Government Spies Admit That Cyber Armageddon Is Unlikely

Nicola Hahn writes NSA director Mike Rogers spoke to a Senate Committee [Thursday], admonishing them that the United States should bolster its offensive cyber capabilities to deter attacks. Never mind that deterrence is problematic if you can't identify the people who attacked you. In the past a speech by a spymaster like Rogers would have been laced with hyperbolic intimations of the End Times. Indeed, for almost a decade mainstream news outlets have conveyed a litany of cyber doomsday scenarios on behalf of ostensibly credible public officials. So it's interesting to note a recent statement by the U.S. intelligence community that pours a bucket of cold water over all of this. According to government spies the likelihood of a cyber Armageddon is "remote." And this raises some unsettling questions about our ability to trust government officials and why they might be tempted to fall back on such blatant hyperbole.

Ok, Rhetorical question,

Who are these guys?

dude

[circletimessquare]

reddit taken offline?

end. of the. fucking. world.

Re:dude

[Detonia]

The Fedoras will strike hard and fast.

Re:There will never be another major war again

[circletimessquare]

as long as the corporations are reigned in and controlled

otherwise the search for more profit by any means leads to the progressive impoverishment of the masses. at some point, a revolution occurs, the original idealists are shoved aside, and power is taken by the usual douchebags who appeal to the usual nationalist prejudices. as putin shows, nationalism demands imperial adventures to stay alive. put two major regions like that next to each other: china-russia, russia-europe, india-china, etc... and you get a major war

so corporations need to be kept on a leash and the average person has to feel secure, and you are correct: no more major wars. because corporations will pay to keep a lid on the usual pettiness that lead to pointless wars like in the past

but corporations allowed to vacuum up profit at the detriment of the common man and you get social destabilization, revolution, and then some years later a napoleon, a stalin, a mao, and all the usual mass murdering adventures that come with such assholes

not just unlikely, completely avoidable.

[Gravis+Zero]

a cyber armageddon is super easy to avoid, all you have to do is not connect every damn machine to a network and for the ones that must be, secure them. it's quite obvious that we have the capability to find and exploit weaknesses, so why not use our knowledge and secure those few things that must be connected. we could also be prudent and require (by law) a certain level of software security for dangerous things connected to the internet (if stupid people insist on having them connected). finally, it sure wouldn't hurt if we started teaching things like how to mathematically prove a buffer wont overflow.

Re:not just unlikely, completely avoidable.

[phantomfive]

Check out stuxnet. It managed to jump an air-gap and infect computers that didn't have a connection to the internet. Your idea is a good one, but don't suffer under the delusion that it's a 100% perfect fix.

Re:not just unlikely, completely avoidable.

[evanh]

Stuxnet did, of course, use autorun - A so called feature that was a glaring hole the day it was introduced. I can't believe autorun actually persisted beyond a year or so.

Early viruses lived by being run from floppies. Most embedded themselves in other executables but in the case of the Amiga, it's early firmwares had a bug that would run a particular named file from any floppy inserted instead of from the boot drive in order to validate the disc.

Re:not just unlikely, completely avoidable.

[Greystripe]

I could care less, however I would have to care enough to work at it.

Re:not just unlikely, completely avoidable.

[rtb61]

A kind of cyber Armageddon is going on as we speak. It seems the US military, industrial and espionage complex is carrying out a range of rolling trial attacks. Basically testing their ability to censor the whole of the internet, so when they roll out their next propaganda campaign tied to military and espionage misadventure they will be able to create a vacuum of truth. That way, their lies will 'full spectrum dominate' the air and cable waves, long enough to complete that military espionage misadventure before the truth can stop it. Various avenues are being trialled including, use of agents in commercial organisations both voluntary and victims of extortion who use their position to block content. DMCA via pet media organisations. Straight up web site attacks via back doors already put in place. Abusing government censorship rules and regulations to accidentally block websites. Targeting and disrupting specific web applications. Targeting the actual hardware of the internet to knock out whole sections of the internet. So likelihood of cyber Armageddon is not that remote when the US military industrial espionage complex is actively working on it and trialling out as we speak and according to them you should of course not be paying any attention to it at all, nope, nothing unusual going on, nothing to report, nobody attacking the web.

Re:not just unlikely, completely avoidable.

[Gravis+Zero]

pff... try taking your meds. when parts of the internet go down, people notice. remember syria when the NSA actually did brick routers there? yeah, that made headlines. after finding out what the US gov has been up to, people have become much more interested in the cause of outages. if the military gets caught doing something like that on the american public, there will be pitchforks and torches making an appearance.

Re:not just unlikely, completely avoidable.

[rtb61]

Not only is it going on but it is strongly indicative they are intending to do something very naughty in the near future, which is why the push to surreptitiously trial out various methods because they know full well the majority of the world will disapprove of an impending action, a South American adventure seems most likely.

Re:Selective outrage

[phantomfive]

You criticized hyperbole while calling government communications "gospel from on high."

It's simple, really

[msobkow]

You can easily distract the bulk of the population by raising fears of something they don't understand. Anything nuclear. Anything to do with computers. And so on...

The question is not "why" they do this, but what are they trying to distract you from?

Re:It's simple, really

[msobkow]

By the way, the thing they're distracting you from doesn't have to be some conspiracy theory craziness. It could be something as simple as fraud by the party's members, a bad economic report, a downturn in employment numbers, and so on.

There is also the "positive" spin some try to put on it: we're the only party that can protect you from this vague uneasiness!

Re:Who said it was likely?

[garyisabusyguy]

The submitter seems to complain that there were past calls of Armageddon, and that the warnings given today are less sever.

The article that they linked demonstrating past testimony by Panetta speaks of a threat of a Cyber Pearl Harbor... was that Armageddon?

The report by Mr Rogers includes this section on risks:
Risk.
Despite ever-improving network defenses, the diverse possibilities for remote hacking intrusions, supply chain operations to insert compromised hardware or software, and malevolent activities by human insiders will hold nearly all ICT systems at risk for years to come . In short, the cyber threat cannot be eliminated ; rather, cyber risk must be managed. Moreover, the risk calculus employed by some private sector entities does not adequately account for foreign cyber threats or the systemic interdependencies between different critical infrastructure sectors

I dunno, but the line, 'will hold nearly all ICT systems at risk for years to come', seems pretty dire.
I do not see what the submitter is talking about

Re:Who said it was likely?

[bytesex]

Well, one of the reasons of cybermageddon could be two gangs having at each other.

I think we know exactly why.

[nimbius]

why they might be tempted to fall back on such blatant hyperbole.

Throughout the past 50 years as corporations amassed more power to both influence and control the vote through their vested media interests and campaign finance respectively, regular constituents through a system of gerrymandering and voter ID law have become an incresingly less influential component of the american election. "government officials" are merely politicians holding office. They hyperbolize the threat of a "cyber" anything because they know it generates revenue for their real constituents and in turn campaign finance for them if they pass legislation that works toward state sponsored lemon socialism for corporations that, arguably, do very little if anything to prevent the threat of a cyber flavoured event.

sadly due to this hyperbole, theyre also required to follow their parade of pandering through wallstreet with rabbit eared pockets, with a bevvy of legislation to convince the masses that not only is the threat real, but that theyre taking it seriously. they create a sort of reality in which theyre forced to operate and in turn we get things like anti cyber bullying legislation and Aaron Schwartz. the MPAA and RIAA, large corporate sponsors in and of themselves, endorse such legislation as it serves their agenda of convincing their members theyre actually effective in policing piracy and ensuring profit for agents and talent.

Re:I think we know exactly why.

[anegg]

The dynamic tensions (social in this case) that determine behavior have poles where extreme conditions exist. The prophecies regarding an "electronic Pearl Harbor" have been around since fear mongers discovered the Internet, maybe even before. These fears establish one pole, while the extremely complacent "it could never happen" folks have beliefs that form the other pole. Actual behavior lies in between. For example, at one point in time not too long ago (say early 1990s) many (most?) organizations that attached their networks to the Internet did so with no security devices involved. No firewalls, no NID, no IPS. It was conventional to dismiss the idea that anything *really bad* could happen due to this stance. Then bad things happened. The balance between the poles of belief shifted, and now virtually no organization would connect to the Internet without some kind of security barrier in place.

It is frightening to see the hyperbole that gets tossed around, but it seems that without the hyperbole, the actual practice might not be up to the threat. Perhaps social structures always have to have their doomsayers in order to avoid complacency that leaves them ripe for disaster. These scenarios play out on very local levels with things that have nothing to do with cyber attacks, such as disaster preparedness. How many people who read Slashdot do anything at all to be prepared for disasters other than maybe having some flashlights on-hand? How many have regular family meetings to discuss emergency exists from their home in the event of a fire?

Unfortunately, extreme rhetoric not only seems likely as the uninformed and misinformed but easily riled try to understand the world around them, but it also seems necessary in order to bring about enough force to drive the otherwise totally complacent cud-chewers to take even minimal efforts to mitigate very real risks. How many more idiots would we see attaching their critical infrastructure (plant process control systems, etc.) up to the Internet with little or no controls in order to save a few bucks in private network costs if we didn't have this massive rhetoric being slung around about cyber armageddon? I don't think cyber armageddon is looming around the corner, but I don't think its too wise to attach critical infrastructure to the Internet either.

We the people need to stay constantly vigilant, damping the wild swings that can lead to our social system overshooting reasonable boundaries, yet making sure that real risks are mitigated. There is no "cruise control" for our lives - the "government" we have in place will not maintain a steady speed down the highway while we turn our attention to other matters. This discussion is an important part of the evaluation of our societies actions and reactions that needs to take place in order to shape future responses. Oh - its fractal, too - The extreme opinions (there is a global conspiracy, its the evil military industrial complex) about the extreme opinions (beware the cyber armageddon) also have their place in establishing the dynamic equilibrium. All hail Eris!

"Cyber-Armageddon" or "e-War"?

[Etcetera]

Just armageddon (not the literal one, natch) through cyber means?

This reminds me of the 90's when people would prefix things with "e-" without a unified definition of the monkier. "E-mail", "E-file", etc...

If I had to guess, I'd imagine a "cyber-armageddon" as some sort of problem directly affecting logical electronic infrastructure. Imagine simultaneously wiping out all copies of DNS records everywhere (including hosts files) through some mysterious malware, blowing up a bunch of datacenters, and a Sony Pictures-like virus that hits Google and wipes out all code backups. That might be a "cyber-armageddon."

That would suck, and would cause quite a bit of culture shock (and, of course, would be a catastrophic economic event), but it would not be the End of the World.

On the other hand, an EMP attack against the United States which disables/blows most non-hardened electronic equipment and causes a quickly-cascading North American power system collapse everywhere all at once would be a *true* (figurative) armageddon. That's really what I think of when dealing with continuity of government plans and "dire threats". American society would find a way to survive without the Internet (although true, unprepared Millennials might suffer debillitating levels of shock). American society would probably *not* find a way to survive after a few months of a power and communications outage, however, at least in its current geopolitical form -- and especially if a power vaccum formed internationally. (Think "Revolution" without the hand-wavey, future-science gobbledygook.)

Re:There will never be another major war again

because the corps won't allow it. It's bad for business, and the guys at the top are global anyway. They're all buddy buddy except for a few small fry too tiny to start anything real.

Francis Fukayama, is that you?

"What we may be witnessing is not just the end of the Cold War, or the passing of a particular period of post-war history, but the end of history as such: that is, the end point of mankind's ideological evolution and the universalization of Western liberal democracy as the final form of human government."

That's from 1992.

"[U]niversalization of Western liberal democracy as the final form of human government."??!?!

BWAAA HAAA HAA HAAA

Think ISIS agrees?

How about North Korea? China?

When are India and Pakistan finally going to come to nuclear blows?

No more wars?

That must be why the putative leader of "Western liberal [democracies]" is trying so damn hard to appease a bunch of medieval theocrats bent on obtaining nuclear weapons so they can literally "wipe Israel off the map".

Nah, that can't lead to war.

Hell, the French - the same country that helped Chamberlain try to appease Hitler then 50+ years later sold its Security Council vote to Saddam Hussein - are strongly opposed to it.

France - full of cheese eating surrender monkeys - thinks Obama is weak. And that weakness is going to lead to war.

Ouch.

No more wars?

BWAAA HAAA HAA HAA

That must be why Obama sent US troops BACK to Iraq.

Oh, you missed that?

No more war?!?!

What color is the sky on your planet?

Wait

[DarkOx]

According to government spies the likelihood of a cyber Armageddon is "remote." And this raises some unsettling questions about our ability to trust government officials and why they might be tempted to fall back on such blatant hyperbole.

So I am confused are we happy an official finally offered a reasonable and likely accurate description of the risks we face, and correct identification of the problem, attribution, or not?

Re:Wait

[Livius]

are we happy an official finally offered a reasonable

Not happy at all. There's no way they would suddenly start doing something reasonable without a hidden agenda.

Re:Wait

[mcswell]

You need to take your medications.

Re:There will never be another major war again

[circletimessquare]

thank you, exactly

Blind side

[140Mandak262Jamuna]

Most people ignore things whose risk could not be determined. In their mind, they divide issues into what can be estimated and what can not be. Then they spend time on estimating the risk of things that they can estimate. So much of the mind share is taken by things that can do something about, the risks of things they could not estimate gets relegated into some corner.

Some sort of, "we can't do anything about it anyway, so why think about it or talk about it?". That is how people get blindsided. Remember Mitt Romney talking about "there are this 47% we can't do anything about" (I admit what he was trying to convey was not the as bad as the media made him out to be, I am a staunch Democrat by the way). That is a classic top executive way of dealing with things. "Cant do anything about it, forget and concentrate on something we can do about".

But that is precisely where people will attack us. For an enemy of America the first question is, "What is something they can't do anything about? Let us attack there. They can't make every liberty loving American to subject themselves to strip search, gate rape. Meekly walk barefoot in front of uniformed officers? They will get flashbacks of cattle cars and nazis with folding tables snapping 'papers, please'. That for just boarding a plane to fly to Kalamazoo! come on! They cant do that. So let us hijack a plane and hit a couple of buildings."

Dream on

[Whiteox]

Cyber Armageddon? Sure it's possible and very probable. It's just that no-one's bothered to try it big scale. No-one wants to admit it either, so their only choice is to deny that it's possible.

Blatant Hyperbole

[pipingguy]

So it's "blatant hyperbole" that the threat of cybergeddon is remote? Doy?

Malware symcyberosis approaching?

[140Mandak262Jamuna]

Very lethal viruses and bacteria kill their hosts so quickly they lessen their chance for propagation. So less virulent forms propagate better. At some point some of their mutations actually help their hosts survive a little longer. Those viruses propagate even better. At some point the benefit provided by these viruses is worth having the infection, at this point the host and the former pathogen enter into symbiosis. Many of the microbes living in our bodies were once free living competing microbes that did all the food gathering, multiplying, fending off their competition etc. The most striking example is our mito-chondrial DNA which are the real power generators in each of our cells, which were once a free living bacteria.

The computer malware is following a similar path. Some of the early viruses were so destructive. Then they got to be less destructive to survive longer. At some point the criminals started protected the computers they have infected from other malware, they reduced their load on their hosts, to survive longer, and to keep the owner fro dumping the machine for a newer one. It is possible there are uninformed computer owners whose computers anti-virus software is actually one of the malware they had picked up. So at some point we will be having these malware incorporated into our computers in some symcyberosis?

Be careful not to overreact.

[Rambo+Tribble]

There seems to be a presumption that these characters understood the speciousness of their claims. Much of the technology sector, and much of society, consists of the clueless being led by the marginally clued, or even just the clueless that shout the loudest. Assigning responsibility in such circumstances is often a fool's errand.

How quickly they forget

[drinkypoo]

Not a troll, it's historical fact. Ignoranuses.

Re:There will never be another major war again

[garyisabusyguy]

I do not believe that government is incompetent, that is simply a propaganda sound bite for people who do not want to pay taxes into the society that they live in. I find it odd that they same people complain about the intelligence services of said governments, since they would would be toothless if they were incompetent

Trade and economic co-dependence are functions of government as well as corporations

The fact that I hold an incredibly small share does not mean that I am in favor of deregulating said company because the majority share holders would certainly take advantage of me (and the rest of the small shareholders) if there was no oversight, just look at Enron

Re:There will never be another major war again

[circletimessquare]

well said

Why do we slide into either / or thinking?

[Amigo+Van+Helical]

So, as I read through the comments, I'm struck by the speed with which we stake out positions. Cyber armageddon (CA) vs. end of warfare? Isn't there anything in between?

• A couple of commenters mentioned fringe groups who commit violent criminal acts. That's pretty much orthogonal to both CA and conventional warfare.
• At the other end of the spectrum, what about multinationals using cyber espionage or cyber sabotage as just one more tool in their competitive arsenal? (For instance) McDonalds takes down Burger King via a massive attack on the latter's supply chain software... There are probably analysts looking at cost/benefit tradeoffs right this minute.
• And along still another vector, what about criminal activity that escalates to a level which truly threatens commerce?
• Or corporate IT departments that launch cyber attacks on annoying social activist websites or computer systems (e.g. trash Greenpeace's membership management system)?
• Or low-level attacks that merely degrade performance of adversaries (commercial, political, or doctrinal) and which stay under the radar?

You're a bunch of smart guys; I bet you could think of twenty alternatives to the either / or mentality we see so often here.