Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier Recommends Nuclear-Style Cyberwar Hotlines, Treaties

Posted by Soulskill on from the mr-president-tear-down-that-firewall dept.

strawberryshakes writes "Cyberwar is the new nuclear war. Bruce Schneier says governments should establish hotlines and treaties outlining the protocol surrounding cyberwar, just as they would for any other war. He wrote in the Financial Times (paywalled, but available through Google), 'A first step would be a hotline between the world’s cyber commands, modelled after similar hotlines among nuclear commands. This would at least allow governments to talk to each other, rather than guess where an attack came from. More difficult, but more important, are new cyberwar treaties. These could stipulate a no first use policy, outlaw unaimed weapons, or mandate weapons that self-destruct at the end of hostilities. The Geneva Conventions need to be updated too. Cyber weapons beg to be used, so limits on stockpiles, and restrictions on tactics, are a logical end point. International banking, for instance, could be declared off-limits. Whatever the specifics, such agreements are badly needed.'"

11 of 123 comments (clear)

  1. Stockpiles?...of cyber weapons? by Last_Available_Usern · · Score: 4, Funny

    What exactly is a stockpile of cyber weapons? A room full of nerds and a case of Mountain Dew?

    1. Re:Stockpiles?...of cyber weapons? by Sarten-X · · Score: 4, Insightful

      Probably something along the lines of a number of botnets, zombies, secret 0-days vulnerabilities, etc.

      It's pretty easy to picture governments building up large botnets of their own machines, ready to tear down any site they want. Limits on that would be good, I think.

      --
      You do not have a moral or legal right to do absolutely anything you want.
  2. Or by 0123456 · · Score: 3, Insightful

    We could just ban the use of Windows in critical IT infrastructure.

  3. bad analogy ! by JonySuede · · Score: 4, Insightful

    Cyberwar is the new nuclear war.

    No it's not. it used to be that nuclear weapons were out of reach for a private entity. It is not the case with cyberweapons. How do you regulate the action of the mafia or the triads ? How do you apply a treaty onto an individual ? Treaty and regulation works for limited availability weapon but for something as easy to produce, I dont see how it could work.

    --
    Jehovah be praised, Oracle was not selected
    1. Re:bad analogy ! by N0Man74 · · Score: 3, Insightful

      Exactly. Such an idea is rather worthless.

      Threats to networks could come from governments, but they can also come from extremists, corporations, hobbyists, or a legion of meme-spewing 4-channers.

      The targets can be just as varied. They might target corporate networks, government networks, utility infrastructures, or a website that happens to of highly political interest.

      Even if governments agree to such treaties, how do we know that they won't operate secretly anyway, and just blame cyber criminals or rogue groups if they do launch an attack? It's not like data packets in cyber attacks carry flags.

  4. Exaggeration by flyingfsck · · Score: 3, Insightful

    Hmm, he seems to be seriously exaggerating the threat. Network attacks are very easy to defend against and the damage is negligible compared to a real military attack. So this is plain stupid.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  5. Cyberwar Hotline by HTH+NE1 · · Score: 4, Funny

    "Hello, cyberwar hotline. Have you tried turning it off and back on again?"

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  6. Re:Oh, please. by memyselfandeye · · Score: 3, Interesting

    Gimme a break. When I see a hacker kill off 100,000 people, then I'll take that statement seriously.

    Jesus Christ, hyperbole is becoming the norm these days.

    QFT! Last time I checked a DDOS isn't capable of evaporating several hundred square miles like an ICBM with 6x600kT warheads. I think our leaders and 'thinkers' need to play around with a google maps mashup here, and see some friggin' clarity!

  7. cyberwar isn't about nation-states! by strangelovian · · Score: 3, Insightful

    Schneier is assuming that in cyberwar the main actors are going to be nation-states. Look at Wikileaks; that's a form of cyberwarfare and I don't see how a hotline between the US president and the Chinese premier is going to help. We're entering a post-nation-state era, but Schneier sounds like he's using models from the 1960's.

  8. Re:Oh boo hoo... by plover · · Score: 3, Interesting

    I think the ISP's will be much more effective in fixing any problems, possibly by blocking all traffic from the offending country, if it comes down to that.

    This is "cyberwar" (their word, not mine) we're talking about. General Hayden, the former Director of the NSA, spoke at Blackhat on the topic this summer. He said that the Internet today resembles a vast indefensible plain, and that an enemy attack can come from anywhere. He thought (hoped?) a kind of "geography" would eventually evolve on the internet, allowing for tactical maneuvering, permitting the kind of strategies warriors like to fight and defend from. You're alluding to a similar type of thinking, where if the attack comes from China, you pull the cable on the back of your router marked "From China".

    It's that kind of thinking that's unfortunately going to fail at cyberwar.

    If I'm attacking your country's systems, I'm not coming from China. I'm hopping hacked servers and networks from China to Estonia to Russia to France to London to New York. If it's a DDoS attack, I'm not commanding a million Chinese PCs to send you SYN packets, I'm sending one instruction to a command and control network to tell an army of zombies across the country and globe to send you SYN packets. Or I'm activating the hostile commands buried in my counterfeit Cisco routers spread across your country by cheapo eBay resellers.

    The best defense against info-warfare is to have a good alternate strategy. Twitter may not need backups, but Wall Street does. Industrial plants and the electrical grid need air gaps (and obviously a lot more protection than they have today.) The armed services need an isolated network. So does the intelligence community. The first, second, and third jobs of cybercommand should be creation of these defense plans.

    --
    John
  9. It makes sense, considering the following scenario by Securityemo · · Score: 3, Insightful

    *calls FSB major*

    Yo! You don't know who I am, and I'm not sure how I got your number, but there's this thing going down in the internal networks of a few dozen hospitals here, and we're tracing it back to a site in your country. Our expert will soon be on it (god willing, assuming we can find them and brief them and give them access to the binaries) but the code obfuscation and anti-reversing features are like acts of god almighty, and amusingly treated as such by the insurance companies. Could you please help us catch these crazy bastards for interrogation about the stopping key... pulling the plug? That won't work, it's a self-contained virus, bricking shit like a startled soviet-era comedian. Talk to my boss? Well, I'm not sure he knows how to deal with this... or for that matter which one of my bosses I'm supposed to call...

    As (potentially) opposed to:

    *calls the kr3ml1n h4x0r bünk3r (actual official name) from the American Cyber Command (actual official name)*:
    Hello, we've got a massive self-replicating attack on our internal networked hospital equipment, much like the scenario we discussed a few months ago. We can't break the obfuscation, and IDA Pro gets eaten up from the inside by trying to analyze it, but you guys might have more luck with the binaries we've managed to capture. Also, some versions of the code communicates with a site in Russia - it's probably botnet nodes, but the "scary men in helicopters" protocol you spoke about using internally might work anyway.

    Not to talk about the difference in reaction speed between the two.

    --
    Emotions! In your brain!