Slashdot Mirror
U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor'
SpzToid writes "U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government.' Countries such as Iran, China, and Russia are claimed to be motivated to conduct such attacks (though in at least Iran's case, it could be retaliation). Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress. I think the following message from Richard Bejtlich is more wise and current: 'We would be much better served if we accepted that prevention eventually fails, so we need detection, response, and containment for the incidents that will occur.' Times do changes, even in the technology sector. Currently Congress is preoccupied with the failure of U.S. security threats in Benghazi, while maybe Leon isn't getting the press his recent message deserves?"
Haliburton now has a kompootar division that needs money.
You mean, the US could spent less money on fearmongering, sting operations to trick poor and socially outcast citizens into conducting fake terrorist attacks for TV. Far flung surviallence systems, which don't work.
Instead of this crazy cloak and dagger shit, they could have invested in systems that were secure by default, and well coded that would resist cyber assault. In fact with the money spent, I'm sure they could simply paid many many many programers to do nothing but check and re-double check code, fuzz, and re-fuzz a bunch of apps until cyber breakins were not feasaible.
I am sure they could have done the same with all routers, and in the case of a massive foriegn DDoS, simply firewalled it.
Honestly... does this come as any surprise to anyone on /.?
When I heard about Flame and Stuxnet it was as if every cyberfiction story I read in the 80's had finally come true. Mentally, I'm already prepared.
Bring on the onslaught of Jihadist Erectile Dysfunction Spam!
In the future, I would want to not be isolated from my friends in the Space Station.
And of course, they convince us that we need to be protected and kept secure. They'll always have something to worry about, and something to make us fear, just so they can make us more money.
Of course they never mention their own operatives, because well, that's clearly not part of their agenda.
Not that actual security is either, they'd just prefer sinecures for the technology sector.
They just have to make all U.S. routers drop packets with the Evil bit set. Problem solved.
The Tao of math: The numbers you can count are not the real numbers.
... fabricated by the same people making the claim?
What the hell do they expect? They place critical computer systems online and they expect them to be safe? Why not leave them on an intranet and not worry about it.. Stop giving crackers a way to access the systems and nothing can happen... If the systems are so sensitive it seems logical right?
I think the tech's have pointed this out, again and again. Quit connecting critical systems to open networks, even indirectly. There's just no need to send control data across a public network, and no need for an engineer to be able to control a power station and read dilbert from the same computer. So there's no need to have that system accessible, even via a firewall, by Iran etc.
Problem solved.
I'm more shocked by this:
http://www.youtube.com/watch?v=pKaXqoC4DjE&feature=related
I'm shocker, firstly by the blatant voting fraud of it, but more shocked that nobody reported it and the first I found out about it was some comment in Slashdot. Not even an article, a single comment. If you haven't watched it, watch it, it's an eye opener.
I could never understood why America doesn't improve its cybersecurity, but if the plan is the same as with Pearl Harbor that would explain it. The US leaves their systems open and lures China to attack them to get a convincing casus belli for their counterattack, just like they did in WW2.
It's all part of a conspiracy to get Americans to lock down the Internet. Governments talk about freedom, but none of them actually want it.
A nation of cowards!
Why it is National Cyber Security Awareness Month~!
Maybe a dumb question, but what organization would be interested in shutting down the US power grid now?
If it's a country, it'd be like declaring war against the US.
If it's an organization, well good luck against the whole US who will be after you.
warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers
The only was I could see this happening is if the United States is dependent on foreign factories to build computer equipment and now the US has identified trojan horses. The other way to knock out the infrastructure is with a EMP to wipe out all the electronics but that is not a "cyber" attack.
If control to the nation's power grid is accessible over the internet, then we have problems far more serious than hackers. It's almost like the head of Homeland Security doesn't even know how to use email.
Oh no... I'm sure that there are bills waiting ready to be put out in congress by the makers of SOPA/PIPA/COICA/ACTA just in case of a "cyber 9-11".
And they will have fuck-all to do with actual security like requiring businesses to actually spend some capital on keeping their flies zipped.
Will be effective against offshore attacks? Nope.
What they will target is the same drumbeat we have been dealing with for years. More DRM, more enforced DRM, more control by a third party who wants their voice to be heard and not yours.
In the closed environment of most devices, it would be trivial to mandate an Internet wide NAC system, where if something doesn't have a valid DRM stack, the upstream router won't allow it to connect. This stack would also disallow proxying, allow remote root access (and we know how secure those backdoors will be), and all and all, allow offshore hackers even MORE reign.
Remember the old Counterstrike guy who yelled "terrorists win"? Same thing. bin Laden scored a victory on the US that no general since the Brits ever have done, completely depriving a country of its rights and turning a democracy into a police state. A cyber-9/11 would do the same thing, except our computers would be turned into terminals and instead of actual security, the only measures made laws would be DRM, DRM, and more DRM.
Great Britain and Rome did not go away because other countries attacked it. Great Britain and Rome weren't gone in a day.
The only thing the USA needs to fear is civil war this century after people around the world stop USD. After that California will lead the secession from the union because it is the 8th largest economy in the world. It cannot afford to pay for the rest of the USA.
Currently the world uses USD and suffers its devaluation because the world wishes to outsource war to the USA. This is the reason why QE(n) doesn't cause hyperinflation.
Heroes die once, cowards live longer.
What's the chance of a person in the U.S. being killed or harmed by any sort of terrorist attack? I don't remember exactly, but I know I'm far more likely to die or get hurt every time I hop into my car, so I hope Uncle Sam will forgive me for not jumping up and shitting my pants in fear this very second.
We're not prepared for Coronal Mass Ejections even though we knew this was possible for a long long time so lets blame hackers.
Similar event would be blaming hackers for controlling levys and dams for the majority of damage done by Katrina.
I vote to call it Perl Harbor. You know, hackers and stuff...
Ezekiel 23:20
Given that the US is the main protagonist in this field they should be careful what precedent they set...
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
the movie with Ben Affleck
Pearl harbor was a national tragedy where a lot of good men and women died, some very nice ships sank, and we officially entered WWII. Let's not forget how many died in our response bombing of Nagasaki and Hiroshima.
I get that a "Cyber-Pearl-Harbor" is meant to imply we'll get caught with our pants down, but then why not just say that instead of a comparison that effectively equates the deaths of the good citizens and soldiers of Pearl Harbor to a hard drive crash.
Find a better analogy. Preferably something without the word "cyber".
Anyone interested in an eleven year old's perspective of the real bombing of Pearl Harbor might care to read "I Survived #4: I Survived the Bombing of Pearl Harbor, 1941". When you're done reading it go ahead and imagine him saying "Dad the hard drive crashed because I opened an email attachment from an unknown sender".
persian1234: hey baby, wanna cyber?
panetta_l: sure
persian1234: aight, i put on my flight suit and helmet
---
Is this the MPAA? Is this the RIAA? Is this the DMCA? I thought it was the USA!
Leave systems wide open to outside, then act surprised when said systems are attacked and scream to congress for new legislation to try to "fix" the problem. Hell, the solution is simple: close critical systems to outside access. However, this might mean that it would be necessary to spend extra money because access is now more difficult. And we surely wouldn't want any corporate or governmental entity to have to spend extra money, now would we?
So it would be a line noise attack?
The Tao of math: The numbers you can count are not the real numbers.
Gee it is now common knowledge that the U.S. LET Pearl Harbor happen... Thank you Dusko Popov for exposing that in your book "Spy Counter Spy". And more and more proof is coming out about how 9/11 was also a false flag, just like the Gulf of Tolkien, lets not forget Oklahoma City, just like the nasty things outlined in "Operation Northwoods" - no tinfoil hat needed here - the facts are all out in the open and available for all to read. If this happens - we will know the government did it... Heck remember when they said "what we need is another pearl harbor event..." - hmmm what happened - OH YEAH 9/11! Now they are saying it again - keep your eyes open - they are about to do something really nasty to you - AGAIN!
The Truth is a Virus!!!
....does include cyber-Kate Beckinsale, doesn't it?
If the national power grid could be successfully targeted by cyber-spies, does this mean they could turn the Cloud to vapor?
You'd think every techie on the web would be moved to tears by this threat, so much so that Romney, with his erudite grasping at all things dangerous and evil for the American public, would become the darling of silly-con valley.
"Quick Paul, to the Mitt Pole!!," says our super-hero, as he dons his tights and scoops millions from his off-shore bank accounts and races to the aid of high-speed traders everywhere. "We must save the grid from the evil clutches of the Sino-cyberians! Call T-Boone, The Donald and the Buchaananites! We have work to do preserving the national intrastructure!"
Who better to protect "The Grid" from evil than the man who champions Free Markets, Zygotic Rights, smaller government, bigger Defense and the Bushie Tax Cuts for all?
http://www.pcmag.com/article2/0,2817,2410931,00.asp
He's still good for entertainment some days. And he's got this one nailed: "Cyber War? Bring It On! : The so-called imminent threat of cyber-attack by U.S. enemies is another in a long line of fear-mongering propaganda lines."
Why do we expose ourseles to such risks in the first place? Because we are willing to trade efficiency and lower cost now for certain vulnerabilities, that's why.
Nothing says we HAVE to have the power grid and other essential utilties on a non-isolated network. We do so because it's convenient and saves money in the short run.
If it's not practical to physically isolate the electrical grid's control systems from the rest of the world, at the very least put each one in a "bubble" and make sure all traffic into that "bubble" is authenticated. Virtual private networks go a long way towards making this possible. Having said that, physically isolating the electrical grid's command and control from the "outside world" and doing the same for other key infrastructures would be ideal if cost was not a factor.
Heck, if you even run a building or campus with things like HVAC that can be controlled by telephone or Internet, make darn sure that any request that could do actual harm (e.g. raising or lowering the temperature outside of reasonable levels, turning off power to an area without raising an alarm, disabling alarms, etc.) is authenticated, or better yet, don't allow such requests from outside of trusted physical locations, such as certain authorized computers that are on the same RELATIVELY SMALL physical network or sub-network as your HVAC's control computer, locked/secured control panels, etc. You do NOT want some guy in China turning off the heat at 2AM on a sub-freezing night, and if you can't stop them from doing it, you don't want them to turn off the alarms that will go off when the temperature of the water pipes drops close to freezing.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Thats why all this ridiculous stuff is being put out.
us declaring some kind of cyber oil and cyber food embargo against a country, and them retaliating somehow for our absurd decision to stick our cyber dicks into someone elses cyber...shesh. cant we just paraphrase the good secretary and say, "I think we need to spend more time bashing china and drumming up war with iran, while at the same time blowing through the rest of this years defence budget through government contracts to multi billion dollar corporations"
Good people go to bed earlier.
Who is Cyber-Pearl ? (s)he sounds suspicious to me
Leon E. Panetta and the hordes of the Un-Elected are the clear and present danger to the U.S.A. and all peoples of Earth.
A Gallows waits for Mr. Panetta and Ms. Clintion and their 'brethren' and Masters.
This reminds me about a recent news story about our telephone networks' vulnerabilities.
In addition to fixing the security vulnerabilities in the network, it's time to fix the vunerabilities to end users:
It's high time to stop completely falsified caller-ID. I'm fed up with calls from "U. S. Pharmacy" or "Canadian pharmacy" from numbers that are either non-existant or that belong to someone else.
If the caller-ID information can't be authenticated by the sending caller's phone company OR the sending caller's phone company isn't trusted by the receiving caller's phone company to provide authenticated caller-id information, the called-party's phone should just show "unavailable" for the number or possibly "UNVERIFIED" followed by the alleged phone number.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Is suspiciously suspicious. It's almost like.....it's election time, or something...
FTFA:
It would require new standards at critical private-sector infrastructure facilities — like power plants, water treatment facilities and gas pipelines — where a computer breach could cause significant casualties or economic damage.
In August, a cybersecurity bill that had been one of the administration’s national security priorities was blocked by a group of Republicans, led by Senator John McCain of Arizona, who took the side of the U.S. Chamber of Commerce and said it would be too burdensome for corporations.
So a new bureaucracy to create standards of questionable usefulness, and then to enforce their compliance.
. . . then he adds:
“We’re not interested in looking at e-mail, we’re not interested in looking at information in computers, I’m not interested in violating rights or liberties of people,” Mr. Panetta told editors and reporters at The New York Times earlier on Thursday. “But if there is a code, if there’s a worm that’s being inserted, we need to know when that’s happening.”
Please elaborate on what exactly you are talking about there, Mr. Panetta . . . ? It sounds to me like that means more snooping . . .
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Like most stuff that comes out of Washington, it's pure shadow-theater. Or maybe just a bad clown show.
... in which a gullible public is suddenly dive-bombed - without a formal declaration of war - by inadequate but impressive-sounding metaphors comparing present-day dangers with historical military engagements.
http://en.wikipedia.org/wiki/Brittle_Power
"Brittle Power: Energy Strategy for National Security is a 1982 book by Amory B. Lovins and L. Hunter Lovins, prepared originally as a Pentagon study, and re-released in 2001 following the September 11 attacks. The book argues that U.S. domestic energy infrastructure is very vulnerable to disruption, by accident or malice, often even more so than imported oil. According to the authors, a resilient energy system is feasible, costs less, works better, is favoured in the market, but is rejected by U.S. policy. In the preface to the 2001 edition, Lovins explains that these themes are still very current."
We in the USA need a security strategy the emphasizes intrinsic security and mutual security over extrinsic security and unilateral security. More on that here:
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
China depends too heavily on our economy. If they bring it crashing down they are crippling their biggest consumer and they will be facing huge internal problems as a result. If we get on our feet economically in the future then it's more likely.
Iran is much more of a loose cannon. It's hard to say, though, if they have the skillz required.
the country is 'facing the possibility of a "cyber-Pearl Harbor"
Hawaii is going to lose their internet connection and won't be able to play Ubisoft games.
If the Stuxnet guys had smashed the controller they had access to, they'd have done a far better job. Those Siemens controllers were irreplaceable, since Iran could no longer get them. Likewise if an insider wanted to attack a critical pump , they'd just go attack the critical pump, they would, install a virus that users an exploit to attack a control system that changes a setting that makes the pump wear out a bit quicker.
That would be a silly McGyver plot. See "DHS issues false cyber pump attack"
http://www.wired.com/threatlevel/2012/10/dhs-false-water-pump-hack/
It's not a cyber attack, if its not a remote network attack, and those come from connection stuff to public networks that your enemies are also attached to. So QUIT DOING IT!
If you haven't watched this yet, then do.
http://www.youtube.com/watch?v=pKaXqoC4DjE&feature=related
Or this:
http://www.youtube.com/watch?v=B39W91O-rUg&feature=related
There is no such thing as secure by default (except maybe for a brick), and no theoretical possibility of such a thing. There is more likelihood of a million monkeys randomly typing for a million years to create one of Shakespeare's plays than for creating a truly secure OS in the manner described. And even coming close could not be done before whatever product is completely, totally irrelevant from obsolescence.
I'm guessing: The U.S. Secretary of Defense has no knowledge of computer technology whatsoever, except what he learned from his children. But he wants to be cool, seem knowledgeable, get his name in the news, and get government contracts for associates, so he put his name on a scary memo written by his staff, who also have such associates.
That's a guess, but it seems a likely guess given the fact that technically knowledgeable people use different language and recommend examination of code for security problems and sloppiness.
Some of those who want government corruption want continuous war because government "defense" contracts provide easy profits, and it is easy to keep corruption secret.
If they get easy money, the corrupters don't care who is killed, what lives and property are destroyed, or how much money is wasted. For example, the book Funding the Enemy: How U.S. Taxpayers Bankroll the Taliban provides a huge amount of detail about a small part of the corruption.
Divide the cost to the U.S. taxpayer of just the war in Afghanistan ($574,624,781,538) by the population of Afghanistan (35,320,445). The U.S. taxpayer has already paid 16,268 hard-earned dollars for every man, woman, and child in Afghanistan. The results: Mostly, things are worse.
If those who want corruption can't get the taxpayers to pay for killing other people, they want "cyber war". See, for example, Obama Order Sped Up Wave of Cyberattacks Against Iran.
The U.S. government has invaded or bombed 27 countries since the end of the 2nd world war.
Constant war makes us poor.
If the USA is really serious about terrorism at the Federal Level then all those Federal Departments would put in a strategic plan for Super Grid & Smart Grid with a new Business Model. Every roof-top should have Solar Panels & Coastal States should have Wind Turbines with ship/airplane sensors 1 mile from the coast. *The Utility companies would be able to purchase Solar Panels on roof-tops at whole sale price and resell the electricity at retail price.
If there is a super storm that costs city/town Billions of Dollars because of lack of electricity, Super Grids/Smart(Solar Panels) Grids would save the towns from Super Storms and prevent Billions of Dollars of damage.
*Senor(s) feature attached to the Wind Turbines would be able to detect people swimming to the coastal state(s).
If laws was created so that every town has a start-up business for a basic fee to monitor & maintain solar panels with a maximum of 200,000 customers @ $15/month per customer => $15 x 200,000 = $3,000,000.00 Million Dollars profitability for each start-up company(if every roof-top has solar panels).
The oil industry says that they create Billions of dollars for the city, most cities don't even get a penny from the oil industry.
* If we do a basic conservative calculation of 50 states and 7 cities per state:
$3,000,000(each company basic charge of $15 up to 200,000 customers) x50 States x 7 cities (I know that there is more than 7 cities in each state) =
= $1,050,000,000 Billions of Dollars Profitability for 350 small start-up business that charges a basic monthly fee of $15 dollars to maintain and monitor solar panels on roof-tops.
the power grid needs to be able to link the sub stations , power plants, control centers to each other.
We need IT unions to make so cut cutting does not end up being useing outsourcing as well as real hands on training and not just book based theory leaning.
When a bunch of people lose a bunch of money and time but no one is actually physically hurt, they call it a "Cyber 'Pearl Harbor'" referring, not to 1941, but to the Michael Bay movie.
Mod parent up.
Pearl Harbor was bait. Major "oops" that the Japs used shallow-running torpedoes thus making a bigger mess, but hubris is a bitch. The British figured out how to plink ships in shallow harbors:
http://suite101.com/article/the-battle-of-taranto---inspiration-for-pearl-harbour-a307392
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Ho, flame is not enough, they need budget for the next virus...
Yeah, because smashing a centrifuge is so less likely to be detected than planting malware.
From http://en.wikipedia.org/wiki/Stuxnet#Windows_infection:
well what about triggering fail safe shutdowns? Hacks can just try to triggering one or trigger the alarms and you better hope someone is on site to handle that alarm.
Mod parent up.
It'd be a waste of mod points; shills in their cubicles at Fort Meade are actually earning their salaries today! :p
There are three areas that need attention - electric power distribution, pipelines, and financial systems - because the impacts are high and restoration times are long.
Power systems have Internet connections because, in the US, they are now market systems, and the bidding process between the various parties is conducted over the Internet. The seven US power grids worry a lot about this, but it's not clear if they worry enough. What needs to be done there is to insure that restoration after a failure in the high voltage network is faster. Worst case downtimes should be brought down from days (as in 2003) to hours. All plants bigger than 250MW or so should be required to have cold start capability, so they can start up and idle even if the grid is down.
Pipelines I don't know enough about, so I won't say much about that.
The financial system is a real worry. If the US had a week-long disruption of New York based trading, the center of the financial world would move elsewhere. In 2001, the non-US exchanges weren't big enough to take over. That's no longer the case. Of the top 5 stock exchanges, only one, the NASDAQ, is entirely in the US. London, Tokyo, Shanghai, and Hong Kong could take over.
Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress.
I hope by that she means laws funding more and better security (actual security, not security theatre) and not laws making it illegal for foreign powers to attack US networks.
If you need that explained, shoot yourself.
Assorted stuff I do sometimes: Lemuria.org
All they have to do is to re-purpose the surveillance systems for the good instead of evil. That would be increasingly better use of the budget for such things as the probability of cyber attacks against the infrastructure increases and such attacks attain higher levels of risk compared 9/11 scenarios. Also, it would be helpful to make a good'ole Constitutional exception for creation of the National Infrastructure ADministration with the powers to regulate the collaborations across state borders, the agencies and companies. And the oversight committee, of course, for that comic relief. Constitutional exception, is there such a thing in the US? It really doesn't seem so.
So in a few years the USA will drop the cyber-atom-bomb? I don't like where this is headed...
http://www.youtube.com/watch?v=M84l19H68mk
http://www.youtube.com/watch?v=9y29sCsh0oY
So SecDef and wop draft-dodger, Leon Panetta is warning the Iranians about their cyber-retaliation, threatening to offshore yet more jobs, yet more technology, yet more investment and defense secrets, to China, and take that, you Iranian baddies, whines Panetta.
Oh swee jaysus on a Harley, for chrissakes! Too late, Leon, AMD is already beginning their layoffs, chump! Will someone please vote for Dr. Jill Stein, the way I voted for Cynthia McKinney and Ralph Nader --- we've got to put an end to stooges in the White House --- and to think America has devolved to the point where a private equity leveraged buyout debt queen, like Willard Mitt Romney, born with a silver dildo in his mouth, would dare run for the presidency! (And we though McCain/Palin was nauseating....)
By cyber pearl harbor, does he mean that the attack will destroy obsolete equipment, leaving critical infrastructure and equipment safe while at the same time providing an excuse for the us government to start a war ?
...that the Chinese botmasters may have been the ones the Iranians hired in the first place.....
...reptile dysfunction????
So has the US Navy's Pacific Fleet parked all its Cyber Boats, Cyber Cruisers, Cyber Aircraft Carriers, and Cyber Destroyers in a single Cyber Harbor? Please stop using these bullshit analogies. You might as well describe it as a Cyber 9/11 times a thousand... that's right, 911,000.
Here's an idea, if it's so fucking dangerous, why don't we make it so nothing you could do with a computer could conceivably knock the power grid offline? Eh? Like make it so the computers controlling those systems AREN'T HOOKED UP TO THE GODDAMNED FUCKING INTERNET?
Ditto for anything else crucial, since... once again, those things don't really need to be hooked up to the internet in the first fucking place. If having the output of those systems on the net is important, here's another idea, and pay attention because it's a good one. Have any computer that produces data that it is needful or useful to have transported elsewhere in real time, have a peripheral device that pumps out a continuous stream of said data, in an output only fashion, a transmitter with no physical receiver, so you can't take that over no matter what you do, (assuming no enemy has physical access to the terminal) and then have a computer hooked up to receive these broadcasts and put THAT on the internet. Then if someone somehow hacks into the receiver, it's not actually the machine controlling the grid, the switchgear, the generators, etc. If that happens, you simply have a subsystem, (or another computer) that detects the compromise, and reboots the machine from a read-only media, and at worst, you have a temporary suspension of the output data stream, while the machine running the operation (and logging the data, incidentally) remains safely, physically sequestered from any possible internet tampering.
All systems should be built like this, essentially an electronic/electromagnetic radiation one-way door. Solved. Next problem.
You mean we're going to yet again provoke somebody into starting a war?
Turns out the poor bastards just got into a DARPA cookie jar and ingested a cocktail of experimental psychotropic drugs. A V-22 Osprey generously packed with raw meat and bottled water has been delivered to sedate them. Once they are too full to move, Marines will enter and secure them with electrified steel chains and muzzles. With a mixture of education and eskrima-sticks, they will be slowly rehabilitated. In the meantime, a gang of substitute paranoid schizophrenics has been hand-selected from the finest wards of America which will provide national defense until the rehabilitation process is complete.
Forward! -- Emperor Norton, 2012
*insane gir robot voice* DONT TOUCH MY SCADA
he means they are going to know of an attack and be able to stop it but they will instead do nothing and then they will use that as an excuse to attack the citizens, steal all their rights and shove through 20-30 laws essentially 'nuking' any rights left for the people... well wouldn't put it past them.. i am surprised they haven't done it already
When some says "cyber", it means they are confused and frightened about technology, and should not, under any circumstances, be taken seriously on the subject.
Does this make what we did to the Iranian nuclear program with malware a CyberHiroshima? At least now we know what drum the DoD is going to beat in the years ahead to justify funding that pretends that Stalin has tanks lined up on the Mexican border waiting to overrun us.
Port Angeles thinks there new city wide wireless network that is shared with the public and law enforcement is safe...
No CALEA /20 (4096 address) subnet.
Everyone thrown behind NAT on a
239 bridged access points with no client isolation or encryption.
No firewall! Yes, you can browse the network neighborhood.
This is suppose to bring business to Port Angeles? Maybe Hackers, Spammers and pediphiles.
A kid could drop this in 10 seconds with a misconfigured iPhone.
http://www.peninsuladailynews.com/article/20121012/news/310129989/0/SEARCH
What is wrong with this picture?
Actually, you sad little half-wit, Panetta served in the army as an intelligence officer.
No? What about petabytes of porn!
- NOOOOOOOOOOOOOOOOoooooooooooooooooo!!!
Actually, you sad little half-wit, Panetta served as an army intelligence officer.
Everybody and his granny knows that when you fill a country with computers and then let them manage actuators (you know: things that control real-world stuff), you introduce real-world vulnerabilities to cyberspace mayhem.
So you'd think that every single government branch in charge of some computer-controlled actuator would take very special care that said actuators can't be accessed by unauthorised people who happen to roam about, right?
Starting with secure routers, credible VPN connections, limited sets of clients that the routers will accept communications from, good and varied passwords (the kind that need to be written down and kept in a safe until it's time to use them), access logs being kept and checked on a regular basis, etc. Just like the physical access control such people get off on. All known stuff.
Add to that a way of ensuring that the government (local, state, federal) has a more or less guaranteed communication backup (e.g. private fiber, special priority circuits in telephone switchboards, or simple packet radio in restricted bands). Then ensure that critical communications like banks have a reasonable level of protections too. Transcribe all that into the telecoms act, make authorities responsible for abiding by those regulations and appoint somebody to check that they do. Costs a bundle but gives you peace of mind .. and (as a nation) insurance against basic attacks.
Except that people don't. That, incidentally, is why Gary McKinnon could stroll into various government systems: they were unprotected. Everyone knew and no-one cared. And guess what: our carefully cost-conscious government does the very same thing with the nation's actuators. Starting with traffic lights and going up all the way to the power grid.
Well people are stupid, lazy and focused on the short term. We know that. That's why we have regulations for so many things.
But Ok, ... if we collectively decide (for reasons of cost and convenience) to leave everything wide open, that's what we do.
But here's Panetta who thinks we ought to do the prudent thing, against our natural tendencies. So what happens? Does he settle the issue by having a quiet word in circles of power that generates bi-partisan support for basic communications security?
No. Of course not. People don't want to hear about reasons why anything should be added to their workload or anything should be done in anything but the cheapest, most thoughtless and most slapdash way.
So Panetta needs to drum up public support and he goes to the press with essentially the same story (that ought to be recognised as prudent by every representative anyway) and dresses it up in lurid foam-at-the-mouth war-rethoric. Doom! Pearl Harbour! Enemies are out to get us! The Chines/Russians/Islamists [cross out whichever is not applicable] are coming for us. To Arms!
It makes me so tired. Why can't we just secure our vital communications without raising the specter of war? I don't know whether to laugh or cry.
These systems are not on the internet.
This is another fear mongering operation to enable more loss of freedom.
Don't fall for it.
The January 19, 2010 BBC article, UN Afghanistan survey points to huge scale of bribery says, "According to the UN survey, bribes averaged $160 (£98) in contrast to an average Afghan annual income of $425."
After bribes are paid, the income is $265. But that is misleading, because people who take the bribes are included in the overall average. So the average income for those who don't get bribes is apparently much less than $265.
Using $265 as the figure, U.S. taxpayers paid the equivalent of 61 years income for average people (16,268 per person, as mentioned above) to the rich people in Afghanistan who take bribes and participate in corruption. Numerous articles say the lives have average people haven't improved much.
The US gov. should stop it's phantasm of "cyberwar", and downed power grids...
Hey guys, nobody wants to put in the effort to down your power grid. It does not give any country an advantage, except the US themselves. Fact.
aaaaaaa
`U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government'.
...
Assuming this is the case and not a pretext for getting a bigger budget, then it's largely self inflicted due to the excessive and compulsory use of Windows in finance, government and the DHS itself
AccountKiller
"Once someone declares war on you you have to declare it back."
Really? You do? Quick, somebody tell the French!
This guy's ex CIA chief. I'm sure he knows all about electronic tracking, bugging, and phrases his words perfectly to get exactly what he(they) want. If he doesn't personally know, i'm sure his deputies or consultants or whatever tell him exactly what he needs. I don't think the CIA are as 'stupid' tech wise as many think they are. It's the new battlefield after all, and i bet they are worried as fuck because now everyone can do what only THEY used to be able to do. Well maybe not everyone, but we are catching up and we can do lots of damage with cheap 'low tech' equipment. They want legislation that stops this, i'm guessing. Less power for us, more for them and the authorities. This scaremongering campaign is probably so they can get more restrictive laws passed against the people, and more power for them(as if they don't have enough already, so i'm guessing it's to keep the peasants/civilians down).
Just shows you it was poorly designed in the first place and needed to be torn down.
---- Booth was a patriot ----
Whatever mayhem a "cyber-atttack" might cause, it is almost inconceivable that it could rival the destruction and loss of life of the attack on Pearl Harbor.
It is insulting to those who died to imply otherwise.
My Grandfather served in the navy during the war, but was not at Pearl Harbor when it was attacked.
He was, however, briefly assigned to the detail that had to help clean out the dead, bloated bodies from the ships that were sunk in the attack.
Leon E Panetta, you are an asshole. Unless we do something insanely stupid like hooking gas valves, electrical substations, or their like directly to the Internet, the possibility of a "cyber-Pearl Harbor" is a fllat zero. Respect those who lost their lives for our freedom and temper your fucking hyperbole.
> There is more likelihood of a million monkeys randomly typing for a million years to
> create one of Shakespeare's plays than for creating a truly secure OS in the manner
> described. And even coming close could not be done before whatever product is
> completely, totally irrelevant from obsolescence.
The first question in many security cases is "WTF was the idea behind connecting it to the internet?" Many SCADA systems are controlled by Windows computers which are often net connected. Disconnect the system from the net (wired and wireless), and turn off autorun/autoplay on the machines, disable USB port access for all but authorized personnel. It may not be perfect, but it'll be a lot better than today.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
> So a new bureaucracy to create standards of questionable usefulness, and then to enforce their compliance.
If you like the TSA, you'll love the ITSA (IT Safety Administration). You'll have a minimum-wage "security officer" sticking their hand up your ass before you sit down in front of your computer.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Security firms are right when they claim that the US infrastructure is vulnerable. Xecco Trading using Chinese developers who wrote the code that connected both to the ACH transfer network as well as the trading exchanges. Bang, $4B USD under management worth of stock dumped and the funds transferred out. Titron was thrilled when a Chinese firm offered to replace their 3 chip zigbee + meter management + crypto cheap with an all-in-one, manufactured and delivered for pennies for their smart meters.
But the response is worse. U.S. Gov't is being influenced to award contracts to the firms that can boast 300 or more "Top Secret" cleared engineers ... i.e. M.D., etc. And their ability to deliver functional software is a joke. Further, these contracts are written for version 1.0. Want version 1.1 (with bug fixes?), U.S. has to pay the SAME PRICE as the 1.0. Indefinitely.
But there are some trying to rectify this. Get involved people. IARPA is a nice place to start, NSA does give grants for good tech, the DOD is not blinded to the ambitions of the big firms, and CyberCON is going on, right now, that will direct these budgets.
You can get involved!
Or is this the banksters way of chumming the waters for all the little fishies to swallow that all their hard earned money just simply disappeared. The sad thing is, sheeple are waking up. Lies show just how arrogant leaders have become. Humility will be restored at a cost yet dreamed of. The CON(gress)MEN have failed to realize anything, have failed to uphold the Constitution, have failed in the Stewardship of this country, have failed to divest themselves of avarice. If you are not of the LIGHT, then you cannot remain.
The mind conceives, the body achieves, the spirit manifests.
Read outside the box. They are foretelling americas next great disaster. It will happen, then all your internet freedoms will be stripped as well. Moving us closer to country where everything you do an say will be used against you not in a court in a law, but in a terrorist holding camp with no due process.
Wake up people. Your liberties are being stripped for 'Security & Freedom'. HAH!
They're worried that Iran will do to USA what USA has done to Iran with the Flame virus and it's kin.
USA is much more vulnerable in this regard.
funny they compared this to Pearl Harbour, something I heard we knew was coming and did nothing about until it was over, and using it as an excuse to use nukes
I'm right, they're trying to pin it on Iran.
http://www.nytimes.com/2012/10/14/world/middleeast/us-suspects-iranians-were-behind-a-wave-of-cyberattacks.html?_r=1
Is this different than the Electronic Pearl Harbor? That was supposed to happen a while ago. Maybe I missed it.
Will this one also be in Hawaii? Will Richard Clarke narrate it? He's been pushing for a new Pearl Harbor for a while.
I guess we'll have to wait. It turns out that these craven bullshit artists *don't* actually know what they're talking about.
The most significant contributors to the real Pearl Harbor were disorganisation, lack of coordination and complacency on the part of the defenders. Potential "cyber-Pearl Harbor" ditto. Until we actually achieve a baseline of real cyber-security (aka software that's not littered with exploitable bugs and a coherent framework of effective controls round our infrastructure), we won't need sophisticated attackers. Almost all breaches to date have been relatively trivial to accomplish - exploiting gross deficiencies in the robustness of attacked systems.
It's time to clean up our own act - a relatively low-cost task that, however, requires a change in the way we think - rather than going on thinking in the same ineffective way and pouring squillions of dollars down the drain.