Slashdot Mirror
Threat of Cyberwar Is Over-Hyped
nk497 writes "A new OECD report suggests the cyberwar threat is over-hyped. A pair of British researchers have said states are only likely to use cyberattacks against other states when already involved in military action against them, and that sub-state actors such as terrorists and individual hackers can't really do much damage. Dr. Ian Brown said, 'We think that describing things like online fraud and hacktivism as cyberwar is very misleading.'"
Yes, describing fraud and hackivism as cyber war is misleadg.
No, it's not over-hyped.
Cyber-war is cheap, the knowledge on how to do it is free, and it doesn't need to take much manpower, as compared to conventional war.
The Kruger Dunning explains most post on
There's no real threat of cyberwar. And there's no real threat of me being blown by an airplane terrorist. But that's completely irrelevant for government leaders desiring to control everything within their sight.
So enjoy your slef-portrait porn, scanner-induced skin cancer, your breast/penis fondling by the SA, and the eventual limitations placed upon the internet/free speech. It's inevitable.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Is that the term "cyberwar" is pretty stupid. In fact, it isn't just stupid, it is so misleading(intentionally or otherwise) that letting it slip into your lexicon makes you dumber.
"war" carries with it a strong series of historical associations, lessons learned, rules of thumb, rules, likelihoods, etc. Virtually none of them really map all that well into the area of computer security. If you use the term "cyberwar", though, you are implicitly trying to mash those (comfortingly familiar) concepts into a badly-fitting new environment. In a much less serious vein, this is why most movies that feature a "hacking" sequence usually make hacking look like beating a video game- because video games are "computery"; but they work very hard to simulate familiar rules.
Electronic attacks are a costly problem and, if some idiot connects the wrong control systems to the internet, or a laptop to the wrong control systems, potentially a dangerous one; but trying to map them into the historical concepts of "war" just doesn't work very well.
The cyberwar is already ON between state actors. Stuxnet, for instance. Certainly targeted at Iran, almost certainly developed by the US, Israel, or both. There's the attack on Google and other non-Chinese companies from China in 2009 as well.
IMO, now that Stuxnet has paved the way, we WILL see cyberterrorism directed at other SCADA systems.
Granted that Cyberwar (sound of clashing cymbols) is overhyped, but a key assumption in this article is that governments and key private organizations (power grid operators, network operators, etc) are doing everything they can to protect their systems. I find this assumption to be laughably naive. The point to be made here is that cyberwar is often used as a bludgeon to obtain resources, or persue hackers in court (Wikileaks, anyone?), and is a bit over-hyped. There are, however, clear dangers in this area which can be avoided if prudent steps are taken (not putting power-grid controlling on the Internet, for example). Given the US's penchant for letting private industry do what it wants, and given that private industry only cares about this-quarter bottom-line earnings, I still see even the "small fry" identified in this article as being capable of some nasty mischief.
A pair of British researchers have said states are only likely to use cyberattacks against other states when already involved in military action against them...
Right. Tell that to the Iranians who just lost 984 uranium-enrichment centrifuges to a US/Israeli worm.
Given a choice between free speech and free beer, most people will take the beer.
I recently submitted a story to /. that is related to this very topic. Chief of defence staff in the UK, General Sir David Richards, argued a little while ago that the UK should have a cyber command, and that the UK faces what he called a 'horse verses tank moment' in coping with modern warfare, saying the the rules of war had changed as a result of the success of insurgents in Iraq/Afghanistan, and the threat of non-state actors. In particular, he said that 'We must learn to defend, delay, attack and manoeuvre in cyberspace, just as we might on the land, sea or air and all together at the same time. Future war will always include a cyber dimension and it could become the dominant form. At the moment we don't have a cyber command and I'm very keen we have one. Whether we like it or not, cyber is going to be part of future warfare, just as tanks and aircraft are today. It's a cultural change. In the future I don't think state-to-state warfare will start in the way it did even 10 years ago. It will be cyber or banking attacks — that's how I'd conduct a war if I was running a belligerent state or a rebel movement. It's semi-anonymous, cheap and doesn't risk people.'"
'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
Why the hell would states restrict usage to conflicts that they're already prepared to engage in with conventional militaries? Dr. Brown himself admits that it's hard to tell the source of an attack, which creates plausible deniability for a state actor to engage in all sorts of conduct they otherwise might not get away with, including (potentially) both of the attacks Brown mentions which might have involved Russia, and all of the Chinese attacks against the US for the past 2 or 3 years, and of course Stuxnet. Why would countries turn down an opportunity to use these types of attacks on their enemies? Just because they're not officially fighting? Yeah, right. Granted cyber-warfare is much more likely to be used for black ops than for a full-scale long-term attack on another country's infrastructure, but that's warfare too. It's "unconventional warfare", but warfare nonetheless.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
Right. Tell that to the Iranians who just lost 984 uranium-enrichment centrifuges to a US/Israeli worm.
The official explanation from the British Foreign Office stated that the centrifuges were not lost, but merely resting, after a long squawk, and were pining for the fjords.
Norwegian centrifuges stun easily.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Do they mean like when, during the incident in Georgia, Russian hackers brought down the primary bank used by most Georgians for about a week? Look at what happened at 9/11. In physical terms, the damage was slight. A couple planes, a few buildings, and several thousand people gone. The actual act didn't really affect anything. It was the response generated by the attack-the fear, the anger-that prompted the stock market to drop, and the US to invade 2 countries. Terrorists do not care about physical damage, they go after symbolic targets that will create the most psychological damage. Say al-Qaeda brought down Bank of America's online systems for a few days. Economically it would not have much of an impact overall. However, it would shake people's confidence in the system, cause huge overreactions, and the damage would come not from the attack but from the response.
Consider this example: you want to attack the population of a walled city, and you have something that will make a water supply useless. What is going to have the bigger impact, poisoning the stream that runs by the walls, or poisoning the well in the middle of the town? With cyber attacks, a terrorist can essentially do this without ever having to set foot inside the walls. You want to really cause problems in the US and the rest of the West? You don't attack an embassy, or a military convoy. You don't even have to directly, physically attack the civilian populace. You simply attack their wallets. Make people worried that they can't get to their money, and you will have caused real problems.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil