Slashdot Mirror
Schneier Calls US Stuxnet Cyberattack a 'Destabilizing and Dangerous' Action
alphadogg writes "Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran's uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S. solve geopolitical problems or actually making things worse? Bruce Schneier, whose most recent book is 'Liars and Outliers,' argues the U.S. made a mistake with Stuxnet, and he discusses why it's important for the world to tackle cyber-arms control now."
The more involved the more things can go wrong.
How could contributing to the spread of clever computer-intrusion technologies(both with things like Stuxnet, and with the pernicious habit of doing business with the sort of slimy vulnerability-sellers whose customers want to exploit, not patch, them), possibly be a bad idea for a country whose citizens, businesses, government, and R&D capabilities are overwhelmingly dependent on computerized infrastructure?
That's crazy talk.
I voted for Obama based on two things: I hated how George Bush increased deficits recklessly and I hated how the Republican cavalierly meddled in other country's affairs using military might.
I feel like a fool.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Is there really proof that it was the U.S.? I mean besides that awesome author who has 7 sources which want to stay hidden and that "Of course it was the U.S.!" attitude...
The U.S. made a mistake with Iran with that stupid "Axis of Evil" speech. I'm still not sure why that speech isn't recognized as one of the biggest diplomatic blunders in recent history. First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose. It was basically an open threat to Iran and North Korea that we were going to invade them next. And, not surprisingly, both responded by ramping up their nuclear weapons programs to a feverish pace (since nukes are basically the only way to ensure that the U.S. can't invade).
Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.
What political party do you join when you don't like Bible-thumpers *or* hippies?
As far as I know, power plants are not connected to the internet. The virus thingy only attacks powerplants. So there is nothing for it to do if it is on the internet. Correct me if I am wrong, I think this is all just media sensationalism about 'omg the hackerz!".
How could contributing to the spread of clever computer-intrusion technologies(both with things like Stuxnet, and with the pernicious habit of doing business with the sort of slimy vulnerability-sellers whose customers want to exploit, not patch, them), possibly be a bad idea for a country whose citizens, businesses, government, and R&D capabilities are overwhelmingly dependent on computerized infrastructure?
I have to disagree with you here. To ensure that your businesses and citizens and government and infrastructure are sound, you should always be investigating modes for attacks and publishing them. My logic is that if the United States Government is able to develop this, then so is China's, Russia's, India's, etc so get it out in the open already. In fact, your claim almost seems to advocate security through obscurity. If you want to ensure that people aren't pilfering data without your knowledge, publish your exploits and what you see as "contributing to the spread of clever computer-intrusion technologies" could just as well be seen as "telling SCADA and other makers to pull their heads out of their asses and fix this." Also, your statements can apply to every single country now, even third world countries are largely dependent on networking hardware to function.
... "destabilizing and dangerous" is a definition of what you can expect the repercussions to be.
The reason this is a "destabilizing and dangerous" action was because it was effective -- not because the US Government secretly given hackers a bunch of ways to hack every computer ever made. Also, the US kind of lost the "moral high ground" now when someone hacks their nuclear facilities with the intent of disabling our capabilities. Use an effective cyber attack against a nation state that does not have similar capabilities
My work here is dung.
NPR has a report on Stuxnet, it's origins and why it was created... it was in development since 2005 and didn't get approval until 2007 and guess who was president then? Bush! Obama said yes to it anyway for the same reasons as Bush did, so please NYT, stop making this political.
all countries are doing this, and have been doing this, for years
i never understood this "single out the USA for what everyone does" nonsense
it seems like a defect in one's ability to keep perspective to me
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The argument put forward is not really that using these methods are "making things worse" - although that is opening gambit.
The real guts of the argument is that cyberattacks "will lead to the militarization of cyberspace, and the transformation of the Internet into something much less free and open" .. for that argument, I have some sympathy
Ultimately, this boils down to don't do your dirty work in the air, on the ground and at sea but not in my playground ...
I have to wonder if the administration would have leaked this info if there wasn't an election pending.
To all those knee jerking that Repubs would do it too, man, that's a pretty low bar.
Bruce Schneier is NOT a diplomat and has fuck all experience in dealing with international affairs. And what sort of Diplomacy are we supposed to use when "Stern Letter Writing", "UN Inspections" and threats fail? Obama showed quite a bit of creativity and tact in performing an elaborate Cyber-Attack that left our best Security Researchers stumped for months and seems to have worked quite well in derailing their bomb making efforts.
Would Schneier prefer we have gone ahead with Israel's agenda and bombed the suspected weapons making facilities and risked killing people -- even civilians? Or is he just the sort of Freedom Loving Pacifist that would have us dawdling around writing more "Sternly Worded Letters" until Iran finally trotted out a bomb and wiped out an entire city full of people?
I don't trust my country possessing nuclear weapon either, I hope another country will undermine our american nuclear facility as well.
Smart move, George.
Intentional move, with successful outcome. The POTUS needs an outside enemy so the people will forget to debate internal issues.
Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.
You are flat out wrong. The candle light vigils held for 9-11 victims were entirely citizen events and had nothing to do with the government. I have two Iranian citizens as good friends and they are completely different people than Ahmadinejad and, worse, their nutjob supreme leader. Your insinuation that Iran the nation state sent open condolences and held vigils after 9-11 is laughable and erroneous -- some of the leadership did condemn the attacks but that's as far as it went. Hate the nation not the national. Hate the religion not the religious.
Your blame on George is also largely misplaced. They had deals with Russia to improve their nuke program long before him and the leaders have always wanted the ultimate weapon. I know life would be simpler if everything was George W. Bush's fault but, unfortunately for you, we must face reality.
My work here is dung.
There is only one source who says they have "evidence" and keeps pointing the finger at the US and Israel about Stuxnet, Flame, and other Trojans, and that is Kaspersky, which is a Russian AV company. Nobody else out there, be it Panda, Symantec, McAfee, or independent researchers makes these conclusions. It might just be me, but it appears that there might be a political agenda here.
Russia has a lot to gain by making the US appear at fault for these Trojans. There is a battle now for who runs the Net, either the US or the UN. With enough propaganda, it is possible they can wrest control of the Internet from ICANN. Result: You think SOPA/PIPA were bad, now think of some country you never lived in dictating the rules and fees for your website in your own country. Post a snide comment about the rulers in Thailand, in a few hours, your domain and IP have been pulled. Unlike the US which caves into international pressure and is smart enough to not fool around with anti-US sites (Pravda, Al-Jazeera), there is no stopping a UN backed replacement for the ICANN to do whatever it pleases. Unlike the US where the paid for fat-cats will back off when sites like Google shut down, China and Russia don't kowtow to public opinion, and PIPA/SOPA/ACTA and all that other stuff can easily become the de facto world law just because the one ruling body says so.
Either way, this shows Obama has stamina, like it or not.
But frankly I get the sinking feeling that this war on terrorism, and that axis of evil thingy is especially made to maintain some part of the military industrial group well financed, by having justification on using new toy. This went waaaay beyond revenge for 9/11 into "let us see how well our weapon perform by having a new playground to test our stuff on real people".
I wonder if that Nobel Peace Prize burns in his hand yet.
First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose.
It makes good theater. Destro, Cobra Commander and Zartan all had different aims and ambitions, but they pretty much just got lumped together as Bad Guys too. The American public dislikes subtlety.
It would be colossally foolish to sign such a treaty.
I can not imagine such a treaty being ratified.
Therefore, baton down the hatches a storm is coming.
The real mistake was getting caught, or was it? The article says "Stuxnet didn't just damage the Natanz nuclear facility; it damaged the U.S.'s credibility as a fair arbiter and force for peace in cyberspace"
Was the US government ever seen as a "fair arbiter and force for peace in cyberspace". Yes, many Americans played that role, but the official government?
Deterrence only works if the other side thinks that you have better weapons and will use them. It's entirely possible that "Getting Caught" was a calculated risk, planned from the beginning. Unofficial channels may have sent the messge, "We were easy on you this time, back off, or next time we take off the gloves." Certainly, after you get caught, that's the way you want to spin it.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
The pacific portion of WWII ended because we annihilated two cities - civilians and all - and threatened to to turn the island of Japan into a wasteland. War sucks, and shouldn't need to exist, but it does. Good? Bad? Think of it this way - do you want to be the country that doesn't have nuclear weapons because they're "against the rules," or do you want to have them because - rules or not - people are much less likely to fuck with you if they know you can destroy them?
Is it just my observation, or are there way too many stupid people in the world?
First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose.
Ah, you don't understand how the US works. Much like, "Invasion is the means by which the US teaches its citizens geography", invasions are also the beta testing ground for US munitions manufacturers. Does stealth work? Invade Iraq. Bunker busters? Afghanistan. Does mobile infantry help? Invade VietNam. Does jet tech. help? Korea. Etc.
I'm not really sure how Afghanistan fits in, but "Combat Hospital" is my favourite show (if that means anything). HAND.
"Tongue tied and twisted, just an Earth bound misfit
"War is thus an act of force to compel our enemy to do our will."- Carl Philipp Gottfried von Clausewitz Launching air strikes, drone attacks, stuxnet are all of these not an act of war? If say North Korea launched air strikes on US soil wouldnt we be upset just a little? How about if they only used drones to hit their enemies on our land? How about if they unleashed stuxnet towards our nuclear plants? But it is ok for us to do it?
"Remember, politicians and diapers should be changed often and for the same reason."
How the hell would you enforce a "cyber-arms" ban? It would be easier to ban actual arms. Like a worldwide gun ban.
You know what, this is good. Do you know why? Because now when someone asks themselves why something like 9/11 happened, you can point out and say. This. Some reflection might follow.
It was basically an open threat to Iran and North Korea that we were going to invade them next.
Which is sort of incorrect, the speech was given on January 29, 2002 and Iraq was invaded on 19 of March 2003. So let's look at Mohammad Khatami who was in office from 2 August 1997 – 3 August 2005 and I'll leave it to the reader to decide if it was the speech of George W. Bush on in January of 2002 or the ongoing "Operation Iraqi Freedom" that started in 2003 and was still going on when he left office that was the primary motivation for him being replaced by someone that would scare the US. The endless Iraq War is a bigger blunder! Not his stupid speech and Republican rhetoric! Actions speak louder than words.
George W. Bush is a moron, I agree with you here. But I don't want history rewritten to say that the greatest political blunder was his Axis of Evil speech -- look at the freaking invasion of Iraq, for the love of Allah!
Guess what happened to him after W. had his "We're coming for you next, Iran" cowboy moment?
What in the hell are you talking about?! The US wasn't even in Iraq when he made this speech! You are rewriting history, you are fudging timelines, adding dialogue, cheap rhetoric and twisting facts to align with your ideals and your reality just like a politician!
My work here is dung.
Schiener is kind of going off the deep end these days. He's getting a little too preachy, starting to sound like a laid back RMS.
The reality of it is however, Stuxnet was a far better alternative than any of the likely alternatives such as explosives or other deadly methods of stopping the program.
Seriously, why is it that every time we find a safer, less lethal/damaging way to accomplish the same thing some idiot comes around and pretends that its going to be the end of the world even though its thousands of times less damaging than the bomb it replaced.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Some earlier Presidents wanted the same sort of extralegal measures done but they went to great lengths to deny they ever had anything to do with it. Congratulations folks - you got somebody ordering the same sort of shit that Bush, Reagan (and even Clinton) pretended "just happened" only this time he's not being a coward about it.
You don't just roll back from GITMO etc in a decade no matter who is in charge. Conservative lawyers are about keeping things rolling with the minimum of change and that's who you've got USA. So what you've got now USA is what you would have had if Bush wasn't an AWOL coward on holiday all of the time.
the alternatives, invasion or air bombardment, it seems reasonable.
http://arstechnica.com/tech-policy/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government/
"It's written in the papers, so it must be true!" (a saying by one Craig Ferguson of the Late Late Show).
Unless I see some evidence or admission, this is just the usual pre-election tattle.
The U.S. made a mistake with Iran with that stupid "Axis of Evil" speech. I'm still not sure why that speech isn't recognized as one of the biggest diplomatic blunders in recent history. First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose. It was basically an open threat to Iran and North Korea that we were going to invade them next. And, not surprisingly, both responded by ramping up their nuclear weapons programs to a feverish pace (since nukes are basically the only way to ensure that the U.S. can't invade).
Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.
Agreed. But instead of being shunned for being the author of one of the most damaging speeches in American foreign policy history he gets a blog, a contributors spot on CNN, and gets to publish seven books.
http://www.thedailybeast.com/davidfrum.html
The wold will inevitably rely on cyberwarefare soon enough, much like how everyone uses computers now. And most people don't understand how a computer works so they just buy "friendly gadgets" that only expose the buttons and are otherwise cute, little boxes. If we apply that logic, aren't we going to end up designing Megaman soon?
Depends on the morality. If you mean the "least deadly to the most people", and you accept the standard and most non-orthodox assesements of Middle East politics, then Stuxnet could have been considered a significant win for, well, everyone who wants to avoid nuclear death, Iranians included. At least until some genius decided shoot their mouth off about it to the Times. Apparently some electioneer in an ill-advised attempt to make Obama seem like some kind of righteously bad-ass, serious dude. Who knows? One doubts it was the President, himself.
I think Schneier is overlooking the fact that cyber war conventions are likely to lead more quickly and decisively to an un-free and un-open Net than open cyber warfare ever could. There's more than one war going on here, in fact. Other than that I don't necessarily disagree with his overall assessment.
And he's mad about it? Or should we let the rogue, terrorist supporting state that has all but declared war on the US, and is concentrating it's efforts to completely annihilate an long-time ally, develop nuclear weapons.
Hmm... tough one...
This was just a routine Cloak and Dagger Op. During the Cold War the CIA and KGB did "monkey wrench" ops like this all the time. Most of the time they didn't bother telling the Prez... So he couldn't accidentally apologize!
In the grand scheme from the Prez point of view, this was the right way to go. Americans aren't really willing to start another war, and the intel in Iran's Nuclear program is so sensational and political the truth is long lost. The CIA wants to throw a digital wrench in the works that Iran claims don't exist is better than letting Israel invade their airspace with US made planes again. Iran isn't being honest with neighbors like Syria either, so "outrage" over breaking something they claimed they wernt doing is minimal.
The bigger problem is that the military and other orgs are utterly irresponsible With their "toys". They ended up giving foreign hackers something high-end and new to hack our OWN computers with. This leads to looking for "terrorists" under every beach towel because there is all this irresponsible stuff going on even the President and industry leaders aren't warned is coming.... Because these idiots turned stuff loose and tried to cover it up.
Has the US formally declared war on Iran?
Crazy is today's relevant metaphor for the United States military - industrial complex MAD, Mutually Assured Destruction, theory-driven policies for gaming ultimate zero-win war scenarios. Zero-war scenarios have yet to disarm nuclear technologies. Stuxnet, Flame, drones, et. al. advance the state of politics without the incursion and loss of life on the battlefields of nation states who have nothing left to lose but treasury of its future, youth.
But that's not what this particular software does. If someone wants to repurpose Stuxnet or Flame to target pacemakers, they're going to have to do the work to make it so.
OTOH if you make bullets intended to kill only bad guys and someone else decides to repurpose them for killing cute puppies and children, the bullets are just fine as-is, and ready to use.
"Believe me!" -- Donald Trump
While the wisdom of pursuing the attack can be debated, a larger question of disclosing it publicly needs to be addressed. Let's just say that doing it was of questionable benefit and it probably should not have been done.
However, once it was done I would say that as a major component of any covert military operation there was an extreme need to keep it secret. Forever. Disclosing this has more or less committed Iran to a course of action to retaliate. There is no escaping that fact - they have to retaliate, probably on a larger scale. We cost them millions of dollars so they have to cost us billions. Failure to retailate will make them appear to other Islamic powers that they have faced the Great Satan and blinked, which is not a posture they can afford.
You can argue that it was theorized already that the US might be responsible. The difference is that before disclosure it was just a theory and it is difficult to justify retaliation based on a theory. Unfortunately, what disclosure has done is made it impossible to ignore any longer. It is the difference between thinking your wife might be being unfaithful and coming home to find her in bed with someone else. It is no longer possible to ignore the situation and it demands action.
Disclosure of this sort of military secret - and it cannot be termed anything but that - is clearly treasonous. I would put it on the same level as telling Germany at the height of the U-Boat campaign that we had cracked their code and knew where the subs were being sent. The result would have been a change in strategy and tactics as well as a tremendous loss of life. This disclosure will certainly lead to a significant loss of life as well.
So because some people blabbed about this we are now going to face an attack, probably within the continental US and probably pretty soon. I believe the timing will correspond to the Iranian position on the US Presidential election. Attacking before November pretty much puts Obama out of office, so if they believe Romney would be a weaker opponent the attack will be before the election. Personally, I would suspect Obama to be the weaker opponent for Iran and therefore the attack will be sometime in early 2013.
In order to cause the required amount of damage to the US, it is going to have to be a nuclear detonation. While Iran has a shortage of bomb-grade materials, other powers do not and will almost certainly share for an enterprise of this nature. A air or missle attack would be hopeless for Iran and there are too many potential avenues of discovery for a smuggled weapon. So the likey route for the attack will be by cargo ship in a encircling harbor. The Chesapeak Bay might be a great place for this with the opportunity to shower Washington DC with radioactive water and debris.
In short, if you live in a harbor area on the East coast you might want to take a trip until, say April of 2013.
The main reason that cyberwar is a threat is because we haven't worried about code complexity, as long as systems worked, we figured it was good enough. There are now projects in play that offer ways to manage this complexity, and reduce the number of trusted lines of code for any given function to tractable numbers. I'd even go so far as to say that it's possible to have a computer that is usable, secure and networked, with active users.
Capability based security offers one part of the approach to making this possible by limiting the side effects of any given piece of code in an effective sandbox.
Microkernel based operating systems are the next part by not trusting driver code, and reducing the attack surface to manageable levels
Allowing the users to make use of the above 2 parts completes the picture, as they can then choose what they want to risk for what rewards.
I've recently learned of the Genode project which looks to be good enough to get this done. They hope to be at the "eat our own dog food" / self hosted stage before the end of 2012. They've been at it a while, and seem to really know what they are doing. I'm working on getting my own copy up and running in a virtualbox so I can see just how it all works in practice.
Let's fix computer security and make cyberwar impossible.
So I know I'm asking probably the wrong forum as Slashdot as a technology website will most likely overinflate the importance of cyber-warfare, but as a layman (I'm an MBA and not an engineer or a programmer, hence posting AC) what really is the danger posed by cyber-warfare? For example:
Conventional warfare - can damage infrastructure and kill civilians
Naval Warfare - can choke off trade routes, damaging an economy that is dependent on sea trade
Air Warfare - difficult to defend against, can enhance the effectiveness of small numbers of troops vs. superior forces, can destroy infrastructure
Biological/Chemical Warfare - historically not that effective, but has a fear effect on populations and militaries that is probably more useful than how many people it can kill
Nuclear Warfare - massively destructive, hugely expensive to play in
Guerrila Warfare - not effective at winning, but extremely effective when an insurgency can win simply by resisting a foreign military and not losing (this is the case in Iraq, Afghanistan, and was the case in Vietnam)
Cyber-warfare - ???? Files get trashed? Some country's bureaucracy gets locked out of their computers and can't run for a day (if so, China please attack the US IRS)? We steal all the Iranian equivalent of social security numbers and run up their credit cards? I have yet to see anything that cyber-warfare can do that poses some sort of major threat to a nation's infrastructure or existence. I mean, it's all fun and scary to think someone could take control of our entire country like the bad guy in Die Hard 4, but that's all campy Hollywood; I find it extremely unlikely that through cyber warfare someone could say hack into our energy grid and make all of our nuclear plants have a meltdown or hack the military's communication network and throw them into total chaos and no control "from a laptop and a WiFi hotspot".
Stuxnet on it's own set back the IRanian program by 2 years from estimates I've read, which ultimately works to Iran's favor. If Iran gets a nuclear weapon, the US will be justified in the eyes of the world in destroying the complex completely, and even if they didn't Iran would have ONE weapon, which still needs a delivery system (Iran's current missile program) and the nuclear reaction needs to be turned into a warhead which means miniaturized and hardened to survive delivery via missile, or miniaturized so it can be delivered to a militant proxy for deployment in Israel. They're still years away from that, and even if they had it, that's hardly a MAD scenario. Iran benefits more from having a program in the works because they bring the US to the negotiation table. So where has cyber-warfare done anything even remotely effective, or where could it be effective?
You see, several times in the past, the USA have whined and whinged about China cyberterror attacks.
Turns out they were officially doing the same thing themselves.
Moral high ground? Nuked.
They've signed SEVERAL treaties. For example NAFTA. They ignore that one to put a protectionist tax on Canadian Softwood Lumber.
And they're abrogating their treaty under the Nuclear Non-Proliferation Pact.
So I guess since you hate Iran for lying their asses off, you hate the USA for doing it too, right? Or is it only *small* countries doing this you have a problem with?
you of course mean devastated but don't forget that a good number of folks will quickly revert to "offline" type transactions.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
This wasn't reported in 'The Onion' it was reported in the 'New York Times', which has been a yellow DNC mouthpiece for decades. They are about as reputable as Fox News.
They ran this story to give Obama a boost in the polls. They needed no facts.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Par for the course, /.
Obama orders an attack on Iran. = "It's Bush's fault!"
Sure, you're credible.
-Styopa
Have any of you calling me an idiot ever considered that the real enemy for Obama was Israel and the Congressional War Hawks who have been calling for Military Action against Iran for most the last decade?
By conducting this Cyber-Attack he not only derailed the Iranian Nuclear effort -- but he staved off Israel's promised Military Assault and quieted the voices at the Pentagon and Congress that were all for a Joint Offense with Israel against Iran.
Sometimes the "victory" isn't against the commonly perceived enemy -- but the enemy within. Personally, I applaud Obama for this effort. No blood was shed, no bullets fired or missiles launched and Israel's planned offensive did NOT happen and as such the US did not have to get involved in yet another war in the Mideast.
Sorry I had to spell it out for you -- but of course, the mob here who hopped on me to call me an idiot wer just utter idiots too stupid to see what I was talking about.
Maybe someday some of you will come to understand that just sitting there talking about it and writing letters only GOES SO FAR. At some point, action must be taken. And the action that Obama took was a far better action than Israel and some members of Congress wanted to conduct. Because if Obama hadn't done this, others would have made actions that would have forced the US to use traditional military action.
...or are Schneier, Stallman, et all just becoming a touch too precious and righteous lately?
This reminds me of the UCS talking all over the place in the 1980s against the US SDI program. You had a bunch of physicists with impressive academic credentials opining on geopolitical matters on which they are NO MORE QUALIFIED TO COMMENT than Alfred E Neumann.
Here's the example that I posited at that time (which earned me a "F" on that assignment for daring to make such an assertion):
How would these individuals respond if Kissenger started making public pronouncements about the foolishness of IP6, or on the security of Windows OSs, or on the worthlessness of open-source software? Their response - and it would be ENTIRELY justified - would be "Kissenger knows fuck-all about these subjects, who cares what he says? Why are his comments even being reported?"
Well, Mr Schneier, let me point out that as far as geopolitics are concerned, (you) know fuck-all about these subjects, who cares what you say? Why are your comments even worth reporting?
-Styopa
Whenever advocates of a new technology (particularly a new and dangerous technology) shout the virtues of using it on others for their own gain, they miss the point that it *always* winds up turning around on them. I have an uncle who was very pro business, and about 15 years ago thought that it was perfectly OK for people to send unsolicited e-mail to everyone on the internet in the name of marketing. He thought the people who were against it were just a bunch of anti-business boobs who couldn't see the benefits. At least 5 years ago, he had thoroughly changed his mind, having deleted spam for about 10 years. In the '40's and early '50's people were advocates of atomic bombs. Now not so much, now that everyone has them. 200 years ago, it was rifles and firearms. Today we have stuxnet and friends. Unlike other weapons, they are much easier to get/create, and the weapon you use on someone else, could also be the weapon that gets used on you. Hint: its in TFA: American legislators are cheering Stuxnet, worried about cyberattacks. WHAT.THE.HELL?!?! You put poison in the well, then complain about bad water that is unfit to drink? Like everything else about the web, everything runs at 50x the speed of real life. The stuxnet you spread today is the problem you face tomorrow.
RTFA. Schneier questioned the the use of Stuxnet, not because he didn't see it as the humane alternative to bombing, but because of the blow back effect it had on the rest of the world's computer infrastructure. His real point was that, yes, we need to engage in diplomacy about cyber-warfare.
Cyber-warfare is not new, look at what the CIA did to the USSR's gas pipeline way back in the day. It's just now becoming a commonly understood concept.
You don't lead the military, aren't in power, nor have the information available to the military. This type of question is not appropriate to the masses. What's next a site where we can vote who to bomb next? Please...
I can't remember the specific time and location, but I recall Bush remarking to a group of reporters about being on a 'crusade' in regard to Iraq and thinking at the time that that might have been a poor choice of words, given the context.
We like to frighten the world and kill its inhabitants. And we're not just lucky. Our methods are reliable and repeatable.
Now, what were you saying about terror as a weapon?
Doubtful. At the time that speech was made POTUS had ~85% approval rating, majorities in Congress, and the Dem's had been castrated on National Security. There was no internal debate already. We had an outside enemy already.
I suspect that the President read too many books glorifying the leadership of WWII; and as a conservative, pined for the days of yore. "Axis" has direct ties in the American mind to WWII (which we recall with quite a sense of adventure) and couple that with the other term he was using near that time: The "Crusade" on Terror.
It's clear, at least to myself, that the mentality was to start the new american millennium off with a bang, fighting the bad guys and freeing the oppressed. Reality, naturally, requires dealing with much more subtlety.
US Government carefully started mentioning that leaks within government are not good, but they did not in a hard way go after anybody. The mainstream media (including NPR) complelety did not even mention Bradley Manning. Of course they threw th book at him for the same thing the high level officials get a slap on the wrist for.
Obama, Biden and every member of congress should be charged with Treason, and Mr Holder if he does not charge them.
The U.S. government has decided it can act in secret to destabilize other societies. That should frighten you.
And just how many nuclear capable countries have the current bunch of war mongers invaded for a quick buck?
I don't really see how an act of spionage and sabotage committed by one nation towards another using computers is any different from spionage and sabotage executed in another matter. If they would've send an undercover agent to work in that nuclear plant and sabotage it might've had the same effect (although pulling that off probably would've been more difficult and prone to failure).
Sabotage could be morally justified if it was absolutely neccessary to prevent a serious threat against your own citizens. In this particular case, I personally don't think this is the case (Iran would only use nuclear weapons for deterrence, they are not that stupid), although there are good arguments to the contrary.
What I find far, far worse is that the US thinks that a very basic human right (of not being murdered without trial because you are suspected of being associated to a terrorist organisation) does, apperantly, not apply to people living in northern Pakistan.
The US doesn't need to make weapons grade any more and it probably doesn't.
http://soylentnews.org/~tibman
The US president has legitimized cyberattack as just another form of negotiation between organizations at peace - or did I miss a declaration of war against Iran? There's nothing wrong with cyberattack - it's just another tool for getting what you want from someone who doesn't want to do what you want them to do. It happens all the time.
Recall the Madellaine Albright comment on a major interview program to the effect that the half million deaths of women and children in Iraq due to the embargo 'were worth it' in the pursuit of US foreign policy goals? Stability of a temporary sort, I suppose.
Nearly all of us reading Slashdot could easily do the analysis of whether a national foreign policy is a meaningful concept and whether the game of multi-lateral diplomacy with war is playable by humans. Meaningful concept analysis is whether there is any possible way to measure all of our individual interests under all possible conditions of economy, actions by governments, social and economic fads, ... and then whether there is any meaningful way to combine these into national action. Obviously not.
But, the complexity of the game of implementing a foreign policy is obviously vastly more complex than chess or go. 100s of players making simultaneous multiple moves in any of dozens of dimensions. It clearly makes 3-way chess or 3D chess, which nobody plays because you can't play enough games in a lifetime to know whether you are getting better or not, look like tic-tac-toe.
Applying domain-specific analysis can cut through a lot of political BS, I find.
Oh, you think I'm an Obama fan? Don't get me started, pal. Not everyone in this country is either a Democrat or Republican, just idiots like you.
What political party do you join when you don't like Bible-thumpers *or* hippies?
Now that the cat is out of the bag that we're using offensive cyber weapons against other sovereign nations to whom we are not currently in a state of war with, it opens us up to attack.
Let's say tomorrow the US announced that it was going to modernize it's nuclear weapons systems and had to build infrastructure to facilitate this, what leg would we have to stand on Iran developed offensive cyber weapons to prevent this?
Yes Francis, the world has gone crazy.
The word you are looking for is "terrorism". The US is the biggest, badest terrorist in the world. Stop calling it deterrence, stop calling it Shock and Awe as if it were something to be proud of, and start calling it what it is: terrorism. Then you will start to see the hypocricy of the US people and begin to understand where some of the hatred comes from.
Iran is an Islamic country.
The entire Islamic world has been at war with the non-Islamic world since Muhammed.
The entire Islamic world is also colonial, expansionistic, and imperial; the goal of Islam is to enforce Sharia law on the entire world.
Therefore, Iran is *exactly* like Japan in WWII, only more so.
I am dubious of his conclusion though I am willing to hear his summation on this point.
America fiddled with some centrifuges and delayed them for a few months. China recently downloaded F22 data they can use for the next 30 years. Rah Rah, Americaaaa !
Almost everyone reading slashdot knows enough to answer the important questions with our expertise : 0) Is 'national interest' a meaningful concept? Clearly not, as it would require a matrix of the weights representing every individuals interests under all conceivable changes in the future, and a means of combining them to produce a foreign policy maximizing our national utility. That data isn't collectable, and the combination function probably isn't computable. 1) Can a nation implement a foreign policy that maximizes the national interest ? Reasoning from an analysis of game complexity, clearly not. Multi-lateral diplomacy with war has 100s of players, each making many simultaneous moves of pieces with very many possible movements. Without even doing the combinatorics, it is clear that game is as far beyond 3-way or 3D chess, which nobody plays because you can't play enough games in a lifetime to know whether you are getting better or not, as chess is to tic-tac-toe. Nations obviously should be neutral, as there is no possible way to produce a positive outcome for the citizens. But the outcomes are optimal for diplomats, general and the oligarchs, which is why nobody wants to hear any of this. I find, btw, that applying my profession's analytical techniques cut through a lot of BS.
Bruce Schnier is nothing more than an irrelevant spectator who likes to portray himself as someone of importance. He has zero experience in this arena is is therefor not qualified in any way to comment on activities such as this.
And that makes you accept secret hostilities?
Because you have been abused so long, you accept abuse?
Good point. And here is a way to move past this false choice:
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html
"Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing. I discuss that at length here: http://www.pdfernhout.net/post-scarcity-princeton.html
There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all."
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
"International politics changed massively when we invented weapons of mass destruction. Suddenly wars between countries that both wield weapons of mass destruction became a realistic impossibility. MAD as a concept did something that nothing did in our entire history - mandate peace."
A related essay I wrote: "Problems of the MAD doctrine, their consequences, and positive alternatives" ...."
http://groups.google.com/group/virgle/msg/e34f9013282af9d7
"The policy of "Mutually Assured Destruction" (MAD) with strategic nuclear weapons policy is based on decision makers being rational and not wanting their own country destroyed (were they to use their nuclear weapons and receive reprisals or even just spreading radiation). This essay explores a few reasons why this MAD policy will ultimately fail due to irrationality or other reasons for bad decisions by humans or the bureaucracies they inhabit. This reasoning is also applicable to understanding why any similar policies about bioweapons or drones or nanotech and so on could also fail. Then the consequences of this are explored, and some alternatives suggested (including sharing information leading to healthier local communities and ultimately creating space habitats)
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Considering that the USA is the only country to have used nuclear weapons in war, I think we have more to fear from the USA and its nuclear arsenal than from any other country in the world.
For once I don't agree with Bruce Schneier... I don't think the US *created* Stuxnet, but maybe they customized it and used it against Iran.
On the principle of making cyberwarfare I think it's a valid way to fight that doesn't cost too many lives and in this case was guaranteed not to have any collateral damage in the form of civilians hurt.
Let there be no question about it: Iran must be prevented at all costs from acquiring nuclear weapons. If that fails we must revive the cold war strategy of a first strike in order to eradicate their capability to wage war. Fortunately the lunatics in charge are easily provoked so the obvious strategy must be to make them attack with nuclear weapons (which of course should be intercepted before they do harm), and then strike back with a similar and now justifiable nuclear attack that efficiently both destroys the megalomanical regime and their capability to create more nuclear weapons. Hopefully what rises from the ash is a new and more reasonable regime, like we saw it in Japan after they got hit by the Hiroshima and Nagasaki bombs.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
The MOST destabilizing outcome is an Iran with deliverable nuke capabilities.
Whether you like to admit it or not International Relations is a Realist's game. Sure you can put Neo in front or some other slick prefix. But when it comes down to it International Relations is every man/nation for itself. It exists in a "State of Nature". Not civilized. Not democratic. But cold and calculating.
And the sooner you Kum-By-Yah leftists get that... the quicker we can move on. Wake up. We are in a cyber-cold-war right now with many actors and many agents provocateur. "Stability" is an unobtainable Utopia.
Its no surprise that the US and Isreal would be involved with damaging Iranian production. Its all they talk about. However, I would be pissed if I was Germany, because the virus attacked Siemens products. It really makes this company look weak on security like Microsoft.
Remember, it's not about cheap oil for people, but profitable oil for the oil companies.
It's definitely cheaper than say hmm.... invading Iran, kudos mr president, saving some gd ole benjamins in a time of financial downturn.