Slashdot Mirror
Measuring China's Cyberwar Threat
An anonymous reader writes with this excerpt from Network World: "A lengthy report prepared for the U.S. government about China's high-tech buildup to prepare for cyberwar includes speculation about how a potential conflict with the U.S. would unfold — and how it might only take a few freelance Chinese civilian hackers working on behalf of China's People's Liberation Army to sow deadly disruptions in the U.S. military logistics supply chain. As told, if there's a conflict between the U.S. and China related to Taiwan, "Chinese offensive network operations targeting the U.S. logistics chain need not focus exclusively on U.S. assets, infrastructure or territory to create circumstances that could impede U.S. combat effectiveness," write the report's authors, Bryan Krekel, Patton Adams and George Bakos, all of whom are information security analysts with Northrop Grumman. The report, "Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage," focuses primarily on facts about China's cyberwar planning but also speculates on what might happen in any cyberwar."
The current cyber war threat level is Macguffin green. Not to be confused with nonexistant blue and retarded red.
Because the Chinese government has sponsored research on "attack-induced cascading power failures" related to the U.S. power grid, ...
For those of who have lived through power shut downs for days and weeks on end because of snow and hurricanes, BFD. Ooooo, I won't be able to surf the internet or watch TV or pop my microwave popcorn. Oh noes!
And for the folks that really need the power, like hospitals, they have on site generation equipment that will last as long as they can get the diesel or the natural gas flows. AND some are even putting solar on their roofs - made in China, btw.
In computers and network security, every time someone uses 'cyber' in a serious, unironic manner, they lose credibility.
TFA uses it 9 times.
Our newest 'threat' we need to throw money at to 'combat'.
Instead of ohhhh... i dont know... not connecting important shit to the internet...
What's it gonna be called.. Thats the big question. 'War on Cyber' Doesnt sound catchy enough.
This is what I would add:
All speculation is geared toward ensuring that the report's authors
or their agents are beneficiaries in any efforts the US government would take to "mitigate" any China factor(s).
Does the "cyber war" threat mention the public Internet at all? If so, then that's totally stupid!
The military has no business *relying* on the public Internet for anything!
The power grid has no business *relying* on the public Internet for anything!
Telephone companies has no business *relying* on the public Internet for anything!
If hackers using the plain Internet have any way in to any U.S. military communications system, then people need to be fired!
The Internet is NOT a secure communications network, and the government should not try to present this insecurity as a "national security" issue. The idea of turning the Internet in to a secure communications network is like trying to impose federal banking laws in the commerce system of "World Of Warcraft". The FBI and NSA are trying to justify deep surveillance, user tracking, and censorship on the Internet. It's a power grab for what should be a public network, with private communications (like most physical mail parcels).
As usual. No news here folks, we do not have time to worry about China as long as there are music pirates to deal with.
Occupying the...
Pitching tents in front of websites and smoking crack.com is no way to go through life, son.
#fuckbeta #iamslashdot #dicemustdie
Threat Level Midnight.
I'm sceptical of how much damage 'cyberwar' can really do sustainably. I suspect it would be a bit like Pearl Harbor - you make enormous damage the first day with a surprise attack, but it goes downhill from there.
I mean, I'm sure that the first day a lot of computers will go offline, and even factories will stop, etc. But what happens after a month when those computers have their OS reinstalled - with Linux or a commercial UNIX, or even, zOS if need be, and the data you've deleted has been restored from backup CDs, and everywhere there are billboards on the road proclaiming that whomever isn't updating their computer is giving Hitler a drive. Would it be as easy to go on inflicting damage then?
Don't worry we have Computer Science III, Proxy's, & not one but two firewalls.... were fucked,,,,
If there is ever a real war between the USA and China there will certainly be attempts (some successful) at remote computer sabotage but there is going to be no "cyberwar" (though something may happen that will be so labeled).
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Trust me, BOTH sides have "the talent" on all levels: But, why? It's like a street-fight really - BOTH SIDES TAKE A HELL OF A BEATING, & for what??
Some stupid rich man's steering nations into wars/conflicts (face it, we KNOW that's how real wars start up too, the wealthy/war profiteer "wanting more")).
* Almost makes me sad... the media "hyping it" doesn't help either because it gets folks gander up (regular folks that don't know any better, or have never met a person from 'the other side' personally, & get led/stirred up like 'sheeple' are wont to do).
APK
P.S.=> Personally, I know a pack of very talented Chinese guys in computing (from academia in fact & work), & they're JUST GUYS, pretty much, just like any others... They don't really want shit because they're too smart to even START that kind of mess - same on 'our side' too! Normal folks that get used/abused by "the people @ the top/1%-ers". Pretty sad... apk
Just who in their right mind connects such systems to the Internet !
AccountKiller
Has anyone in the US Military stopped to notice what critical supplies are manufactured solely in China today? I do not mean just armaments, but stuff that the US military would be utterly unable to move without. Stuff like light bulbs. Fuel filters. Glass containers.
Simple little things that the last US manufacturer closed down for either recently or as far back as 1980.
Do we still make toilet paper in the US? I suspect there may only be one factory that does and it will probably close down soon. It is much cheaper to have it made over there and shipped here.
We cannot possibly win a conflict with China - they would cut off our supply of manufactured items and the military would just grind to a halt.
Sure, they could probably shut down a couple of factories making classified munitions, but who cares? They figured out that troops don't fight without toilet paper in WW I and trust me, it hasn't gotten any better. They cut off our supply of toilet paper and the US population would storm Washington and demand an end to the conflict immediately. I am not kidding here.
Anything internet connected can get owned... even stuff that isn't connected can get killed via service equipment (which is what the whole Stuxnet thing was about).
When you run everything with ambient authority, you're never going to be safe. EVERYTHING uses ambient authority, because it's what we're all used to, as far as computers go. Here's the difference:
In the real world, we operate with ambient deny... you car key doesn't open all cars of that model, it only has the capability to open your car. When you delegate it, your valet can't open all that model of car either.
The situation with computer security now is like having each car owner contractually promise not to open any other car than their own, rather than unique keys. The first hand off to a valet who didn't sign the promise does the whole system in. It also fails if they get confused and return the wrong car.
Until the model of computer security is brought in line with reality, things will continue to be fscked, Chinese or no Chinese.
"may" employed about 100 times ( order of magnitude, I lost count ). "would" exactly 59 times, in 109 pages of text ( not counting the appendix and refs/bibliography part).
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
When watching the pilot episode of remake Battlestar Gallactica few years ago, and how Cylons were able to defeat all battlestars and fighters by shutting down all their systems with "virus software" installed in the background (was done over many years by cylon spies). Since all Colonial spacecraft and systems were networked together, this virus effected all their systems. I was thinking if we went to war with China, this is ***exactly*** what will happen. OK, we can argue China will or not want to get into a shooting war with US. Most likely US will continue to decline.
In the TV series, the Gallactica survived because ship commander Adama was an old guy from the old school who never upgraded his systems to modern networked systems. All their computers were standalone systems, much like PDP-11s. Fighters were the old models with much more analog control sytems and looks like they still used Mocom-70 for 2-way radios.
mfwright@batnet.com
The CIA and military intelligence made the Russians into an existential threat right up to their collapse.
Meanwhile, anyone who read the 2 books by the Russian General who defected (he used the name of a famous Russian General from Tsarist times, sorry I don't have time to find this in my bookshelves or on Amazon, tho I did try) or read the accounts of people who visited the USSR for any extended tour (Heinlein wrote one the trip he and his wife took) or had friends visit for even short periods (my mother spent a couple of weeks there in the 70s and again in the 80s) realized that Russia was largely facade. They stopped publishing demographic statistics in the 60s because they had a 3rd-world neonatal death rate, rapidly falling longevity for even people in Moscow. Stories from Russians about the hospitals even in the 90s are hard to believe, but true.
The USofA has no serious enemy, so the various institutions and industries that depend on an enemy are trying hard to create on. Iran might be scary enough. Chinese hackers are even better because nobody knows what it means, what might be vulnerable.
It would be a lot cheaper to create genuine patriotism among our own hackers to motivate them to continue to test our own systems for flaws and to reward them for it. But creating patriotism would require wholesale changes in our very corrupt government and thus in the entire Oligarchy, so can't ever happen.
Another (highly upstream) impediment to combat effectiveness is a change of attitude away from combat-based resolution. O, to have hackers so skilled, from any nation, that yang may cede to yin, at least for a few years, in our lifetimes...
(end lament)
As told, if there's a conflict between the U.S. and China related to Taiwan, "Chinese offensive network operations targeting the U.S. logistics chain need not focus exclusively on U.S. assets, infrastructure or territory to create circumstances that could impede U.S. combat effectiveness" write the report's authors
Yeah, the Defense Contractor industry has just realized the off-shoring and building almost everything for our weapons systems in foreign countries makes it IMPOSSIBLE for the United States to procure weapons in the event of open war???!!!???
Maybe we should consider building our shit with our own shit inside our own shithouse!
Mod me double plus idiot if you will, but in our small company, our "critical computer" - the one hat has files I don't want to loose (yes, i do back ups), and the one I don't ever want hacked, it is NEVER connected to the internet. No wifi, no bluetooth, no cable, nada, zilcho. I even have independent power supply aside from plugging it into the wall.
Anything I need to introduce into the computer id done by a freshly formatted USB, and double checked and scanned first on a different machine running linux. When not in use, I physically turn it off and disconnect the power supply, and if the hackers can get into a machine with no power, well, I;ll just go back to pen and ink at that point. :)
Now seriously, I know you cannot turn off a computer that is running a nuke plant or a NORAD radar system, but why are so many critical systems connected to the internet? Or have online access of any kind? Back in the good old days of BBSes when I was a sysop and upgrading form a 9600 baud modem to a 28,800 like like a miracle (you know, this was back way when dinosaurs still roamed the earth, or so my kids see it as such :) ), the quickest way sometimes to block a hacker attack as to physically disconnect the phone line from the modem.
Again, mod me super simplistic idiot, but if I were operations manager for a nuke plant, and a major cyber attack was underway, to prevent a meltdown, wouldn't you be tempted to just take a pair of wire cutters and snip the physical connection to the internet?
If the US and China butt heads too much, all China has to do is cut off supply of all our shiny objects, bankrupting many large US companies and destroying what is left of our economy.
They can also demand payment for what we owe them..
---- Booth was a patriot ----
How about measuring America's unpayable national debt instead.
Unless of course this can serve as a distraction to addressing America's real root problems.
There are certain stories of "dark threats" which are heavily propagated by those who sell a solution or expertise on countering the threat. I doubt the US Military could disrupt itself in the manner suggested with a big budget and six months to arrange it (government being government). The idea that its all so uniform to be zapped by an outsider with "a few freelance Chinese civilian hackers" is pure B Movie; you really have to suspend common sense to enjoy the plot.
. . . . this. What?? The Chinese are CYBER ATTACKING??!! *unplug* problem solved. DUH!
This article is hilarious. Worries about the supply chain? That is just hilarious. DARPA and the other military research organizations have been working for decades on means and methods for completely stable and everything-proof supply chain and independent generation technology. There would be no shutting down the militaries actions for more than 10 minutes, if they got lucky. These assholes don't know any of this for sure, and even worse most of this shit is fully of "may" and "maybe" and other such unsure words. Hell, most of the equipment is only tangentially connected to the web if it all, and has unbelievable physical security measures built in to prevent anything short of an EMP downing it.
The real power of bullshit like this is going after US citizens, especially protesters. Last year I was involved in a boycott of Koch Industries, nothing but a legal fucking boycott. 3 months after it started, the FBI came to my door and took all my shit because Koch Industries gave them a list of IP addresses with mine on it saying I had attacked them. All it took was the accusation. Nothing else was on the warrant, just a list of IP addresses, no log files, no verification, nothing.but when you can shut up protesters with something far more malicious than a SLAPP suit, then you have won on another level, against freedom.
(only reason posting AC is because my account was hacked and password changed by a douche I argued with before).
Northrop Grumman, majority owned, via a number of shell companies, offshore finance centers and holding companies, by the Bush family and James Baker. And who gives a fig about China, where they offshored all the jobs, all the technology and all the investment, not to mention what's not obvious to all (but should be by this time) a considerable amount of US foreign aid (and World Bank aid) to finance the building of those PLA-owned, factories and production facilities and labs for the benefit of their elites and the multinationals who profits from them. What utter BS and nonsensical bullcrap. sgt_doom has spoken......
Mod me double plus idiot if you will
Apparently you got +5 insightful. Reverse psychology seems to work quite well.
"but why are so many critical systems connected to the internet?" because reimplementing a totally private network complete with security just to run your modern physical plant is horrendously expensive and finding the people to build it and run it is hard?
They could of decided that attacking critical infrastructure with viruses was verbotten. Like the US/Soviet Nuclear treaties and weaponizing space treaties. Chemical weapons treaties. There have been rules of war every since there was war.
But nope. The governments let stuxnet go unpunished and no treaty was written. So I am calling BS. If it was a big deal, there would be a treaty. But there was not treaty, so it is not a big deal. This is propaganda. Probably to prop up budgets. No it IS to prop up budgets. We all know this.
So there is a war on. The Pentagons shut down your internet and blame it on the Chinese and Russians. I don't think the Pentagons and their Full Spectrum Dominance are going to really cry too much if the internet is shut down no matter who does it.
And if riots break out, well then the Marshall Law Card gets played. The Whole World Domination Gantt chart is stalled at the 'Shutdown the Internet' and 'Then The People Riot' node.
I think Aircraft Carriers off the Chinese shore are pretty much the ultimate cyberwar deterrent. Tomahawks? What Tomahawks?
War is war. Once China makes the first attack, cyber war or regular war, it's game on.
Loss of Life. Infrastructure Damage. Yep. That's an aggressive move.
And all you server operators out there. Really, are your server logs showing a great bit spike in massively evil and clever attacks? I will bet you answer is no, and that in fact server attacks, spam and general malicious stuff is down. I'll even bet that after 10 or 30 years of being running businesses, computers and internet that you actually know what you are doing and don't really need the outside help.
Don't know about you, China has been attacking my servers every day since the beginning of time. Yawn.
How likely is it that China could shut down all the power in North America at once. It is probably impossible for even the Pentagons to do that to their own country. At worst a few areas blacked out for a few days. Big Whoop. Like a snowstorm or a tornado or a flood, except without the billions of dollars of property damage.
And so what if it all got shut down. It would be like a snow day, and we all get to stay home and drink beer and eat the ice cream before it went bad.
No beepers, no phones, no email, no bitch clients. Sounds pretty good, don't it.
Seriously, there is no way the whole continent gets an unscheduled day off from work. No way. A day off? C'mon. The pointy headed bosses would explode.
And the MSM unable to shove propaganda at us for 2 or 3 days? Google and Zuckerberg unable to spy? OMG! OMG! OMG!
That's the control freaks absolute worst nightmare.
It's only speaking from BAD experience (grew up & live in a rough area). In the end? Nobody wins, not really (you win, you worry about cops/jail or lawsuits etc. - you lose, you go to hospital or morgue, then it escalates to even more between families etc./et al)
Seen it. It's terrifying "sleep with 1 eye open" crap. Just LOTS of misery over usually stupid crap usually (or money, or women, etc. - t).
In fact, I'd wager We've all seen it or been there/done that. NOT worth it, not really (90% of the time that is).
Sure - Sometimes you fight to prevent a fight, but that's on a personal level.
However, this is about 2 very powerful nations that would only end up wiping one another out and taking us all for the ride (be it cyberwar, or real war) right into a casket or ruin, & would probably escalate into the "REAL THING" eventually (war).
How dumb and illogical.
Above all else, it can end up with a lot of folks dead and losing ones we love. Not worth it. It's just not. I am sure you all understand.
APK
P.S.=> I hope, in a way, you don't (because some of you were fortunate enough to have never been exposed to such madness & lunacy), but... well, there you are... apk
Bring it on. We have "Anonymous"!
Or Russia
Or Cuba
Or Venezuela
Or the Taliban
Muchas Gracias, Señor Edward Snowden !
Pretty sure you can determine China's Cyberwar Threat level by determining the ratio of Shrute Bucks to Stanley Nickels and multiply by 3.
"I don't which is worse, that everyone has a price, or that the price is always so low"--Hobbes