Slashdot Mirror

← Back to Stories (view on slashdot.org)

US, China Face Mutually Assured Destruction In Cyberwar

Posted by Unknown on from the bad-movie-plot dept.

chicksdaddy writes with a tidbit from the RSA conference. From the article: "A panel of security and policy experts speaking at the RSA Conference in San Francisco on Wednesday said that, despite dire warnings about the information warfare capabilities of China and other developing nations, the risk of an all-out cyberwar is remote, and that the U.S. still holds many of the cards. Rather than trying to deliver a knock-out cyberwar capability, the U.S. should embrace the Cold War notions of containment and mutually assured destruction with advanced nations like China and Russia. Tried and true methods to win security from cyberattacks include international diplomacy, multilateral agreements that clarify the parameters for peaceful and hostile cyberactions and — of course — a strong offensive capability."

78 of 110 comments (clear)

  1. In My Opinion, One Horrible Analogy by eldavojohn · · Score: 5, Insightful
    Cyber-war and cyber-security and cyber-whatever you want to call it is not like nuclear war. Cyber-warfare is happening now and governments responsible for it (and I'm sorry for sounding so biased but this is largely the Chinese) are denying they're attacking anyone. And they can do this because a large number of attacks don't cause immediate harm to the victims. Nobody was launching nuclear missiles (or allowing another nation to launch nuclear missiles on their soil) during the cold war and then saying "Wow, *cough* *cough* I have no idea who launched those missiles!" But time and time again we see "attacks" from Chinese IP addresses and the Chinese government saying "Help us catch these criminals, *snicker*, they are too wily for we, the stupid Chinese who manage to control our populace with a giant firewall but can neither detect nor trace these attacks from within our borders."

    Old fashioned diplomatic horse trading will also be a critical tool for avoiding conflict and stemming the kinds of economic and military espionage that have become common in recent years.

    As I stated above, I feel that the "economic and military espionage" is largely coming from one or two perpetrators. China will simply agree to everything, take the bargaining chip (whatever it is) from the US and then continue to play dumb.

    In fact, the country's leaders are anxious to hear the opinions of U.S. policy experts on what an effective cyber war doctrine and policy should look like.

    Right, right, "Excuse me, what are the rules so I know how to toe the line but still remain in good standing with the UN ... er, screw them, the WTO?"

    This gem was really humorous:

    "We as a nation know what steps we need to take to reduce our risk in cyber space," said Lewis of CSIS. "We may not want to, politically, but we know what those steps are."

    A hot topic of conversation now within policy circles, cyber war is likely to end up as just another weapon in the arsenal of the U.S., China and other advanced nations, said Lewis. "People will figure out how to use it."

    People will figure out how to use it? Now get off your lawn? Buddy if you can't take the time to pick up the paper or turn on CNN and watch 15-year olds downloading point'n'click bots to be a part of Anonymous, you don't deserve the title of "Senior Fellow at the Center for Strategic and International Studies." Let me assure you, people do know how to use it. Ragtag groups of teenagers roving the globe can band together and effectively use it. I'm sure governments aren't as ignorantly bumbling to catch up like they want us to believe.

    --
    My work here is dung.
    1. Re:In My Opinion, One Horrible Analogy by sixtyeight · · Score: 2

      I'm sure governments aren't as ignorantly bumbling to catch up like they want us to believe.

      Of course not. But publicizing the domestic use of drones over U.S. cities and Jay Rockefeller going balls-out to stifle internet free speech doesn't make for particularly good press. So they do this instead; it worked wonders for George Bush, Jr.'s career. Why mess with perfection?

      --
      The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
    2. Re:In My Opinion, One Horrible Analogy by Hartree · · Score: 1, Insightful

      "it worked wonders for George Bush, Jr.'s career"

      Yep. Worked so well that his brother Jeb isn't running due to having one of the most toxic last names in US politics.

      I'd hate to see something that worked poorly.

    3. Re:In My Opinion, One Horrible Analogy by GameboyRMH · · Score: 4, Insightful

      The other problem is that in "cyber war" there are no laws of physics to ensure that the rules of kinetic destruction apply. Certain targets can be practically indestructible. Basically MAD only works if both parties are horribly incompetent at computer security and plan to keep it that way.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    4. Re:In My Opinion, One Horrible Analogy by roc97007 · · Score: 3, Interesting

      > I'd hate to see something that worked poorly.

      Wait a year.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    5. Re:In My Opinion, One Horrible Analogy by Bengie · · Score: 4, Funny

      I envision ping -t attacks and Minecraft griefing. Possibly a World of Warcraft arena team to take out pesky Chinese farmers. Maybe the US government is going to get into EveOnline and is going to all out attack the Chinese players.

      Really.. wtf is "mutual destruction" in relation to a "Cyber-war"?

    6. Re:In My Opinion, One Horrible Analogy by Anonymous Coward · · Score: 3, Insightful

      Anonymous isn't cyber war. It's hacktivism.

      The distinction is drawn by the damage level. If the destruction is comparable with attack vectors classically associated with traditional warfare then that's when it crosses the line. For the most part, this doesn't seem to have happened yet.

    7. Re:In My Opinion, One Horrible Analogy by tomhath · · Score: 4, Insightful

      Cyber-warfare is happening now...

      You seem to be confusing cyber-espionage (which is happening) with cyber-war (which would involve disrupting most financial transactions, journalism, etc.). You wouldn't get a tweet that cyber-war started because that would be one of the first sites taken down.

      The closest we've seen to cyber-warfare is the STUXNET virus; it want far beyond the capabilities of script kiddies running downloadable bots.

    8. Re:In My Opinion, One Horrible Analogy by Kamiza+Ikioi · · Score: 4, Insightful

      Not only that, but with a nuclear bomb, you can see it coming. You can see where it came from. You know who sent it. And you can fire back appropriately. Chinese hackers can attend American colleges, and attack from our own soil, and we have no way of knowing where or who it came from, if they're really good at it, that is.

      --
      I8-D
    9. Re:In My Opinion, One Horrible Analogy by khallow · · Score: 2

      You seem to be confusing cyber-espionage (which is happening) with cyber-war

      There can be a pretty fuzzy line between traditional espionage and war as well. For example, in the case of Stuxnet, it was accompanied by assassinations, all to take down what would be a valid military target in a war.

    10. Re:In My Opinion, One Horrible Analogy by sixtyeight · · Score: 1

      It does seem a pretty daft agenda, doesn't it?

      Either they don't succeed in what they attempt, or worse yet they do and are miserable because of it.

      Pity that it takes a sane public in order to enforce sanity in politics.

      --
      The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
    11. Re:In My Opinion, One Horrible Analogy by 10101001+10101001 · · Score: 2

      But time and time again we see "attacks" from Chinese IP addresses and the Chinese government saying "Help us catch these criminals, *snicker*, they are too wily for we, the stupid Chinese who manage to control our populace with a giant firewall but can neither detect nor trace these attacks from within our borders."

      With no intent to excuse or defend the Chinese government, but isn't that pretty much the quid pro quo the US and the USSR/China has had for ages? I mean, if the situation was reversed, how quick would the US government be to track, arrest, and possible extradite a US hacker? This, btw, is one reason why I find the situation with the Afghanistan War so absurd.*

      *Yea, this seems like quite a detour, but hear me out. Put simply, Afghanistan has its own self-interests which often include looking the other way when it might give a perceived international enemy a bloody nose. The US has, I'm certain, done the same thing in reverse--although admittedly it never rose to the level of killing thousands of people at once, just usually less than thirty at a time over years, often overtly, and sometimes in the form of lobbing a cruise missile at a "terrorist base" that turns out to be a factory. That the US should then pull a "you're either with us or against us" then becomes rather absurd on its face, especially considering how the US has remained incredibly silent about places like China which clearly isn't "with us" except in the most generic sense of being perfectly willing to crush and kill perceived enemies of the government--note, not the people. Btw, yes, this means I agree with the poster below that says this is more cyber-espionage than cyber-war. If China wanted to cripple the US in a cyber-war, there'd be a pretty severe real-war retaliation. That's the only part of MAD keeing the US safe. It certainly isn't the US having excellent cyber security.

      --
      Eurohacker European paranoia, gun rights, and h
    12. Re:In My Opinion, One Horrible Analogy by DarkOx · · Score: 1

      It can be MAD in that at some point the rate of hostile traffic becomes so large you can't IDS it anymore and you don't know what to pass and what not to; at that point the victim cuts their losses and severs the line.

      Trouble is if your China doing all that manufacturing and sales to us business and we decide we have no choice but black hole all your netblocks; well suddenly your economy grinds to slow crawl as does ours.

      So it is MAD but its not exactly Cyber warfare specific any way. Its simply the fact that both parties USA and China stand to suffer economically should ANYTHING make normal relations suddenly become impossible.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    13. Re:In My Opinion, One Horrible Analogy by OeLeWaPpErKe · · Score: 1

      That depends on your definition of "worse".

      If you agree with Darwin's definition, "good" == "fitness" == "the option to kill everyone else, either fast (usually violently), or slow (usually outbreeding them)". If you agree with that view, then it's absolutely not worse. In fact it's an absolute necessity to have this option.

      If you agree with the philosopher's definition "good" == "whatever feels good", then it's really bad. Sadly, the philosophers' states, like in ancient Greece for example ... did not survive. None of them.

      The problem with our current "there is only one ideology (an extremist new-testament view, but with the caveat that you're supposed to call yourself an atheist, despite behaving like prescribed and complaining about others violating that behaviour)" approach is that it prevents people from even seeing the structure of alternative approaches, and what makes them tick. It totally prevents people from seeing how you can sabotage things, both in cases where that's exactly what you'd want, and in cases where it's the opposite. We can't even see that we're sabotaging ourselves these days.

    14. Re:In My Opinion, One Horrible Analogy by OeLeWaPpErKe · · Score: 2

      Something people really should start learning about espionage and computer security. If the enemy is really good, you'll never even realize there is an enemy. You'll just be outwitted miraculously at every turn in a conventional setting.

      It'll look more like a Kasparov versus the neighbor kids chess game than anything else.

    15. Re:In My Opinion, One Horrible Analogy by sixtyeight · · Score: 1

      That depends on your definition of "worse".

      In terms of functionality, individual or collective satisfaction with the results, and general sanity.

      with Darwin's definition, "good" == "fitness" == "the option to kill everyone else, either fast (usually violently), or slow (usually outbreeding them)".

      Those are not quite the fitness criteria I seek in a political representative. Though they're usually what I get.

      The problem with our current "there is only one ideology ... " approach is that it prevents people from even seeing the structure of alternative approaches, and what makes them tick.

      I disagree. The problem, I think you'll find, is that the education level in society has been diminished. What society used to collectively know and have certainty about, it now lacks solid facts on which to base its conclusion. Everything becomes a matter of conflicting opinion as a result. Each individual has his own opinion, and each sings it in his own key. We grow up taught to conflate "Treating others with dignity and respect" with "Accepting, or at least quietly tolerating, any baseless piece of balderdash that is spouted at you." We're taught that, "All people are equal", and therefore all opinions are too. But uninformed opinions are not equal to a known fact, and a lot of society's problems result from the acceptance that they are.

      We can't even see that we're sabotaging ourselves these days.

      I find myself in the uncommon position of being able to see precisely how society is sabotaging itself, but it's generally too busy spouting or embracing various opinions to pay heed.

      --
      The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
    16. Re:In My Opinion, One Horrible Analogy by Anthony+Mouse · · Score: 1

      Yeah, that's pretty much it. There is no "cyber war" -- but there is state-backed industrial espionage.

      And the problem with the way these people are thinking about it is that MAD is totally wrong. It isn't offense that you need, it's defense. Especially for the US: What "the enemy" is doing is sabotage and misappropriation trade secrets on a massive scale. Even if you can manage to do the same thing to them, your infrastructure and trade secrets are more valuable than theirs. Which means that having the same offensive capability as they do means that you lose.

      You can't win unless you can prevent yourself from losing. The way to prevent "cyber war" is to keep sensitive industrial equipment disconnected from the internet, provide incentives for relevant people in industry to implement security best practices, etc.

      The idea of creating an arsenal of "cyber weapons" is fairly preposterous. About the only good value I can imagine in having one is that it gives you a good threat assessment for things you need to be able to prevent when designing your defenses. The idea that there is ever going to be some kind of doomsday cyberwar where they launch a "cyber attack" to shut down the power grid or some such Hollywood bullshit is totally inane -- even assuming that the enemy launches such an attack, how are your "cyber weapons" going to do anything in response when your country no longer has a working internet? In other words, you need defense, not offense. And if you have a sufficient defense, the offensive capability is superfluous.

    17. Re:In My Opinion, One Horrible Analogy by Renraku · · Score: 1

      Can you? All it takes is a few SRBMs disguised as shipping containers to pull up to a coast line near a major port and hit a few cities nearby to fucking devastate a country. They can simply be sank afterwords. If you saw them, assuming you were even looking for them in the first place and had automatic detection capabilities, you'd have a few minutes of warning, max. You might be able to figure out where the ship launched from, but good luck figuring out which nationality was responsible for nuking you.

      --
      Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
    18. Re:In My Opinion, One Horrible Analogy by cavreader · · Score: 1

      Radiation signatures and other weapon characteristics such as estimated yield can often be traced to the point of origin. It might take some time though. The countries currently seeking atomic weapons would be committing suicide if they used them. Even if they succeeded in detonating one device in a large US city the retaliatory strike ability would not be impaired. One submarine armed with nuclear missile carrying has enough fire power to level the majority of the middle east. One reason the US and Russia built so many nuclear bombs was to guarantee that no matter how bad the original attack was it would be impossible to prevent retaliation. If Iran wants a nuclear bomb who cares? If they are stupid enough to use it against Isreal the Israeli's also have redundant retaliatory strike capability. I wouldn't be surprised if Isreal didn't have the coordinates of every middle east country already hard coded into their missile systems. Isreal is so small that even one nuclear weapon would destroy practically the entire country and if that was to happen Isreal would most likely do the world a great favor and take out all of the large middle eastern countries without worrying one iota about who was responsible. They would have nothing to lose.

    19. Re:In My Opinion, One Horrible Analogy by Apothem · · Score: 1

      In some ways, it almost sounds like a sales pitch. They need this pitch to get funding from congress so they can waste more taxpayer money. Oh and MAYBE do something about the situation. More than likely, it will just make things worse. Unless, in the process of developing 'cyber-weapons', they realize that the best offense is a good defense. ...Pffffft.

    20. Re:In My Opinion, One Horrible Analogy by mjwalshe · · Score: 1

      well don't forget that the US and UK have a big lead in submersible tech "oh dear mr Ambassador from a bad actor" looks like some unfortunate fisherman has trawled through your countries fiber links

    21. Re:In My Opinion, One Horrible Analogy by mjwalshe · · Score: 1

      No get wow players to lie down in from of the Chinease embassy spelling out free Tibet :-)

  2. So only the US and China get Cyber-Destructed? by PolygamousRanchKid+ · · Score: 4, Interesting

    Something makes me think that they will take the rest of us with them . . .

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    1. Re:So only the US and China get Cyber-Destructed? by gox · · Score: 2

      Exactly. And who's to say that they won't have a mutual interest in destroying the Internet at one point?

    2. Re:So only the US and China get Cyber-Destructed? by roc97007 · · Score: 1

      Enh... How does one go about "destroying the internet"?

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    3. Re:So only the US and China get Cyber-Destructed? by GameboyRMH · · Score: 3, Funny

      You find the giant Linksys router in the secret government facility and pull the plug on it.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    4. Re:So only the US and China get Cyber-Destructed? by Dunbal · · Score: 2

      The internet has already been destroyed as far as I am concerned. There was a brief moment in the early 1990's where the sky was the limit and useful content was relatively easy to find. Now it has devolved into an endless and mindless recycling of garbage, all 100% optimized to make it at or near the top of the search engine pages. Some of this recycling is even done by bots. A lot of it is done by humans plagiarizing the same crap over and over. Occasionally, after about an hour's work, useful content can be found. Surely it used to take me less time to drive to the library and look stuff up on index cards?

      And finally nearly everything is behind a paywall because, you know, the internet ain't free. We're all paying the telco tax of course but hey, it ain't free (read this as "I deserve a fucking cut too"). So if you don't have to pay because of a paywall, you have to pay through outright intrusion into your computer system (but don't worry, no PERSONALLY identifiable information will be shared) or even in the case of "social networking" sites, intrusion into your personal life.

      Forums are just buffet troughs for trolls. Multi-player games are just one big grief-fest. And everything seems to be all about tricking you into clicking that useless link, a trick that used to be reserved for porn sites.

      --
      Seven puppies were harmed during the making of this post.
    5. Re:So only the US and China get Cyber-Destructed? by gmuslera · · Score: 1

      So far their best effort was to put laws over internet like ACTA, PIPA, and similar ones, and "pushing" other governments (like Spain, Canada or most of the European Union ones) to do the same. In this war, Han Solo shot first. Whatever comes next, would be like bombing over ruins.

    6. Re:So only the US and China get Cyber-Destructed? by gox · · Score: 1

      You can't technically annihilate the Internet altogether, however you can render it completely useless for almost everyone, if you put enough "preventive measures" in place. The current atmosphere allows that, and they seem to have enough scaremongering tactics in reserve to accomplish this. After everything's in place, a "cyber-war" could give them enough pretext to effectively destroy the Internet as we know it. Depending on the regimes of the time, there is a potential that all sides of the war might benefit from this.

    7. Re:So only the US and China get Cyber-Destructed? by HolyCrapSCOsux · · Score: 1

      Three steps: Kill DNS, then start in with backhoes and anchors there aren't THAT many backbones. Then change the access codes on the sats - boom! no internet.
      Even easier: talk the ISPs into closing their backbones to public traffic. The internet isn't NEARLY as decentralized as it should be.
      The only way to combat this is with a wide area wireless mesh. every wireless peers it's neighbor. Intercontinental traffic is still gone if the oceanic fiber is cut, but relatively localized networks will still be possible.

      --
      0xB315AA8D852DCD3F3DCA578FD2E0BF88
    8. Re:So only the US and China get Cyber-Destructed? by roc97007 · · Score: 1

      One possible problem I see is that with VOIP so common these days (I read recently that AT&T is converting over to VOIP en-masse and closing down a lot of their GO facilities) you can't take out internet without also taking out phone service. I guess my question should be "how does one go about destroying *just* the internet?"

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    9. Re:So only the US and China get Cyber-Destructed? by roc97007 · · Score: 2

      That's funny. It reminds me of a company I worked for, where the network architect thought it'd be a good idea to plug all the company's internet connections into a single Wellfleet. As I recall, after about the fourth time it went south and took the entire company offline, he was invited to resign.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    10. Re:So only the US and China get Cyber-Destructed? by jafiwam · · Score: 3, Interesting

      I might start with a few ships dragging anchors through the fiber to China. Follow it up with a few ships threatening the same to India if they route Chinese traffic over land. Of course, that would be treated like an act of war (it is), however, I don't see the Chinese as the protagonists on this, we don't attack their shit aggressively and constantly but their great firewall has the capability to stop outgoing attacks and they seem to not bother or even encourage it.

      It would be relatively easy to drastically reduce or completely cut of China by physically destroying the network. They'd have to use operatives or proxies that were pre-located elsewhere on the planet, which takes their "there's billions of them!" advantage down most of the way.

      Hell, half of Africa was shut off accidentally a couple days ago.

      Anybody with any brains already has most of the Chinese netblocks killed at their firewall anyway. For my stuff, the Chinese are a zero signal to noise ratio. Know what else NOBODY NOTICED.

      There's already a war going on, the Chinese host a lot of compromised machines and initiate a lot of attacks already.

  3. I don't agree by s.petry · · Score: 4, Insightful

    Part of the problem with outsourcing all of our IT manufacturing is that we don't know what foreign agencies can kill with a single switch. It's only a part mind you, but enough that we in the US should be severely concerned with. No matter how good our hacking staff is, if the hardware they are hacking on is killed from a remote location.. well.. that pretty much ends the game.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:I don't agree by mattdm · · Score: 1

      How do you envision this magical remote kill switch working?

    2. Re:I don't agree by Anonymous Coward · · Score: 1

      NSA Trusted Foundry and DARPA Trust (among others) address this issue.

    3. Re:I don't agree by SuricouRaven · · Score: 4, Interesting

      If I were a Chinese intelligence expert tasked with meeting this challenge, I'd place my killswitch in the offload engine of network interfaces. Just have to get the chip fabs in China to switch their masks for slightly modified ones, with a tiny bit of extra circuitry on the silicon. It'd look for a specific sequence of 16 bytes in the packet (Putting it in the offload engine ensures it won't inadvertantly break routers en route - at worst you'd knock out a web proxy instead) and, upon detecting them, short every data line on the PCIe interface to ground (or +5v) in the hope of frying the northbridge, or at least crashing the system. Now you've got a simple but effective killswitch. Good for exactly one major use before it's discovered and the trigger blocked, but one use should be quite enough - when the war goes serious, the ability to crash half the US internet will provide many hours of disruption. Enough to cover a first strike. Alternatively, it could be used to quietly fry the webservers of dissidents or proxies - so long as you don't try to hit too many at once, it'd look like nothing more than a failed mainboard and never be detected as a deliberate attack.

      You could use it as an ECM system - respond to hacking attempts with a packet containing the kill-code - but if you do that consistantly they'll eventually realise something is going on and start replaying packet dumps until they find the cause.

    4. Re:I don't agree by s.petry · · Score: 2

      As someone else showed, it does not take a lot in terms of logic. A network interface has to open packets, and a logic circuit to look for a specific string in a packet and die if it finds it, or worse simply repeats that packet on a broadcast to all known addresses can shut people down for a long time. A smidge more code, and we have the packet locked in a buffer so even after a power off/on the card no longer works.

      Could China or Korea add such a chip to a NIC that is sold only overseas? Most likely, or they could run firmware to change their devices. Malicious code is not extremely complex to write. The millions of script kiddies plinking away at Winders systems should be proof enough of that.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    5. Re:I don't agree by Lehk228 · · Score: 1

      that would be mostly useless unless (A) every major firewall maker had additional secret code to ignore firewall rules and pass on the pingofdeathmk2 or (B) all your important targets were well known for internetting raw dog

      --
      Snowden and Manning are heroes.
    6. Re:I don't agree by SuricouRaven · · Score: 1

      You just need to get the bytes to the destination somehow. It doesn't have to be direct. You could just embed them into an image file and get all your targets to look, or embed them into your secret communications as an anti-interception measure.

    7. Re:I don't agree by satuon · · Score: 1

      Good plan but network cards are produced in America and Taiwan, not in China. They are then shipped to Foxconn's factories where they are assembled by low paid workers who have neither the equipment nor the skill to change the circuitry of an already finished chip.

      Let's get this straight:
      CPUs are made by Intel and AMD in America.
      Motherboards and NCs are mostly made in Taiwan.
      Harddrives are made in America (Western Digital) and South Korea (Samsung).

      Your laptop is made in China but nothing inside it is.

    8. Re:I don't agree by Lehk228 · · Score: 1

      that assumes that the connections carrying said bytes are going to be passing data to be transported plaintext

      --
      Snowden and Manning are heroes.
  4. Up the stakes by ch-chuck · · Score: 2

    Are we heading toward a cyberwar with real casualties, like this?

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
    1. Re:Up the stakes by GameboyRMH · · Score: 1

      I would post a link to any Iranian cancer patients needing radiation therapy who are not well enough to travel and have died since the Stuxnet attacks.

      Whether or not Iran wants to build a nuke, if any such people have died they are collateral damage.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    2. Re:Up the stakes by Dunbal · · Score: 2

      Governments have never cared about people. They care about power. They get power by pretending to care about people.

      --
      Seven puppies were harmed during the making of this post.
    3. Re:Up the stakes by Minupla · · Score: 1

      This one was (fortunately) in an unpopulated area of Russia or it'd have been bad casualty wise. As it stands it's believed to be the largest non-nuclear explosion. Caused by cyber-war/cyber-espionage:

      http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    4. Re:Up the stakes by treeves · · Score: 1

      Are you suggesting that Iran couldn't keep its medical isotope producing reactors operating because of a lack of enriched uranium due to the Stuxnet worm? That's something I've never heard before.

      --
      ...the future crusty old bastards are already drinking the Kool-Aid.
    5. Re:Up the stakes by GameboyRMH · · Score: 1

      They claim they're producing medical isotopes there and that they have no other source for medical isotopes. Not sure how true it is.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    6. Re:Up the stakes by treeves · · Score: 1

      It sounds quite untrue. If they even have a reactor making medical isotopes (I don't think they do), it's not like it needs to be refueled every year.
      You don't use power reactors to make medical isotopes, AFAIK.
      Radiotherapy is not done directly at nuclear reactor (except for boron neutron capture which is rare) and medical isotopes can be shipped overseas - most of them are outside of North America I think.
      If they are making isotopes with a cyclotron, uranium is irrelevant.
      Bogus.

      --
      ...the future crusty old bastards are already drinking the Kool-Aid.
  5. Cold War 2.0 by datorum · · Score: 1

    Cold War 2.0 sounds like a great idea... ohhh wait... "Tried and true methods to win security from cyberattacks include international diplomacy, multilateral agreements that clarify the parameters for peaceful and hostile cyberactions and — of course — a strong offensive capability." And proxy wars (http://en.wikipedia.org/wiki/Proxy_war) to keep it "hot" enough... also the name fits better for the "cyber age" (puke).

    1. Re:Cold War 2.0 by GameboyRMH · · Score: 1

      It's funny that they always focus on offense when offensive capability is fleeting, costly and potentially dangerous to yourself*, and defense is vastly more powerful.

      *found Apache exploit, keep secret as a "weapon" and hope the enemy (who can turn it back on you minutes after it's first used) isn't as smart, or release it to bolster both your and the enemy's defenses?

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    2. Re:Cold War 2.0 by jeff4747 · · Score: 1

      and defense is impossible.

      FTFY.

      The only truly secure computer is one without a power cord.

      (or battery if you want to be pedantic enough to bring up laptops)

  6. While that's going on by Anonymous Coward · · Score: 1

    While we're busy cyber-assaulting each other in our cyber-war, will the US continue evacuating its industrial base to China?

  7. Cyberwar? *yawn* by JustAnotherIdiot · · Score: 3, Interesting

    Whatever makes the warmongers in congress happy.
    At least this way we're not sending young men to die needlessly.

    --
    What do I know, I'm just an idiot, right?
    1. Re:Cyberwar? *yawn* by Nogrial · · Score: 1

      Whatever makes the warmongers in congress happy. At least this way we're not sending young men to die needlessly. What do I know, I'm just an idiot, right?

      Do you vote?

    2. Re:Cyberwar? *yawn* by Dunbal · · Score: 2

      Rofl yeah that makes a difference. A vote. You must be clueless if you haven't realized that the status quo is maintained no matter which political party is in power. The "vote" makes no difference. The only difference would be if you ran for office yourself, and even then you get caught by international treaties which override your puny national vote. And if all else fails, the person in power can simply ignore your vote. All of the above has happened, and is happening right now.

      --
      Seven puppies were harmed during the making of this post.
  8. Its not really a MAD strategy by roeguard · · Score: 1

    Unless it includes a actual nuclear attack option at some escalated point, its not really MAD. As painful as it is to lose the internet, and as much as it would harm our economy, etc; it could hardly be construed at total destruction of the nation.

    "If you break our internet, we'll break yours" doesn't really carry the same weight as "if you break our internet, we'll nuke you into the oblivion."

  9. Turn off the pipes by Skapare · · Score: 4, Informative

    If an attack does come from overseas, just turn off the pipes (power off whatever devices the physical undersea fibers connect to). The problem with this is that they are likely setting up a massive botnet within the target country that cannot be blocked by such a method. And we do see that the government tends to not care to shut down botnets, even now.

    --
    now we need to go OSS in diesel cars
  10. So what does MAD mean in this context? by roc97007 · · Score: 4, Informative

    Trivially, an attack can be stopped or at least contained by simply pulling the network plug. I can't envision a scenario where we'd "lose the internet". We might lose connectivity to some areas for awhile, but it's not like there's some timed self-destruct code buried in Cisco firmware that could be activated en-masse.

    ...Is there?

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    1. Re:So what does MAD mean in this context? by roc97007 · · Score: 1

      The problem is, like terrorism, cyber conflict is not easily bound to a nation, and the soldiers do not wear uniforms. Even if you got past the legal and moral ramifications, whom do you bomb?

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    2. Re:So what does MAD mean in this context? by subreality · · Score: 1

      The routers won't self-destruct, but there are a lot of things hooked up to computers that can. It's very common to have industrial machinery that can be destroyed or destroy nearby things due to a software fault. Iran's centrifuges are a good example. Hydro dams, nuke plants, chemical refineries... There are lots of nebulous and hard to quantify opportunities, which is why politicians are thrilled to see this become popular.

    3. Re:So what does MAD mean in this context? by sociocapitalist · · Score: 1

      I can easily imagine 'losing the Internet' if the shit hits the fan (and by the way, I work on Internet, telco and financial sector IP infrastructure constantly so I'm not completely ignorant of what I'm talking about).

      Consider how much networking (and everything else) equipment is made in China, for example.

      Is anyone looking for kill code in this hardware? No idea but I think that anyone who buys from a country that is as continually abrasive and invasive as China should assume that they're getting what they're paying for...and maybe a bit more besides.

      With regard to pulling the plug, you would have to know ahead of time that the attack was going to happen which seems improbable. If you pull the plug after the attack you might find a lot of your infrastructure down at all levels from traffic control through financial market trading infrastructure.

      Anything important should be airgapped.
      Anything critical should be airgapped and should have low level code analysis on source and updates.

      That being said I doubt that our processes and procedures are enough to defend against something like stuxnet, especially if it's buried in the hardware.

      --
      blindly antisocialist = antisocial
    4. Re:So what does MAD mean in this context? by Nethemas+the+Great · · Score: 1

      hmm. Well where does most of our electronics come from now a days?

      --
      Two of my imaginary friends reproduced once ... with negative results.
    5. Re:So what does MAD mean in this context? by Nethemas+the+Great · · Score: 1

      everyone.

      --
      Two of my imaginary friends reproduced once ... with negative results.
    6. Re:So what does MAD mean in this context? by roc97007 · · Score: 1

      Ok, you just ruined my day. Thanks.

      --
      Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  11. Cold War: past and present by forgottenusername · · Score: 2

    Scenario A)

    Total annihilation of all mankind, including most living organisms, with the world taking many centuries to slowly recover

    Scenario B)

    Facebooks r down

    1. Re:Cold War: past and present by sociocapitalist · · Score: 1

      Scenario C)
      Financial markets crash
      Bank and other financial account information is scrambled
      The systems in most fortune 500 firms crash
      Communications satellites suddenly don't work anymore
      Landline and mobile phone systems stop working

      Scenario D)
      All the above plus any military systems that haven't been well enough protected

      Keep in mind as well, that a cyber attack can be a precursor to a physical attack (ie taking down air defense and then sending in your very real jets / missiles)

      --
      blindly antisocialist = antisocial
  12. They are the reason you are losing the "cyberwar" by Hentes · · Score: 3, Informative

    Idiots like these are the main reason Americans are so vulnerable to online threats.
    I have written about why cyberwar is a false analogy, so mostly I will just repeat myself:

    • There is no warfare, it's just a new method of espionage.
    • There is no mutually assured destruction: cybersabotage is anonymous, thus you can't counterattack, and even if you could, an all-out attack would still not be enough for complete destruction. Cyberespionage is a slow game, to seriously disrupt a target infrastructure you would have to research it for years. And while you theoretically could try to collect vulnerabilities and then exploit them all at the same time in a single strike, it's not really feasible as systems get upgrade from time to time, and you collection would get obsolete after a while. In this conflict you have to grab an opportunity when you have one, a single devastating strike isn't practical.
    • Also, destruction in this sense is a huge exaggeration, you can't do serious (compared to a real war) harm from the internet.
    • The source of an attack doesn't have to be a nation, it can be anyone with an internet connection, which combined with anonymity makes diplomacy worthless.
    • The only true method that works is to secure your fucking systems, and run regular whitehat tests (or, in their words, "cyberwargames") to identify possible vulnerabilities.
  13. Doesn't this only work when... by softWare3ngineer · · Score: 2

    we both have the same to loose. So if China decides that they can get by with just their intranet then deterrence doesn't work. Especially since the stakes for the US and rest of the world would be total economic collapse. Also concerning is the less one side understands about the technological concepts and repercussions the more likely ether side is start a cyber war. and we all know our decision makers are crack technologists. A least nukes mean the total end of the physical world, where no one is likely to exactly know what would happen if we erased the virtual one.

  14. no word in the article, not a single citation by nimbius · · Score: 1

    as to what policy think tanks or security professionals actually endorse the same concept that nearly murdered everyone on the planet throughout the cold war. and frankly, i dont blame them. MAD is a no-win outcome every time. if you dont believe me, pick a short wave radio and listen to the stations that still broadcast on russias "dead-hand" system.
    for those of us who insist turning the power off is good enough, and we're seriously considering MAD here, you can expect the cyber war drummed up by the war hawks to include everything from the toaster in the breakroom not working to nuclear meltdown. most hospitals SCADA bridges and traffic control devices as well as financial institutions will also be in various states of complete and total uselessness. expect oil tankers to drift aimlessly in the pacific and everything from verizon to iridium to enjoy a feet-on-desk hiatus.

    --
    Good people go to bed earlier.
  15. This is false, we control the links by WillAffleckUW · · Score: 2

    All we have to do is screen out the Chinese Internet connections by Satellite and Cable and it will be like nothing happened.

    You don't think all those "disused" satellites in orbit are dead, do you?

    --
    -- Tigger warning: This post may contain tiggers! --
  16. China will kick ass and chew bubblegum by sl4shd0rk · · Score: 2

    "Chinese hackers: No site is safe - CNN"

    "Chinese hacking worries Pentagon"

    "Pentagon hacked, Chinese Army suspected"

    "China denies hacking Pentagon computers"

    --
    Join the Slashcott! Feb 10 thru Feb 17!
  17. Would you really use it for destruction? by Njovich · · Score: 1

    Obviously, you could take out parts of an enemies infrastructure using digital means, and that makes sense to create chaos during or before an attack and such. However, an exploit could just be usable one time in a very visible attack. Surely large countries may have a bunch of secret exploits against critical systems. However, after the attack the other side may recover, patch it, and potentially find the previous uses of it and what you did with it.

    However, where digital attacks are really outstanding is intelligence gathering. I would bet that opposing forces would much rather keep most their digital attacks covert to be able to use them as long as possible for pinpoint hidden attacks against specific infrastructure and broad information gathering, rather than making a big attack that will force the opposing force to take very defensive security measures.

    For pure destructive force there are a lot of different options already, and they work very well if they can go hand in hand with digital means.

  18. Made in....? by sociocapitalist · · Score: 2

    Chinese networking and systems hardware isn't "Made In America".

    --
    blindly antisocialist = antisocial
  19. LOLwut? by EmagGeek · · Score: 1

    Just unplug the goddamn thing! Jesus Christ!

    1. Re:LOLwut? by phantomfive · · Score: 1

      I used to think that too, but it didn't help Iran against Stuxnet. An airgap is essential in many cases, but it is not sufficient.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:LOLwut? by EmagGeek · · Score: 1

      Obviously, you've never seen Wargames ;)

  20. Dear Department of Defence by Rogerborg · · Score: 1

    We can haz pork?

    --
    If you were blocking sigs, you wouldn't have to read this.