is an especially stupid idea. They will simply decode your data, and sell the contents to interested parties without your knowledge. Your only defense against this is to use encryption that they can't decode.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.