Slashdot Mirror
President Obama Wants To Prevent a Cyber Weapon 'Arms Race' (theverge.com)
An anonymous reader writes:During an address to reporters at the G-20 international summit in China, President Obama stated that he'd like to prevent an "arms race" among countries that have various cyber weapons at their disposal. The remarks come after Russian president Vladimir Putin denied having any involvement with the hack of the Democratic National Committee's emails earlier this summer. Obama said that the world is "moving into a new era where a number of countries have significant capacities", before noting that the United States has "more capacity than anybody, both offensively and defensively" when it comes to cyber weapons.
It's called E.M.P.
"I don't know with what weapons Cyber World War III will be fought, but Cyber World War IV will be fought with abacus and slide rule".
Just don't use the most vulnerable system ever created.
It will only get worse with robotic self-driving cars and robotic everything else.
when he was three days from leaving office. "Akin to, and largely responsible for the sweeping changes in our industrial-military posture, has been the technological revolution during recent decades." http://coursesa.matrix.msu.edu...
it's already too late and unfortunately the US and other countries are already under attack. Don't believe me? Stuxnet.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Its late for that isint it? After deploying cyber weapons against IRAN nuclear program?
http://thehill.com/policy/cybe...
and the Democrats referred to their recent attacks as "Terrorism"
The poor guy is a law professor. He is totally out of his depth when talking about any technical matters and he doesn't even know it.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
We must make sure other countries don't attack us, because we've created so many back doors for us to attack ourselves.
The NSA and their ilk have made us prime targets, and now we rely on begging other countries to not exploit all those vulnerabilities we've created.
This signature is false.
...and so Barack will preemptively surrender.
Well I guess that means now everyone in the world is vulnerable to attacks with those same weapons
If the NSA can't even keep their own weapons from being stolen it looks like we are all in for a world of hurt.
Putin stated that the DNC attack was not an attack by the state of Russia. Putin said nothing about whether he ordered non-state actors to do the hack, a.k.a. plausible deniability.
Two problems with this:
1. EMPs are indiscriminate. They take out _everything_ not just specific services/functions. If you deny a countries population basic needs and services ... aka fresh water, that's Total War and the other country is going to strike back if they can (and the US, USSR, China and a few other countries have subs with SLBM's that any EMP is not going to touch).
2. An EMP (currently) requires a nuke and lobbing a nuke over another country escalates things to a whole other level. To being with the only way you'll be able to get it to an altitude that will be effective is to use a ballistic missile and launching a ballistic missile at another country is a "Bad Idea" (TM)... especially given that the only thing that's really rad-hardened in NATO and former Warsaw Pact countries is the equipment to turn your country into a plain of molten glass.
Does anyone take Obama seriously anymore? Certainly none of the leaders at G-20 do.
am I right? Well, given what the U.S has been doing onto their "allies" for many years, any country today would be nuts to not build up cyber warfare, and in particular be very very wary about the U.S, since again, they have been attacking their "allies" for many years.
It's like when he says "guns are bad m'kay" and sales skyrocket. Cyber war/sex/crime is bad!
That train left year ago. He's delusional if he thinks a race is even an option. The US is years behind and isn't even in the running. Hell we've just started to realize this is something we ought to /start/ training professionals for. We've still got people trying to outlaw security tools.
http://breakingdefense.com/201...
http://blog.hackerrank.com/whi...
http://www.techinsider.io/nort...
http://abcnews.go.com/blogs/he...
http://abcnews.go.com/Blotter/...
We're years behind the competition, where professionals have been getting trained and put to work for many years. We're just getting to the point of having courses in hacking, never mind college degree based level training. How the hell are we going to enter a race when only a handful of three letter agencies even have professional hackers in their employ? This isn't the kind of thing your going to call up your local friendly pen-test company for. You can't win a race you refuse to enter.
this idiot is gone; the better!
A talented group of individuals with modest funding (compared maintaining a standing military force) can wreck absolute havoc and they can also do it in a why where there's enough plausible deniability to forestall immediate retaliation. If you launch an ICBM at someone, everyone knows it was you and the counter-strike will probably be in the air before your strike lands. If you screw with a countries elections or finances, no one may realize for days, months, years or ever. And even what's they do, what's to say you weren't launching the attach from dumb terminals in that country communicating by satellite? (Yes, a bit far fetched but good luck tracing that back to the source). Nuclear weapons are carpet bombing, cyber warfare is an assassin... and a single assassin's bullet can change the world.
...and I'm not talking about the streaming service. The cat is already out of the bag; the only question is whether we'll be smiling in front of, or behind, our victims' collective backs.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Hillary didn't deny hacking the DNC either. OMG she was the mole all along!!!
How about if the US government (and others) spent more of the effort protecting their people instead of spying on them? As in helping its citizens to safe(r) communication and storage through technology, legislation and practices instead of letting them be susceptible to any potential enemy and letting them further into the infrastructure.
"The Cold War started and became World War Three and just kept going.
It became a big war, a very complex war, so they needed the computers to handle it. They sank the first shafts and began building AM. There was the Chinese AM and the Russian AM and the Yankee AM and everything was fine until they had honeycombed the entire planet, adding on this element and that element. But one day AM woke up and knew who he was, and he linked himself, and he began feeding all the killing data, until everyone was dead, except for the five of us, and AM brought us down here."
".. before noting that the United States has "more capacity than anybody, both offensively and defensively" when it comes to cyber weapons." :)
I am not sure if that's correct for the defensive case. I wonder where Mr Putin gets his information from. Big reliance on so well-known systems is not going to help..? The attack vectors are infiniteless
because the u.s. would lose, big time.
The way 'cyber' wars are won is to have proper mechanisms in place such that there aren't security gaps in the first place. The way things are designed today we have significant bloat and in part as a result are incapable of securing our devices. Adding 'security' on top was never the answer and we've done a really terrible job of designing systems from the ground up to be secure. We need to design processors, chipsets, and the like with long-term shelf lifes and the software that runs on these chips with the utmost minimalism and simplicity. By doing so we can spend more time identifying and more easily identify and plug the holes. The systems we utilize should feel more like something from the 1980s and 1990s with a handful of modern enhancements.
a pony.
Just rich military people being retarded. Internet warfare already exists and is going on right now. All these military bozos have to do is not link up everything to the internet. It might be less convenient but it's at least 100% safe from online hacks.
In between the built-in backdoors, the work contracted to the lowest bidder, the lack of any professional oversight and the chronic short-termism, I would say that any networked infrastructure is pretty fucked should things go bad.
How to prevent a Cyber Weapon Arms Race, then don't use Microsoft Windows on Intel hardware anywhere on your network.
So the US is calling for restraint in the creation and use of cyber weapons now that other states and actors have caught up to them. Sounds exactly what had happened with nuclear weapons.
Definitely the bloat. To see the problem: take a red and green marker, print out all of the MS-Office source code and plugins, and check every line for possible attack vectors. Not gonna happen ever, let alone before the release of a new version.
So the other countries are building cyber weapons and our great leader (and yes, I know that I would be modded down if I suggested that he hates America, no matter how eloquently I made my point) has decided to avoid an arms race, meaning that the others will keep building weapons to shut down our infrastructure, our power grid, our water and transportation and our financial system, and likely cause crippling damage to machinery and kill tens of thousands of people in the process, maybe even cause a nice meltdown, and our leader will just keep apologizing for America and not study the technology, not find ways to defend ourselves and not fight back. Ain't that nice.
I'm an American. I love this country and the freedoms that we used to have.
It will be very difficult to convince other countries not to invest in cyber weapons for the following reasons:
1. Cyber weapons, unlike other strategic arms, are a relative bargain. For example, in comparison to nuclear weapons which are both difficult to keep secret and ruinously expensive, cyber weapons are much easier to keep under wraps, much cheaper and potentially more effective under realistic use circumstances.
2. In a limited asymmetric war, which has become the norm rather than the exception now in the 21st century, cyber weapons offer interesting retaliatory opportunities for nations that are outclassed by the conventional forces of strong powers like the United States, Russia and China.
3. Cyber weapons can be used against both nation states and stateless enemies, such as international terrorists, with nearly equal effect. This makes them and the skills require to produce them valuable resources in regional fights against insurgents, terrorists and other irregular enemies who engage as much or more in a propaganda war with the state as they do in conventional fighting.
4. The investment in education and technology required to develop an indigenous cyber weapons capability has valuable positive knock-on effects in the civilian economy by creating an educated workforce with multi-purpose and useful skills. It can therefore be both a military investment and simultaneously an investment in the national economy.
Barack Obama, on the other hand, has proven himself to be a duplicitous and fair weather friend that allies or would be allies are rightfully wary to trust. The support of America, while potentially powerful and useful, is fickle and becoming ever more so under a succession of Democratic presidents. Other nations would be wise to develop fallback plans instead of relying solely upon American military power for their protection. Cyber weapons can be an important part of that and smaller nations especially would be foolish not to avail themselves of these weapons.
Just wait until next year: Comey has already promised us another "adult conversation" about encryption following the 2016 election.
Adult conversation about encryption?
"You see Jimmy, when Alice and Bob love each other very, very much, Bob sends packets to Alice, and..."
We should pay close attention to what posturing and policy-making ensues following President Obama's remarks.
Consider from the linked article:
This is not particularly reassuring language. Instituting some norms? What might that imply? However incompetent in practice, I anticipate an attempt to soft-sell the American public on a Great Western Firewall. And the citizens are going to pay for it. It is easy to imagine either Trump or Hillary massaging ignorant reductions of Internet security down into repeatable media bites, all the while exaggerating the threats of "cyber-warfare."
What President Obama calls "the Wild Wild West" is really our last bastion of free expression and community in a period marked by fear and isolation. Once the Western nations start pushing for citizens behind national intranets and begin gatekeeping access to external networks (if allowed), there is a threat of real digital tyranny that is far more dangerous than any ambiguous hacker bogeymen.
Let's say you write a script for your linux system to automatically run (as root) first binary you find on any filesystem when it mounts, because it's convenient for you. Text console != security.
He's crying because we already lost. I can't think of a piece of infrastructure that we haven't already publicly admitted as compromised.
Don't put key assets on a common network.
If you are an individual or business, it's your choice:
* Accept the costs of not being vulnerable (stay disconnected)
* Accept the costs of having a recovery plan and implementing it when needed (offline backups, etc.)
* Accept the costs of NOT having a recovery plan or not being able to implement it (permanent data loss, insolvency, etc.)
In modern society, the first option isn't an option for most people and most companies.
Fortunately, the costs don't always have to be high: For a very small business, keeping paper backups of all records and using a disconnected PC for most records will be good enough. There is still the problem of uploading data to banks and government agencies that will only take data electronically - if you can't do that in a secure way then you will be risking insolvency if someone steals the data while it is on your "connected" computer and your customers abandon you or sue you into bankruptcy.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Different word.
It was the people living in the biggest glasshouse in the street throwing stones at a much smaller glasshouse, and too arrogant, short-sighted and stupid to realize others would see them and copy it. The fields is thick with nominations, but probably Stuxnet was Bush's second dumbest decision. https://en.wikipedia.org/wiki/...
The first weapons were brute force affairs. DDOS attacks. Whether they were cooperative (4chan had one for while) or the hijack versions that are part of scamware/viruses. There was also the pinpoint attacks of the Iranian Centerfuges. Plus attacks have been ongoing against anyone who handles a credit card. Plus keyloggers, usb stick hijacking, ad site malware, drive by malware, and half a dozen other attacks I can't think of at this moment.
This new breed of attack are much more selective and directed. Instead of carpet bombing everyone with a DDOS attack, a single computer (or phone) can be attacked through a website link.
All of these weapons are available to the highest bidder, or for rent if you've on the cheap. I think the thing Obama doesn't quite grasp is that these weapons are not like nukes, expensive to develop, deploy, maintain, almost unthinkable to use and everyone knows who did it. These weapons are the exact opposite- cheap to develop, even cheaper to deploy, and if done correctly very hard to trace back to the origin. So you can deploy these weapons with little risk of retaliation or being caught. Who wouldn't want to use them?
One of these days someone is going to develop a weapon that does the following: Stay alive, spread and enlarge, stay quiet, stay updated, and inoculate the host computer from competing virus programs. Once triggered it will complete its mission and then self destruct to prevent being traced back to the source. Self destruct = military hard drive deletion. The simultaneous hard drive deletes will be wide spread so everyone will know what something happened, but it will be hard to trace back to the source.
Architectural plans are like computer source code with a couple of differences: You only compile once.
Because my dicks bigger than yours.
Generally, the ones that ask for a pause in an arms race are the ones that are behind.
Hillary Threatens War With Russia
Seems like she's not the one to deescalate the cyber warfare arms race.
Patch exploits instead of exploiting them. There's a reason we don't allow the Sheriffs all have a key that opens anyone's backdoor locks. If they get out(and they will) thieves can break into any house.
> Don't put key assets on a common network% of unaffected .
>
> If you are an individual or business, it's your choice:
> * Accept the costs of not being vulnerable (stay disconnected)
[...deletia...]
> In modern society, the first option isn't an option for most people and most companies.
Ex-bleeping-scuse me, we've got too much stuff connected to the internet, and exposed to take-over, already. Here's "The Killshot Event" scenario...
It's the middle of January, and the weather forecast is calling for a major blizzard along the US East Coast, followed by a brutal cold spell. The blizzard is due to hit the coast around midnight. As millions of commuters are driving home before the storm, "the enemy" takes over GM Onstar to shut down 10% of all cars on the road. You know how badly traffic gets f****d-up with just 1 or 2 stalled vehicles at the wrong place? Well, imagine thousands of cars in each major city shutting down on major roads in each city. They, along with the other 90% of "unaffected" vehicles are stranded on the road.
Simultaneously, "the enemy" sets off a few well-placed bombs. Hitting major transmission lines knocks out most electrical service. A couple of bombs around internet fiber knocks out a lot of internet service. It also knocks out a lot of telephony, which is now IP-based, except for "the last mile", which is still copper wiring.
Motorists have to leave their vehicles or freeze to death inside. If they're in the city. instead of a suburban freeway, they might make their way to a major store or office building before midnight. Then the cold front moves in. With no electricity, there's no heating or running water. Because the roads are clogged with abandoned cars, utilities can't send out emergency crews to manually restart electrical generators. And food supply chains seize up. Even the people who've made it home or into a major building will soon start dying of cold and starvation. Chaos ensues, and martial law is declared.
That scenario is possible right now. Sigh.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Cyberwarfare uses weapons launched from anywhere. Untraceable. Unattributable. The cost is much lower than the value of the target(s), and the weapon can be reused.
In fact, multiple weapons capable of different attacks are being used. And some are unknown to us yet .
Defenses against these are at best reactionary. That's ineffective. But some effort needs to be made, if only to mitigate damage.
But we are already at war, military and cyber, assymetrical, with a variety of opponents. Some are opportunists, seeking to exploit weaknesses exposed and fill power vacuums. Some seek outright victory. Others only seek our and others defeats.
Some merely want to cause damage. They will be useful pawns, thinking they are independent.
In the real world, we should be settling disagreements with states diplomatically, to focus on the less obvious threats, and always probe for those threats and prepare as best we can.
Exposing cyber threats does little good. All are deniable.
deleting the extra space after periods so i can stay relevant, yeah.
The "cyber-weapons" arms race is already over. U.S.A. lost.
Sorry Shit Heads.
What on earth are you talking about. Nobody said anything about reverting to text consoles. In the 1980s and early 1990s we did have graphical user interfaces. The key to the point being made was we need to minimize the code base such that it can be properly reviewed for bugs. You can't do that if every other day technology companies are releasing new hardware dependent on new code bases. Back in the 1980s and early 1990s software developers had to write code more efficiently and with fewer features because of the limitations of the systems of the day. If he had continued to limit functionality to that which was really needed it would be possible to conduct proper audits and review code for bugs. Just being small doesn't mean it will be audited or reviewed. You would still need to make a point of doing this.
Of course this isn't the only thing that needs to be done either. It's just one crucial component. None of this absolves the need for components like encryption, file permissions, user controls, and similar components which does add some complexity. Nor does it begin to attack complexity issues in other areas that make security hard to implement for system administrators or end users. PGP/GPG is no easier to use today than it was in the 1990s. Chains of trust are non-existent. When police make any kind of arrest or perform any kind of seizure the create a chain of trust. They can identify every officer who touched a given item so that when it goes to court nobody can claim it was tampered with by somebody in the chain, or the officers can attest to it which held the evidence that it wasn't tampered with or improperly handled. The same thing needs to happen in the software development world. Software developers need to ensure they are utilizing locked down and secured development environments, when they submit changes/patches to a server each patch/change needs to be signed, it needs to be sent to a locked down server, that code should be public. Anybody and everybody should be able to review the changes. The packager can then go back and verify that the code they are pulling and building is genuine. The packages can then be signed and you can be reasonably confident what you are getting isn't compromised.
Again none of this is the *only* thing that needs to happen. It's just part of what aught to happen. Unfortunately no country seems to have the will to carry out what needs to be done. Nobody is stepping up and funding these sorts of projects. These types of projects need billions of dollars to be fully realized since you need to have chips designed and manufactured in which you and your users are in full control of. The closest thing we have right now is the Allwinner A20 SOC and EOMA68 standard. This is however not the total realization. It's only a partial realization. Much more would need to be done even if its the best start we have. The reason for that is we have the complete set of source code for all critical components the first A20 Computer Card that is being manufactured based around the EOMA68 standard.
Dimwitted boob.
Too late man. You started it.
Time to build Arsenal gear.
oh that guy , he has no choice , YOU.. ARE.. NOT.. ALLOWED.. T0 ..HAVE.. THE NSA 0PERATE.. WHILE.. M0UTHING 0FF LIKE Y0U D0...
get bent..... ....hax034
At least, until the USA owns 65% of the planet's cyber-weapons. Since the USA can't restrict the core resources for cyber-weapons, that may never happen.
I'll never forget the Chinese ambassador in 'Seven days' noting that every prototype WMD made by the USA has been tested in a war zone.
There is already a cyber weapon arms race.
We don't want to spend the money we have rightfully collected from our citizens on petty things like protecting them and their internet.
We want to spend that money on creating wealthy, party-beholden government leaders, and who do you think you are to interfere with that?
you wouldknow that his 4 year degreee is in Polysci (a degree in studying and manipulating the public, rather than being a productive huiman being) and after getting a law degree, he spent time as a LECTURER on the relationship between community organizing and the Constitution.
Barack Obama is a "constitutional law professor" just like Jimmy Carter was a "nuclear submarine officer". Both were Democrat talking points about marginal presidents who presided over economic wreckage. Obama was NOT a professor, and Jimmy quit the navy to return to the family peanut farm before ever serving on a nuke boat.
Obama's concerns are about as out of date as his 1960s policies that were rehashed 1930s failed policies.
Arms race has been underway since the late 1980s.
Horse, meet the barn door. The cyber weapons arms race started long ago, with the internet, or perhaps even with the early computer viruses.