Government Spies Admit That Cyber Armageddon Is Unlikely

Nicola Hahn writes NSA director Mike Rogers spoke to a Senate Committee [Thursday], admonishing them that the United States should bolster its offensive cyber capabilities to deter attacks. Never mind that deterrence is problematic if you can't identify the people who attacked you. In the past a speech by a spymaster like Rogers would have been laced with hyperbolic intimations of the End Times. Indeed, for almost a decade mainstream news outlets have conveyed a litany of cyber doomsday scenarios on behalf of ostensibly credible public officials. So it's interesting to note a recent statement by the U.S. intelligence community that pours a bucket of cold water over all of this. According to government spies the likelihood of a cyber Armageddon is "remote." And this raises some unsettling questions about our ability to trust government officials and why they might be tempted to fall back on such blatant hyperbole.

dude

[circletimessquare]

reddit taken offline?

end. of the. fucking. world.

Re:There will never be another major war again

[circletimessquare]

as long as the corporations are reigned in and controlled

otherwise the search for more profit by any means leads to the progressive impoverishment of the masses. at some point, a revolution occurs, the original idealists are shoved aside, and power is taken by the usual douchebags who appeal to the usual nationalist prejudices. as putin shows, nationalism demands imperial adventures to stay alive. put two major regions like that next to each other: china-russia, russia-europe, india-china, etc... and you get a major war

so corporations need to be kept on a leash and the average person has to feel secure, and you are correct: no more major wars. because corporations will pay to keep a lid on the usual pettiness that lead to pointless wars like in the past

but corporations allowed to vacuum up profit at the detriment of the common man and you get social destabilization, revolution, and then some years later a napoleon, a stalin, a mao, and all the usual mass murdering adventures that come with such assholes

not just unlikely, completely avoidable.

[Gravis+Zero]

a cyber armageddon is super easy to avoid, all you have to do is not connect every damn machine to a network and for the ones that must be, secure them. it's quite obvious that we have the capability to find and exploit weaknesses, so why not use our knowledge and secure those few things that must be connected. we could also be prudent and require (by law) a certain level of software security for dangerous things connected to the internet (if stupid people insist on having them connected). finally, it sure wouldn't hurt if we started teaching things like how to mathematically prove a buffer wont overflow.

Re:Selective outrage

[phantomfive]

You criticized hyperbole while calling government communications "gospel from on high."

It's simple, really

[msobkow]

You can easily distract the bulk of the population by raising fears of something they don't understand. Anything nuclear. Anything to do with computers. And so on...

The question is not "why" they do this, but what are they trying to distract you from?

Re:It's simple, really

[msobkow]

By the way, the thing they're distracting you from doesn't have to be some conspiracy theory craziness. It could be something as simple as fraud by the party's members, a bad economic report, a downturn in employment numbers, and so on.

There is also the "positive" spin some try to put on it: we're the only party that can protect you from this vague uneasiness!

Re:Who said it was likely?

[garyisabusyguy]

The submitter seems to complain that there were past calls of Armageddon, and that the warnings given today are less sever.

The article that they linked demonstrating past testimony by Panetta speaks of a threat of a Cyber Pearl Harbor... was that Armageddon?

The report by Mr Rogers includes this section on risks:
Risk.
Despite ever-improving network defenses, the diverse possibilities for remote hacking intrusions, supply chain operations to insert compromised hardware or software, and malevolent activities by human insiders will hold nearly all ICT systems at risk for years to come . In short, the cyber threat cannot be eliminated ; rather, cyber risk must be managed. Moreover, the risk calculus employed by some private sector entities does not adequately account for foreign cyber threats or the systemic interdependencies between different critical infrastructure sectors

I dunno, but the line, 'will hold nearly all ICT systems at risk for years to come', seems pretty dire.
I do not see what the submitter is talking about

"Cyber-Armageddon" or "e-War"?

[Etcetera]

Just armageddon (not the literal one, natch) through cyber means?

This reminds me of the 90's when people would prefix things with "e-" without a unified definition of the monkier. "E-mail", "E-file", etc...

If I had to guess, I'd imagine a "cyber-armageddon" as some sort of problem directly affecting logical electronic infrastructure. Imagine simultaneously wiping out all copies of DNS records everywhere (including hosts files) through some mysterious malware, blowing up a bunch of datacenters, and a Sony Pictures-like virus that hits Google and wipes out all code backups. That might be a "cyber-armageddon."

That would suck, and would cause quite a bit of culture shock (and, of course, would be a catastrophic economic event), but it would not be the End of the World.

On the other hand, an EMP attack against the United States which disables/blows most non-hardened electronic equipment and causes a quickly-cascading North American power system collapse everywhere all at once would be a *true* (figurative) armageddon. That's really what I think of when dealing with continuity of government plans and "dire threats". American society would find a way to survive without the Internet (although true, unprepared Millennials might suffer debillitating levels of shock). American society would probably *not* find a way to survive after a few months of a power and communications outage, however, at least in its current geopolitical form -- and especially if a power vaccum formed internationally. (Think "Revolution" without the hand-wavey, future-science gobbledygook.)

Re:I think we know exactly why.

[anegg]

The dynamic tensions (social in this case) that determine behavior have poles where extreme conditions exist. The prophecies regarding an "electronic Pearl Harbor" have been around since fear mongers discovered the Internet, maybe even before. These fears establish one pole, while the extremely complacent "it could never happen" folks have beliefs that form the other pole. Actual behavior lies in between. For example, at one point in time not too long ago (say early 1990s) many (most?) organizations that attached their networks to the Internet did so with no security devices involved. No firewalls, no NID, no IPS. It was conventional to dismiss the idea that anything *really bad* could happen due to this stance. Then bad things happened. The balance between the poles of belief shifted, and now virtually no organization would connect to the Internet without some kind of security barrier in place.

It is frightening to see the hyperbole that gets tossed around, but it seems that without the hyperbole, the actual practice might not be up to the threat. Perhaps social structures always have to have their doomsayers in order to avoid complacency that leaves them ripe for disaster. These scenarios play out on very local levels with things that have nothing to do with cyber attacks, such as disaster preparedness. How many people who read Slashdot do anything at all to be prepared for disasters other than maybe having some flashlights on-hand? How many have regular family meetings to discuss emergency exists from their home in the event of a fire?

Unfortunately, extreme rhetoric not only seems likely as the uninformed and misinformed but easily riled try to understand the world around them, but it also seems necessary in order to bring about enough force to drive the otherwise totally complacent cud-chewers to take even minimal efforts to mitigate very real risks. How many more idiots would we see attaching their critical infrastructure (plant process control systems, etc.) up to the Internet with little or no controls in order to save a few bucks in private network costs if we didn't have this massive rhetoric being slung around about cyber armageddon? I don't think cyber armageddon is looming around the corner, but I don't think its too wise to attach critical infrastructure to the Internet either.

We the people need to stay constantly vigilant, damping the wild swings that can lead to our social system overshooting reasonable boundaries, yet making sure that real risks are mitigated. There is no "cruise control" for our lives - the "government" we have in place will not maintain a steady speed down the highway while we turn our attention to other matters. This discussion is an important part of the evaluation of our societies actions and reactions that needs to take place in order to shape future responses. Oh - its fractal, too - The extreme opinions (there is a global conspiracy, its the evil military industrial complex) about the extreme opinions (beware the cyber armageddon) also have their place in establishing the dynamic equilibrium. All hail Eris!

Malware symcyberosis approaching?

[140Mandak262Jamuna]

Very lethal viruses and bacteria kill their hosts so quickly they lessen their chance for propagation. So less virulent forms propagate better. At some point some of their mutations actually help their hosts survive a little longer. Those viruses propagate even better. At some point the benefit provided by these viruses is worth having the infection, at this point the host and the former pathogen enter into symbiosis. Many of the microbes living in our bodies were once free living competing microbes that did all the food gathering, multiplying, fending off their competition etc. The most striking example is our mito-chondrial DNA which are the real power generators in each of our cells, which were once a free living bacteria.

The computer malware is following a similar path. Some of the early viruses were so destructive. Then they got to be less destructive to survive longer. At some point the criminals started protected the computers they have infected from other malware, they reduced their load on their hosts, to survive longer, and to keep the owner fro dumping the machine for a newer one. It is possible there are uninformed computer owners whose computers anti-virus software is actually one of the malware they had picked up. So at some point we will be having these malware incorporated into our computers in some symcyberosis?

Re:There will never be another major war again

[garyisabusyguy]

I do not believe that government is incompetent, that is simply a propaganda sound bite for people who do not want to pay taxes into the society that they live in. I find it odd that they same people complain about the intelligence services of said governments, since they would would be toothless if they were incompetent

Trade and economic co-dependence are functions of government as well as corporations

The fact that I hold an incredibly small share does not mean that I am in favor of deregulating said company because the majority share holders would certainly take advantage of me (and the rest of the small shareholders) if there was no oversight, just look at Enron

Re:There will never be another major war again

[circletimessquare]

well said