Slashdot Mirror

← Back to Stories (view on slashdot.org)

Threat of Cyberwar Is Over-Hyped

Posted by Soulskill on from the let's-stick-to-normal-levels-of-hype dept.

nk497 writes "A new OECD report suggests the cyberwar threat is over-hyped. A pair of British researchers have said states are only likely to use cyberattacks against other states when already involved in military action against them, and that sub-state actors such as terrorists and individual hackers can't really do much damage. Dr. Ian Brown said, 'We think that describing things like online fraud and hacktivism as cyberwar is very misleading.'"

16 of 123 comments (clear)

  1. Perhaps... by Pojut · · Score: 2, Insightful

    Perhaps the "movie science/actual science" effect is going on here...example: people see "Hackers", and think that's what "hacking" is. People then see either a script kiddy in their mom's basement or a government techie with sky-high stacks of paper on his desk (or working at a scarily-clean desk), and realize the actual act is pretty damn boring.

    --
    Living With a Nerd
  2. Yes and no by geekoid · · Score: 4, Insightful

    Yes, describing fraud and hackivism as cyber war is misleadg.

    No, it's not over-hyped.

    Cyber-war is cheap, the knowledge on how to do it is free, and it doesn't need to take much manpower, as compared to conventional war.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  3. It's about control not reality by commodore64_love · · Score: 5, Insightful

    There's no real threat of cyberwar. And there's no real threat of me being blown by an airplane terrorist. But that's completely irrelevant for government leaders desiring to control everything within their sight.

    So enjoy your slef-portrait porn, scanner-induced skin cancer, your breast/penis fondling by the SA, and the eventual limitations placed upon the internet/free speech. It's inevitable.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  4. The real problem... by fuzzyfuzzyfungus · · Score: 4, Insightful

    Is that the term "cyberwar" is pretty stupid. In fact, it isn't just stupid, it is so misleading(intentionally or otherwise) that letting it slip into your lexicon makes you dumber.

    "war" carries with it a strong series of historical associations, lessons learned, rules of thumb, rules, likelihoods, etc. Virtually none of them really map all that well into the area of computer security. If you use the term "cyberwar", though, you are implicitly trying to mash those (comfortingly familiar) concepts into a badly-fitting new environment. In a much less serious vein, this is why most movies that feature a "hacking" sequence usually make hacking look like beating a video game- because video games are "computery"; but they work very hard to simulate familiar rules.

    Electronic attacks are a costly problem and, if some idiot connects the wrong control systems to the internet, or a laptop to the wrong control systems, potentially a dangerous one; but trying to map them into the historical concepts of "war" just doesn't work very well.

    1. Re:The real problem... by jfengel · · Score: 3, Insightful

      It's really computer espionage and/or sabotage. Those have been parts of warfare for as long as there has been war.

      Since the Internet lets you engage in espionage and sabotage with zero risk of being physically caught, it changes the dynamic to something we haven't seen before. But it's not completely unrelated to warfare as it's always been done. The real constant about it is the lack of constants, as the level of technology constantly increases and presents new opportunities to thwart or take advantage.

    2. Re:The real problem... by fuzzyfuzzyfungus · · Score: 3, Insightful

      Your proposed reductio ad absurdem is actually a pretty decent example: The two are not fundamentally and utterly different, both cellphones and landlines are capable of making voice calls, just as both "cyberwar" and conventional war are ways of applying pressure to foreigners you don't like; but the broad similarities obscure a vast number of salient differences:

      Your old-school landline was associated with a place, in that its area code probably actually meant something, it was physically terminated in a given building(which, if a residence, quite likely had more occupants than phone lines). Also, billing may well have drawn a distinction between "local" and "long distance". It was further localized in that, unless specifically unlisted, it would be printed in the local telephone directory.

      Your cellphone, by contrast, is more typically connected with a person. Odds are that its area code is nearly arbitrary, it is listed in no phone books, and its billing is flat at least within an entire country, if not more broadly. It is not at all uncommon for a household to have a cell per person, and, since there is no physical hookup, even people without addresses commonly have them.

      There are also the broader social changes: social event organization certainly isn't the same if you can only call somebody when you are both in a building with a phone. Just ask an old person about the rise of the spontaneous "eh, we'll figure it out as we go and text you" model of social planning. That simply didn't work with the old material culture. Never mind the(less notable in the wealthy west; but dramatic among the poor here and abroad) change from "you basically can't get a line run and provisioned for less than $$ a month; but the calls cost essentially nothing" to "calls cost $/minute; but you can literally get a phone and some starter minutes at any corner store for 15-20bucks".

      Also, of course, we have the fact that landline phones work very well as dumb extensions of the network. The older ones are even powered by it. Thus, the landline world has seen an almost complete dichotomy: phones, which have remained dumb as bricks, with the exception of message machines, and modem-connected computers, which are wholly free of telco control and treat the network as a dumb pipe. Cellphones, on the other hand, have to be pretty sophisticated devices just to work, so they started sprouting additional features early; but were always much more creatures of the carriers. Hence the continuing differences between the evolution of the "smartphone" and the evolution of internet-connected devices with their heritage in modem-linked PCs.

      I don't wish to claim that yours is precisely analogous to "war" vs. "cyberwar"; but I would very much claim that it does demonstrate the sort of important changes that an apparently simple switch can hide. My contention would be that somebody trying to approach a "cyberwar" based on the "war" part would be roughly like somebody trying to use a bleeding-edge smartphone by looking things up in the phone book and attempting to rotary dial the touch screen.

  5. There's an elephant in the living room. by russotto · · Score: 4, Insightful

    The cyberwar is already ON between state actors. Stuxnet, for instance. Certainly targeted at Iran, almost certainly developed by the US, Israel, or both. There's the attack on Google and other non-Chinese companies from China in 2009 as well.

    IMO, now that Stuxnet has paved the way, we WILL see cyberterrorism directed at other SCADA systems.

    1. Re:There's an elephant in the living room. by _Sprocket_ · · Score: 1, Insightful

      And that elephant is named "espionage." The only difference today is that the systems are more complex and interconnected. Otherwise, "cyber-war" is no different than the ongoing spying and sabotage that's been practiced for decades. Espionage was never it's own entity which is why "cyber-war" is misleading.

  6. In a Perfect World by jasnw · · Score: 4, Insightful

    Granted that Cyberwar (sound of clashing cymbols) is overhyped, but a key assumption in this article is that governments and key private organizations (power grid operators, network operators, etc) are doing everything they can to protect their systems. I find this assumption to be laughably naive. The point to be made here is that cyberwar is often used as a bludgeon to obtain resources, or persue hackers in court (Wikileaks, anyone?), and is a bit over-hyped. There are, however, clear dangers in this area which can be avoided if prudent steps are taken (not putting power-grid controlling on the Internet, for example). Given the US's penchant for letting private industry do what it wants, and given that private industry only cares about this-quarter bottom-line earnings, I still see even the "small fry" identified in this article as being capable of some nasty mischief.

  7. Re:Well... by jusdisgi · · Score: 4, Insightful

    A pair of British researchers have said states are only likely to use cyberattacks against other states when already involved in military action against them...

    Right. Tell that to the Iranians who just lost 984 uranium-enrichment centrifuges to a US/Israeli worm.

    --
    Given a choice between free speech and free beer, most people will take the beer.
  8. Almost everything in the News is "over-hyped" by mschaffer · · Score: 3, Insightful

    Since the news media likes to repeat the same thing over, and over, and over, just about anything that hits the national press is either over-hyped or about to be over-hyped. That's just the way it is. Cyberwar is no different.

  9. Re:"can't really do much damge"? by krou · · Score: 4, Insightful

    I recently submitted a story to /. that is related to this very topic. Chief of defence staff in the UK, General Sir David Richards, argued a little while ago that the UK should have a cyber command, and that the UK faces what he called a 'horse verses tank moment' in coping with modern warfare, saying the the rules of war had changed as a result of the success of insurgents in Iraq/Afghanistan, and the threat of non-state actors. In particular, he said that 'We must learn to defend, delay, attack and manoeuvre in cyberspace, just as we might on the land, sea or air and all together at the same time. Future war will always include a cyber dimension and it could become the dominant form. At the moment we don't have a cyber command and I'm very keen we have one. Whether we like it or not, cyber is going to be part of future warfare, just as tanks and aircraft are today. It's a cultural change. In the future I don't think state-to-state warfare will start in the way it did even 10 years ago. It will be cyber or banking attacks — that's how I'd conduct a war if I was running a belligerent state or a rebel movement. It's semi-anonymous, cheap and doesn't risk people.'"

    --
    'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
  10. Why the hell would states restrict usage? by fishexe · · Score: 4, Insightful

    Why the hell would states restrict usage to conflicts that they're already prepared to engage in with conventional militaries? Dr. Brown himself admits that it's hard to tell the source of an attack, which creates plausible deniability for a state actor to engage in all sorts of conduct they otherwise might not get away with, including (potentially) both of the attacks Brown mentions which might have involved Russia, and all of the Chinese attacks against the US for the past 2 or 3 years, and of course Stuxnet. Why would countries turn down an opportunity to use these types of attacks on their enemies? Just because they're not officially fighting? Yeah, right. Granted cyber-warfare is much more likely to be used for black ops than for a full-scale long-term attack on another country's infrastructure, but that's warfare too. It's "unconventional warfare", but warfare nonetheless.

    --
    "I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
  11. Cyber espionage by He+who+knows · · Score: 3, Insightful

    Would be a much better name for it. Infact I would go as far as to call it espionage.

  12. NSAs cant do much damage? by Nidi62 · · Score: 4, Insightful

    Do they mean like when, during the incident in Georgia, Russian hackers brought down the primary bank used by most Georgians for about a week? Look at what happened at 9/11. In physical terms, the damage was slight. A couple planes, a few buildings, and several thousand people gone. The actual act didn't really affect anything. It was the response generated by the attack-the fear, the anger-that prompted the stock market to drop, and the US to invade 2 countries. Terrorists do not care about physical damage, they go after symbolic targets that will create the most psychological damage. Say al-Qaeda brought down Bank of America's online systems for a few days. Economically it would not have much of an impact overall. However, it would shake people's confidence in the system, cause huge overreactions, and the damage would come not from the attack but from the response.

    Consider this example: you want to attack the population of a walled city, and you have something that will make a water supply useless. What is going to have the bigger impact, poisoning the stream that runs by the walls, or poisoning the well in the middle of the town? With cyber attacks, a terrorist can essentially do this without ever having to set foot inside the walls. You want to really cause problems in the US and the rest of the West? You don't attack an embassy, or a military convoy. You don't even have to directly, physically attack the civilian populace. You simply attack their wallets. Make people worried that they can't get to their money, and you will have caused real problems.

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  13. CyberWar CyberEspionage by fluffy99 · · Score: 3, Insightful

    states are only likely to use cyberattacks against other states when already involved in military action against them

    Well Stuxnet has already blown that theory. Network intrusions and system compromises are only part of the equation. Cyber espionage is alive and well and extremely prevalent. The only difference between a cyber-attack and cyber-espionage is whether you're just stealing valuable info or actively damaging things. China is only interested in acquiring technical knowledge at this point. Also by quietly exfiltrating data as they are, it makes it much harder to find out just how deep they are. If they start breaking things, their methods and access gets discovered. Better to be quiet and maintain access in case they want to turn malicious and actively disrupt things..