Slashdot Mirror
Obama's Portrait of Cyberwar Isn't Complete Hyperbole
pigrabbitbear writes "It's hard to imagine what cyberwarfare actually looks like. Is it like regular warfare, where two sides armed with arsenals of deadly weapons open fire on each other and hope for total destruction? What do they fire instead of bullets? Packets of information? Do people die? Or is it not violent at all — just a bunch of geeks in uniforms playing tricks on each other with sneaky code? Barack Obama would like to clear up this question, thank you very much. In an op-ed published in the Wall Street Journal the president voiced his support for the Cybersecurity Act of 2012 now being considered by the Senate with the help of a truly frightening hypothetical: 'Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud,' Obama wrote, describing a nightmare scenario of a cyber attack. 'Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.' All because of hackers!"
...and I can't say that about his predecessor.
I keep wondering who will be responsible for cleaning up the thousands or millions of pc's that get infected (or re-infected) years after a "cyber" war is over. I have never heard an answer to that.
Obama's Portrait of Cyberwar Isn't Complete Hyperbole
No, it's only 99.8% hyperbole. Someone has calculated the half-life of the current set of "crises", and decided that we need another urgent problem to address.
To ensure perfect aim, shoot first and call whatever you hit the target
I think it would be an excellent idea to harden our infrastructure and make our social and political systems for responding to change more resilient. That does not mean that spinning tales of disaster that can only be averted through legislation is anything other than hyperbole, though. I have yet to see anything about this cybersecurity bill that does not involve centralization (reducing resilience) or regulation (reducing diversity and thus making attacks more effective because more widespread), and so far nothing that really looks like it would actually harden our information infrastructure in any meaningful way.
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
Why is this sort of crap connected to the public internet?
I have an answer . . . MyCleanPC!!!1! I just installed it on my PC and I'm re++--_#*$NO CARRIER
or Die Hard!
Or consider putting utilities on their own private networks and increasing physical security.
Oh yeah... that costs money....
you don't understand the current important cyberthreats, and we don't care about them neither, but lets paint an improbable/impractical scenario with big explosions and use that excuse steal even more privacy/control from all of you to benefit our sponsors.
'Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud,' Obama wrote, describing a nightmare scenario of a cyber attack. 'Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.' All because of hackers!"
That's like a hacker's day-dream from the 80s.
"First they came for the slanderers and i said nothing."
Bankers have already pulled off a caper far worse than the unlikely scenario described here. Obama can direct his justice department to hold these bankers responsible under laws that already exist. How serious can he be about protecting America when he refuses to prosecute criminals who have damaged our national security so thoroughly?
Give me Classic Slashdot or give me death!
No, because "regular" warfare isn't like that either.
Oh come on... If Obama's predecessor said these same "hypotheticals" things people would be talking about how it was nothing more than evil Republican right-wing fear mongering.
you mispelled "Rethuglican"
Really, know your audience.
That's because it likely would be. When you don't cry wolf very often, people take you much more seriously when you do.
It was a government mandate to attach all utilities to the internet and add "security" that has led to them now being accessable. Before that they were clunky old systems best connected by calling the guy on the phone who pushes the buttons and levers. Each utility should be off the internet grid until such time as a node can be developed that is reasonably secure from intrusion, which does not seem likely soon since most internet equipment is built with back doors for one security agency or another.
Also,
To quote H.L. Mencken, 'The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary.' (or as we now see in our lives, intentionally created by the government itself)
JJ
http://www.kema.com/services/ges/smart-grid/ai/security-standards.aspx
I'm more worried about subliminal (hidden) messages flashing on my monitor telling me what to buy, eat, etc.
To wit: Stuxnet
We're looking at the Senate to combat cyberwarfare? Are you kidding me... when we could easily unleash Bruce Willis and the Mac wunderkind (Justin Long)?
http://www.imdb.com/title/tt0337978/
These scenarios are pure fantasy as related to "cyberwar". The "cyberwar" term is only used to create fear and get more money. Sure, if IT security in critical infrastructure is really on an utterly pathetic level (and some is), somebody could cause a lot of damage. But that is more an individual, like a disgruntled ex-employee, not any kind of military term on the other side.
The fix is not to have another dysfunctional military buildup, the fix is to make those responsible for critical infrastructure, dangerous plants, etc. at least minimally responsible to have good IT security. As in operating a dangerous chemical facility without reasonable IT security does actually get notices, causes the plant to be shut down, causes the ones responsible to go to jail for a long time and causes any and all profits gained form the lousy security to be taken away, including triple damages. Maybe then IT security would finally get better. All this "cyberwar" nonsense is not going to accomplish anything except wasting huge amounts of money better spent elsewhere.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
"Obama does a good job of facilitating thinking..."
And I can't say that. At all. I'd be lying.
This is nothing but fear-mongering to sucker people into increasing the power of the federal gov't. "Oh but it won't be used in that way"... since when has that EVER been true?
"It's time to strengthen our defenses against this growing danger" is how the op-ed ends. I agree. I would assume that most would also agree as well.
The challenge of course is agreeing in what does "strengthen our defenses" mean. To me it means disconnecting critical systems from the Internet. Yes, that means that it will take more people to operate those systems and it means less centralization. These things will make it cost more; but security has always (and will always) have a cost in terms of money / resources and convenience. In the case of critical infrastructure, these costs are worth it.
and I can't say that about his predecessor.
His predecessor invoked much thinking as well however much of it prefixed, or suffixed with, "wtf?", "lol" and "lmao"
Join the Slashcott! Feb 10 thru Feb 17!
But his predecessor had an AWESOME partying time!
I can't say that I agree with his content, but Obama does get Joe SixPack to realize that power plants and trains switches can be inadvertently connected to the internet (and to wonder what else it connected.) Hyperbole it is, but it's useful for the non-specialist.
A straight-forward set of solutions to some of these potential problems:
- A human being with a brain is left still ultimately responsible for the operation of trains, planes, etc... "the computer gone haywire" scenario becomes one of inconvenience and slow-downs vs. disaster and death
- Double checking of automated processes... the treatment plant is not a "set and forget" operation, humans should be monitoring the quality of the drinking water and the output of the treatment plants using manual devices--these are double checks for any automatic monitoring
- Disconnect critical systems from public (and sometime even private) networks. There is no reason to allow remote operation of many of these plants and facilities, so that's first and foremost (if it doesn't NEED to be remote controlled, then don't allow it). Second, for many of these systems simply making sure that they are connected only to secure and private networks would do wonders for preventing outside hacking, and while you're at it eliminate gateways between public and private networks.
At the end of the day it comes down to the human factor. Keep human's located at the equipment, and properly trained in it's operation (and recognition of malfunction) and these disasters will be easily averted.
You forgot to whine a few words: "Know your lib'rul, socialist audience!"
only with tubes.
A series of them.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Any substantial cyberwar will turn into a substantial shooting war within a matter of days.
Put that in your policy think tank and smoke it.
Sheesh, evil *and* a jerk. -- Jade
Hyperbole like this facilitates thinking that everyone who knows how to defrag a hard disk is a dangerous black hat and potential terrorist.
Gamingmuseum.com: Give your 3D accelerator a rest.
Stop being cheap/lazy about critical infrastructure?
There are rules and frameworks for the medical industry (HIPAA etc). Ditto for the construction industry.
Perhaps they need something similar for critical IT infrastructure, especially regarding firewalls, air-gaps, passwords, encryption, patching, and upgrading.
How about we start with:
* Control of any critical system that does not need to be online shall not be accessible online (air-gap)
* Information that is needed in a read-only capacity should be configured through a non-writable medium
If you want reports from your water treatment plant, then have something send data through a one-way medium. Remote access is great and all, but if what's standing between you and a possible hack harming thousands or millions is a few on-site personnel rather than remote access... stop being cheap about it and put people on-site.
All because of shoddy engineering I would suggest.
Cyberwarfare?? Why.... just take the fracking industrial controllers off of the dang internet. Ewww problem solved. Geez. It AIN'T rocket science.
How high is the actually risk of that nightmare scenario? nightmare scenarios are easy to make in regards to anything. What about a nightmare scenario where someone buys a load of heavy metal and dump it a lake near a large city, overload any water filters the city have. Do that mean we have a heavy metal war that is important to take care of?
Obama does a good job of scaring the shit out of people and saying, "Let the government be the solution. Let us spy on your web habits via your ISP, and your cellphone via tracking. And oh yeah, we've decided to expand the TSA's mission to busstops, train stations, along highways, and at pulic facilties like malls and hotels."
In that respect he's a hell-of-lot-smarter than George "duh" Bush but ultimately it's the same fucked-up destination. Let both the (D) and (R) president burn in hell.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
1. Give them 2 years to hire or retain by contract people who can repair or do maintenance on site.
2. Make it a class six felony to knowingly connect an industrial system to the public internet for any reason other than an exigent circumstance for which a reasonable practitioner would not regard the on-site staff as capable of handling or for which there is insufficient time to fly out a practitioner capable of performing the work.
3. In the event of loss to limb or property, make trebble damages built-in to the civil site.
4. In the even of loss of life, make elevation to felony murder mandatory with execution mandatory for all parties involved in the event that the death toll goes beyond a few people.
That's how you wake them up and institute change post haste.
It's not Hyperbole. Those events can happen, and there have been SCADA compromises.
The Kruger Dunning explains most post on
The problem here is that cyber war is primarily the act of commerical firms who idiotically disregarded the need to lock down the access to their products. It is roughly the equivalent of leaving your door wide open and a welcome mat out.
I sat down with the heads of 3 public utilities in the USA including TVA and flat up asked them what security they had on their system controls. They said, "None". They had so old protocols that was their only defense.
I have spoken with the head of a major Vehicle Data Bus reader system and said to them that they needed to get heavy encryption and strong access controls and they argued it was not important until I reminded them people could get killed if their systems get hacked.
The true reality is that we tend to disregard security until it is broken.
I wrote software which manages trains and the railway network and I can tell you that it would be IMPOSSIBLE to derail a train or cause an accident with a "cyber attack". I might believe Water treatment plants because of their use of SCADA but not railroads.
It does make you think. If Bush and the GOP think that Dems are government solution crazy....why in the hell did they start the massive gov't surveillance programs in the first place. Did they not think the Dems would 'improve' upon them?
I fully believe if Bush hadn't started this dive into moral failure the Dems wouldn't have done it on their own, if only because the GOP would have, rightly, decried the invasions of privacy. But because of 'terrerism' somehow it was ok...
Bush's fault for starting it, Dems and Obama's for continuing.
People in cars cause accidents....accidents in cars cause people
Did it ever occur to you that maybe security is so bad than anyone who knows how to defrag a hard drive has the technical skills necessary to be a potential terrorist?
>>>Strawman. Stop using them.
There's no strawman. Obama really has expanded the TSA to busstops, train depots, post offices, et cetera. It's not my fault you don't keep-up with the news and remain unaware of that fact.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
With the cost of healthcare and the number of retirees that lost most or all of their savings, I doubt it.
>>>If Bush and the GOP think that Dems are government solution crazy....why in the hell did they start the massive gov't surveillance programs in the first place.
Exactly.
I'm happy to say I never voted for Warmonger Bush.
Nor Obama the insurance megacorps' best friend.
Or Romney the corporate prostitute AND warmonger.
(We just keep getting one lousy president after another.)
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Not even regular is like that. Regular was is two or several sides having people who are armed and those who get to pay and suffer.
Let's say for example, China and America had an all out war: in that case the common American citizen and the common Chinese citizen have a LOT more in common than the common American or Chinese citizen have in common with their leaders.
The whole thing of equating the policy of war profiteers with the people in a country is fascist bullshit. It's usually, and certainly often when America is involved, not "country A fighting country B", it's "group X (elites in countries A and B) fighting group Y (the people in countries A and B)".
Seriously, pay some fucking attention already.
Here's a thought:
Don't connect these things to the internet. Run them with men, not by remote control. You wouldn't think of endangering people by flying a 747 by remote control, so why do it with a train or power generator?
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Sabotage has been part of warfare for a long time. What's not clear about the war analogy here is that these could theoretically result from 14 year olds hacking in their basement or an attack organized by some other country to further its interests. One is a police problem, the other is a national security problem. You won't deter the 14 year old hackers - you have to harden targets so that aren't vulnerable to those attacks.
It appears we have already decided to use cyber warfare against Iran. From Iranian perspective the best way to deter those attacks may be to engage in attacks on the United States. In short, cyber warfare is a self-fulfilling prophecy. As in any war, the question is what resources do the two sides bring to the battle and who is more vulnerable to attack. The United States may have more resources, but it may also be far more vulnerable.
The real question is how government will respond to this perceived threat. They could push for better software and system security. Instead, they'll likely use the fear of this threat to increase their size and find yet another way to restrict people's freedoms.
Cyber "war" is just applied mathematics. Get it right, and you're untouchable. Its impact is unreliable and the expenditure is out of all proportion to its impact. Give me what was spent on Stuxnet and I could do far more damage to infrastructure than that ever did.
[FUCK BETA]
Try because of extreme negligence. How many supposed hacks are because the admin password was 'password' or equivalent? When are we going to demand that due diligence is required when it comes to computer systems? Oh wait, never mind, that might cut into corporate profits, we can't have any of that.
"To those who are overly cautious, everything is impossible. "
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I should really make a locked-down *nix appliance that secures devices behind a keyfile-secured VPN or SSH tunnel and requires cryptknock before allowing access, and a software suite (like PuTTy and some scripts) to make connecting easy from a Windows computer, and then sell the setup for a ridiculously high price calling them "unbreakable infrastructure security terminals."
If that big dumb idiot who ran HBGary can be a rich executive, why not me?
"When information is power, privacy is freedom" - Jah-Wren Ryel
And why? What the president is saying isn't 100% bullshit, which is a difficult thing to swallow - for me, too, and I voted for him. Of course it isn't nearly the truth, either. The truth lies somewhere in between "nothing will happen" and "The only way to be sure is to nuke it from orbit" and it shifts.
I will tell you this, not long ago there were some oil pipeline explosions in Russia (not the USSR). The explosions happened just as Russia was starting to make a big dent in middle east oil production and, coincidentally, just as American oil interests were turned away from investment in Russia's oil industry. There was a massive pipeline explosion. It took Russia years to recover fully and by then the Middle Eastern oil situation had stabilized and they were able to over supply Europe once again. The explosion gave the US interests breathing room.
It was caused by code put into the valves by US firms that effectively reversed the oil flow.
Yeah, we did it, and the message was that either Russia does it themselves or they play nice with the US. And now China did the same thing to us.
Serves us right.
The war is here, son. Strap on your slide-rule and tape up your glasses. Uncle Same wants you.
. . . until it does. Think: 9.4 on the Richter Scale down the San Andreas Fault. Who will ever be ready for that, too? There is almost no reason to bring up such dire straits during an election campaign, unless he knows it's coming soon.
How so? Obama came into office on "hope" & "change", and he just helped consolidate the police state Bush kicked off even more. Oh, and he went from torture to "kill lists", and he payed banks for being too greedy for their own good. He didn't change a fucking thing, he just lubed it up for you, all nice and sophisticated and bullshit-y.
No, all he (well, his handlers) did was pulling one on you, and you just sit there and celebrate it with empty phrases like "he facilitated thinking". For fucks sake? What does that even mean? Your BRAIN would facilitate thinking, IF you had one.
I'm pretty sure they simply implemented the same policies that are chugging along all the time, anyway, and this time with the diction of Tuvok instead of dumb smirks.
Actually, you could say they merely applied a different CSS file to the exact same fucking HTML.
OH LOOK, IT'S A NEW WEBSITE I NEVER SAW BEFORE!
Gah...
Every time a slashdot post references a fallacy incorrectly, which is fast approaching "always", I want to hulk smash my computer.
Obama's predecessor could even spell "hypotheticals".
Though I suspect he wouldn't have any problem using an adjective as a noun.
If security is so important regarding trains and water plants, don't connect them to the internet. Why would you risk your country by doing something so stupid?
outsourcing leads to stuff like being on line so it can be controlled remotely
Only kibbitz I have is Obama made a calculated decision to go with Mandate vs Gov't Single Payer in order to try and get some GOP support.
In a world without political calculations (& Unicorns!) I think he'd have done away with said insurance megacorps...
People in cars cause accidents....accidents in cars cause people
Poster: "partisan bullshit"
Slashdot: ZOMG! +9000 Insightful!!!
This place is truly intellectually dead.
You, sir, are what's known as a "useful idiot".
Give me what was spent on Stuxnet and I could do far more damage to infrastructure than that ever did.
Woh there, cowboy... put your gun back in its holster. The reason for the expense is that Stuxnet was a subtle, precise strike. The main advantage of which is that it didn't give Iran a clear Casus Belli against Israel. No kidding it would have been cheaper and far less complicated to just drop some bombs on Iran's centrifuges... but that could have led to pretty brutal regional conflict. Why use a baseball bat when you can use a scalpel?
-- Let us endeavor so to live that when we pass even the undertaker shall be sorry. -- M. Twain
OBama is a jerk off tyrant so was Bush.
It's a fire sale dude. Better get Bruce Willis on the job. Oh and buy Apple!
I'm worried about this. We're seeing too many attacks and persistent threats that seem to be laying the groundwork for something. Viruses and worms used to do something actively hostile. Now, there are ones that just slowly take over machines and wait for further instructions.
There's a lot of infrastructure which used to have big maintenance forces, but no longer does. Water systems, pumping stations, power substations, cell sites, air conditioning, and railroad signalling are all remotely controlled, and some of the links do go over the Internet. The power and railroad people take reasonable precautions, but the others, not so much. Few companies have the armies of maintenance people they used to. This is becoming a big problem in the power industry, where recovery from storms is taking weeks instead of days.
I'd worry about an attack on the financial services sector. If someone took down the NYSE or the NASDAQ or the CBOT, or the links between them, for a week, the financial center of the world would no longer be in the US, even after the systems came back up. That's a very attractive target. Back in 2001, the markets outside the US weren't ready to take over. Now they are.
I can't say that I agree with his content, but Obama does get Joe SixPack to realize that power plants and trains switches can be inadvertently connected to the internet (and to wonder what else it connected.) Hyperbole it is, but it's useful for the non-specialist.
yeah, but it's not because Americans has too much freedom on the internet. It's because goverment contractors are incopetent with basic security.
That's the 100% false hyperbole that The Man is shoving down your troat.
He is not saying the truth, it would be "hi citzens, we screwed up wasting all your tax dollars on systems a 5yr old could misuse and then we added insult to the injury by connecting them online. now we are going to prosecute all the bad contracts we made and fix it with secure applications"
instead he is saying "the internet is dangerous, we will collect information from everyone everywhere and will violate all your privacy, because the internet is dangerous"
How the hell can i use my mod points on the article? it's clearly flamebait.
Keeping critical systems offline is no longer good enough. Remember stuxnet? The site in Natanz that housed all of the centrifuges was kept offline. So how did the virus spread? Most likely by someone using an infected usb drive. Whether or not they knew the drive was infected doesn't really matter, it was a weakness that was exploited.
So keeping systems offline is a good step, but by no means a security panacea.
Because to be that type of success, you need considerably salesmanship talent, connections in the right places and a fair bit of luck.
This is completely backward. Infosec is actually applied anthropology. Humans will get the math wrong. They will get the design, the implementation, the policies, the procedures, the operation wrong. Security is about assuming mistakes will be made and overlapping protections to the extent that the impact of those inevitable fuck-ups is minimized.
I think the plan is:
1 put vitally important control systems, that only a retarded flea on acid would put on the net, on the net.
2 wait
3 crackers hack them for the lulz or for profit
4 claim you need total control of every aspect of the internet to secure it
5 control whatever aspect you wanted to control in the first place
6 profit!
Or, I launch some pennies over into the neighbour's house, so I can look for them, when the search becomes tiring I'll have a swim in his pool.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
He didn't change a fucking thing,
Actually, he did. There's been a lot of change in the last three years: all for the worse. Three years ago, he told us that if he didn't get the economy moving again and people back to work he'd not be re-elected. All I have to say now is, "From his mouth to God's ears!"
Good, inexpensive web hosting
>>>In a world without political calculations (& Unicorns!) I think he'd have done away with said insurance megacorps...
And then we'd have an insurance monopoly run by government. I would have to rely on them to take care of me if I got some expensive illness that I could not pay for. That would be even worse. Nothing is as horrible as being trapped in a monopoly. It's basically anti-choice and anti-liberty.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
It wasn't to get GOP support (only ONE Republican house rep voted for it in the end) It was to get a lot of people from his 'own' party to go for it (not all did and some needed bribes to do it, and a lot of them got thrown out in 2010 for it)
It surely is better to have American officers police American territory than American soldiers "fighting terrorism" in Buttfuckistan.
To date, most if not all remotely warfare-like "cyber" actions have been performed by government, or with their support. Generally, when civilians wage hostile actions, they are much smaller and considered in the category of crime. When the military wages hostile actions, it is usually bigger and considered warfare. So their whole "Cyber War" is pretty much an inevitable course of military nature, a self-imposed -- or at least accelerated -- state of affairs, as they rarely, if ever, fail to weaponize anything with "good" potential. It would brighten my day, however, if their talking heads and those that listen to them could begin intelligently distinguishing the vast difference between cyberwar and cybercrime, hence using the DHS to issue DMCA takedowns for torrenting popstar trash.
But they really shouldn't be given too much credit; they are certainly guilty of hyperbole and grubbing viciously for more money and power and control. When we build sky-scrapers, we try to our best and do so methodically. They contain great potential energy and are very pervasive. Is there a Construction-War? Certainly we could try this with IT? And call me naive, but would it hurt us beyond repair to bring some manufacturing back to America? Big Gub's credibility will only grow if our hardware and skillsets continue to be imported from high-risk sources - at least without uncanny oversight.
Depending on virtual things, I suppose, does have its risks. But so does depending on overly ambitious criminals in government. If they've clearly illustrated one thing about war, it's that they have a far greater interest in it than the rest of the world, and especially many sensible Americans.
Forward! -- Emperor Norton, 2012
if you have
1 Educated Users
2 a BOFH with a baseball bat (and the authority to use it)
then most of your problems will go away
but then in 99.99999% of the time you can't make Stupid That Painful
Any person using FTFY or editing my postings agrees to a US$50.00 charge
If it were anything other than fear-mongering, the entire act would simply be about making it illegal to connect such vital systems to the internet at all, which is the only sure way to protect them. ...but instead of that, what does the act do?
https://en.wikipedia.org/wiki/Argument_from_fallacy
(My own reference to a fallacy is, naturally, close but incorrect)
I am not sure why this comment was modded down as there is a valid point here, though you seem to be setting up a false dichotomy between doing the wrong thing (war on heavy metals) vs. doing nothing (ignoring potential threats to a city's water supply). For every threat response, there needs to be a risk vs. reward analysis, lest the cure be worse than the disease. Yes, terrorism was a problem that needed to be addressed. The proper response was bolting cockpit doors shut, CIA investigation of terrorist cells, and political diplomacy with states known to harbor terrorists. (It is debatable whether that last one was done correctly or not.) The wrong response was security theater such as the TSA checkpoints. However, an even more wrong response would have been to blow off the problem and do nothing. Cyberwarfare is a definite potential threat that would be foolish to ignore. The question then, is not if to do something but what to do. I don't know any details of this legislation, so I don't know if it is more like a cockpit door lock or more like a TSA naked-scanner. But Obama is right, in that doing nothing is the wrong answer.
"INADVERTENTLY??"
Really? Try on purpose, every time. Because somebody thinks it would be convenient to access via home and does not think about the security implications.
The fun part is a lot of places think about this but are not willing to spend the $$ on security they need to implement this with an "acceptable" level of risk.
The wait until after they have been compromised and then the enormity of the breach (and loss of trust) causes them to throw buckets of $$ at it then.
as Marvin said I am inspired that anybody able to make $6830 in one month on the computer. did you see this web page http://goo.gl/UUZFR
The patriot act was already written months before 9/11, just waiting for an excuse to be proposed. The megacorps and their lackeys saw another opportunity to bleed the taxpayer in the name of "safety and security". Would have played out the same with a dem in power.
What irrelevant bullshit is this? Mods who keep upping this kind of thing should be stripped of their powers. Can't the meta moderators please do something about this?
Saying we need to create a 'cyberwarfare' program because our physical infastructure is an unreasonable idea. It is a SECURITY problem that our physical infastrucutre is vulnerable to network attacks. Solving this problem requires that we review and create strict policies on all inputs to these systems. This security problem can be solved without even violating civil rights or the privacy of citizens so it shouldn't even be a debate. Creating an offsenive 'cyber' program has nothing to do with these threats and will not do anything to improve our security.
That was the thing about Stuxnet that people don't seem to get. It's a brilliant chess move; if you accept the premise that those centrifuges need to go (which frankly I did, but it's up to you), it's hard to argue that the "strike" that destroys every centrifuge without so much as an injury is inferior in any respect to a bomb which is almost certain to kill people.
But the real thing is that the evidence that it was US/Israel that wrote Stuxnet/Flame only rises to the level of "likely, but rumor", and Iran would have a very hard time starting a war over that. Bombs are a lot easier to justify in that respect - "they invaded our sovereignty and bombed us" vs "they set us back a few months and made us spend money".
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Link
i suppose he does, and i'd say we're better off with obama than we would be with the other option, but I don't think either of them are really going to do any actual problem solving. they're trying to get elected, and facilitate their backers' financial success.
why don't people just quarantine the damn utilities from the internet? how difficult would it really be to provide the computers that operate equipment with risks to the public, that don't have usb ports or any type of peripheral connection ports? 30 years ago the chances anybody in another country could damage a water treatment plant or train system just by producing software that could cause undesired operation, were nonexistent. i work with computers every day. granted, they're from 1986, and they don't plug into any sort of network, but i don't have to worry about aircraft that i repair falling out of the sky due to a virus. because they're not plugged into a network, ever. they are inefficient, archaic, and awful, but at least they don't have to worry about viruses.
who opened critical networks to the Wacky Wacky Webbiepoo.
you don't do that, you don't allow machines that connect to the Webbiepoo to connect to your critical network, you don't get hacked.
this is really simple.
too simple for too many CIOs and IT idiots everywhere, who want to tweak things when they are not at their desks.
if this is supposed to be a new economy, how come they still want my old fashioned money?
We had callback modems. For those who don't remember anything before "the Interrnet" they were telephone-computer connection and data transmission devices. Some (usually used on systems that needed some security, or perhaps to reduce the long-distance call budget of employees) could store a list of allowed connections. When you called the system and entered login information, the modem would hang up and call the registered number back. That way the system always knew which connections it was getting. Can't we do something like that now? Systems like water utilities or train dispatchers don't really need to be Internet-accessible except for certain maintenance people -- should be elementary to do some kind of "callback" arrangement with, perhaps, a known-good IP address to start with (then other authentication afterward of course)?
So.
Rule #1: Trains, including those carrying industrial chemicals, should not run Windows XP. Maybe not Windows at all. I don't know what's better, but just not Windows. /" gais.
Rule #2: For fucks sake SEE RULE #1!!!!
Rule #3: Don't fucking connect them to any type of modem, and especially don't connect this modem by software with any sort of pseudo-terminal program. Think "rm -rf
Regular warfare is about defeating an opponent with force. Defeating means they mostly cease to resist in some areas and somewhat give into what the victor wants. Few wars are as complete unconditional surrenders as World War 2 was.
Nothing is as horrible as being trapped in a monopoly.
Sort like before HCR? Employer provided health-care is it's own monopoly, meaning you can't switch jobs if you have a pre-existing condition.
I really don't understand why people distrust a government program 'that they have actual say in' versus a corporation that they have ZERO say in how it's run. You don't get to vote for who runs it, you don't get to vote for what you want it to do.
before HCR reform Insurance companies were perfectly allowed to cancel your coverage because you cost them too much money. You really want that as your health care system?
People in cars cause accidents....accidents in cars cause people
Sort like before HCR?
No. Because there wasn't a monopoly then. "Monopoly" doesn't mean "things I don't like".
Employer provided health-care is it's own monopoly, meaning you can't switch jobs if you have a pre-existing condition.
Sure you can switch. You have to carry the old health insurance though which frankly is not that much of a burden, if you've got an expensive health problem. It just goes to show that employer provided health care was not the best of ideas.
I really don't understand why people distrust a government program 'that they have actual say in' versus a corporation that they have ZERO say in how it's run. You don't get to vote for who runs it, you don't get to vote for what you want it to do.
Because a) businesses not just corporations are far less powerful and more easily defeated than governments of comparable size, b) businesses are narrow focus and narrow extent, for the most part, you don't have to care what a corporation does, c) government has more leeway to renege on health benefits than a business does, and d) business's health benefits are usually contracts with independent third parties, so there's less conflicts of interest than with government-based health benefits.
Only kibbitz I have is Obama made a calculated decision to go with Mandate vs Gov't Single Payer in order to try and get some GOP support.
Only the "GOP support" in his own party. It's interesting how many people rationalize this so wrong.
Agreed. I voted for the fucker, but what a wet-blanket God damned retard he's been. As much as I hate to admit it, new boss is same as old boss. And this next election is a joke as well.
After this long, it does make me wonder what does go on at bohemian grove, besides open air wang fest.
Tin foil hat.
-boulder man
Ever try to hit a baseball with a scalpel?
Ok... are you not reading the same news and economic reports I have that say very clearly that the economy has improved considerably since he took office?
Maybe you're confused by the -polls- on the "news" lately that say that most Average Joes don't *think* the economy is improving.
I'll take the economists, thank you... they may deal in filthy lying statistics, but at least they base their opinion on something real.
Fedora.
Ubuntu.
MS is the biggest hole we have. It should be illegal to run such faulty systems on any US asset.
Oh, and remember all of navy ships Run that trash OS. we are not going out due to water pollution It will be much faster when our own Nuclear Subs launch at Wash.DC and other population centers.
Is this really necessary? I mean, I'm sure there are a lot of people who don't know who he is, but how many of those people read to the end of Wall Street Journal articles about cybersecurity?
This space reserved for administrative use.
And very few morals.
Vote monkeys into Congress. They are cheaper and more trustworthy.
So disable the usb ports as well.
....why in the hell did they start the massive gov't surveillance programs in the first place. Did they not think the Dems would 'improve' upon them?
Hard to say, . . . I guess it will be an eternal mystery.
Horror at Fort Hood: Gunman Nidal Malik Hasan kills 13, wounds 31 in rampage on Texas Army base
FBI’s Top Ten News Stories for the Week Ending February 17, 2012
FBI’s Top Ten News Stories for the Week Ending February 10, 2012
FBI’s Top Ten News Stories for the Week Ending February 3, 2012
FBI’s Top Ten News Stories for the Week Ending January 27, 2012
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
No, what you describe is safety: protecting against everything that can go unintentionally wrong.
Security is protection against someone intentionally wanting to do you harm.
Why the fuck is serious infrastructure wired to the 'net at all? Complete batshit insanity.
"Fear is the rootkit of democracy.." Blarkon
Another place that Obama doesn't exactly shine.
If Bush and the GOP think that Dems are government solution crazy....why in the hell did they start the massive gov't surveillance programs in the first place. Did they not think the Dems would 'improve' upon them?
One of the many problems with this sort of thing is that such advocates never seem to think of what happens when their buddy is no longer in office. Then it's some scary person with all that power. It's pretty short term thinking even for today's society.
I was going to post this but then hit the back button on my browser.
People should be concerned about ObamaCare due to the power that it gives the president over our health. Even if you believe that Obama has your best interests at heart, what about the next president or the one after that?
That was the glaring problem with the patriot act. Even if you trusted Bush, you didn't know who would be the next president.
Both partes have their share of being on the wrong side of civil rights. As much as democrats like to rewrite history and act like all the southern democrats were really repulicans, there is still the treatement that Roosevelt authroized against the japenese during world war ii. Hell, for all the talk of war mongering in this tread, only one party has actually used a nuclear bomb against another country (and I am not moralizing or demoralizing that choice.)
dodgy contractor.
So I get modded insightful, you're a troll - WTF? Maybe you should cuss more, it seems to work for me :P
Yep, I right clicked my mouse and accidentally killed four of the advisers of Assad over in Syria.
It's not my fault you don't keep-up with the news and remain unaware of that fact.
It is, however, your fault that you will be called a liar until you can provide a citation. You often call others liars when they make a claim that flies in the face of some preconceived notion of yours (even when they do supply a citation!), so it's only fair that we hold you to the same standard that you hold of others.
You can say that?? Neither is better then the other.. The propaganda both pulled off to get there ideas passed leads to the same thing. I love this... The idiots that are "Conservative" insist on stopping the progress of the human race. The Progressive party wants to censor/control everything... And people keep voting for this crap.
There is no two party system. There is no difference between Bush and Obama. Just one group of people out to over throw us.
If Obama is so worried about a cyber attack then why did he fire the first shot? People tend to shoot back when shot at and have a right to. You fired the first shot.
...why so many sites HAVE to be completely vulnerable. Even by "hackers". Since something like a water plant is pretty much all-in-one-place is there a NEED for its controlling systems to be accessible from the great wide world, and not separate from the internet?
Most of the work done in our labs is on a number of totally separate systems who connect to 'the world' all through ONE computer which allows data movement (albeit a little slowly) through 256-bit AES and only to individuals accessing it via an app on a read-only USB stick. Everything is logged, data can be sent out, messages can be uploaded to individuals, and there's NO way the gateway will allow direct access to be able to command anything IN the systems.
I don't disagree that Stuxnet was a smart move. However, it did no long term damage and can't be repeated. You can't fight a war with weapons that cost millions a time and can only be fired once. To fight a war is to compel someone to do your will, and I don't see cyberwar doing that any time soon.
[FUCK BETA]
Yes, but once you've fixed everything that can go wrong...you're done. It's Star Wars, except this time it works.
[FUCK BETA]