Slashdot Mirror

← Back to Stories (view on slashdot.org)

President Obama Wants To Prevent a Cyber Weapon 'Arms Race' (theverge.com)

Posted by msmash on from the let-there-be-peace dept.

An anonymous reader writes:During an address to reporters at the G-20 international summit in China, President Obama stated that he'd like to prevent an "arms race" among countries that have various cyber weapons at their disposal. The remarks come after Russian president Vladimir Putin denied having any involvement with the hack of the Democratic National Committee's emails earlier this summer. Obama said that the world is "moving into a new era where a number of countries have significant capacities", before noting that the United States has "more capacity than anybody, both offensively and defensively" when it comes to cyber weapons.

23 of 138 comments (clear)

  1. Cyberweapon arms race negated by older tech? by bagboy · · Score: 4, Interesting

    It's called E.M.P.

  2. As Einstein said: by ctrl-alt-canc · · Score: 5, Funny

    "I don't know with what weapons Cyber World War III will be fought, but Cyber World War IV will be fought with abacus and slide rule".

  3. So, stop by XXongo · · Score: 3, Interesting
    If we don't want to be vulnerable to cyber warfare, then maybe we shouldn't race to put every single object in our house and every single piece of our critical infrastructure on the internet, then.

    It will only get worse with robotic self-driving cars and robotic everything else.

    1. Re:So, stop by yuriklastalov · · Score: 3, Interesting

      But then how will Silicon Valley spy on every man, woman, and child and funnel the data to the NSA? Won't somebody think of the Tech Sector Espionage Complex?!?!?

    2. Re:So, stop by AmiMoJo · · Score: 2

      Maybe the US shouldn't rush to deploy cyber weapons, spurring other countries to do the same.

      Struxnet was the watershed moment when the new cyber cold war started. It showed that as long a you had deniability you could pretty much do what you liked to another country's infrastructure.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Re: He's too late by x0ra · · Score: 3, Informative

    There is a difference between "Chinese / Russian IP addresses" and "Chinese / Russian sanctioned cyber attacks", but this has not reached the MSM yet...

  5. After Hillary called for a military response ? by Crashmarik · · Score: 3, Informative

    http://thehill.com/policy/cybe...

    and the Democrats referred to their recent attacks as "Terrorism"

  6. Out of his depth by flyingfsck · · Score: 3, Insightful

    The poor guy is a law professor. He is totally out of his depth when talking about any technical matters and he doesn't even know it.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
    1. Re:Out of his depth by ArmoredDragon · · Score: 4, Interesting

      Obama was a law professor? I thought he was a community organizer?

      At any rate, there's nothing he or anybody else can do to "stop" a cyberweapons arms race. It's pretty damn easy to deploy a cyberweapon without in any way leaving a trace as to where it came from. Besides, it's probably best to let it proceed anyways that way we can learn from security issues (like the upcoming IoT security nightmare) before we get too entrenched in it and suddenly somebody decides to create something worse than stuxnet...Speak of which, I wonder what Obama's comments on that would be, given that he likely authorized its deployment.

    2. Re:Out of his depth by ShanghaiBill · · Score: 3, Interesting

      Besides, it's probably best to let it proceed anyways that way we can learn from security issues (like the upcoming IoT security nightmare)

      Indeed. We should look at cyberwar offensives as free penetration testing. Most arms-races are lose-lose. But the defensive side of cyberwar leads to secure systems, and greater privacy. Instead of pleading with the Russians and Chinese to refrain out of the goodness of their hearts, we should look at this as an opportunity to adopt pervasive end-to-end encryption, and stop social engineering exploits by getting humans out of the loop.

    3. Re:Out of his depth by fustakrakich · · Score: 2

      something worse than stuxnet...Speak of which, I wonder what Obama's comments on that would be, given that he likely authorized its deployment.

      Think of this as something like Eisenhower's military industrial complex speech, that was made after he helped create it.

      What the government probably fears the most is that, unlike with nuclear and other heavy equipment, it doesn't take a government sized budget to create the weapons. A kid can put one into a clock and deploy it almost anywhere. Either way, the race is already on. This we have to accept. It's up to us to defend ourselves as best as we can, even if it means going on the offensive. And by the way, we have to apply the 2nd Amendment to our right to possess them. We can finally enforce a certain balance of power with the state. We might find a way to disable all their "smart" weapons.

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:Out of his depth by rtb61 · · Score: 4, Insightful

      The US is at a major disadvantage and their cyber security forces know it and hate it and that disadvantage will cripple them. It's not a technical one either, it's a political one and that disadvantage is lobbyists. Corrupt lobbyists paid by corrupt corporations to pay off corrupt politicians to force the purchase and installation of poor security closed source proprietary software relying on nothing more than security by obscurity. Other countries will jump ahead with more secure FOSS, basically because their cyber security forces can than directly monitor and audit that software and not just alone but in indirect association with all other governments cyber security forces. The US government will be blocked by 'no no zones' which they are not allowed to touch because profits first, those 'no no zones' will of course be touched by other countries cyber security forces, whilst those countries will be blocking the entry of closed source proprietary software, especially back doored US proprietary software and hardware. The NSA played and now the US economy pays.

      --
      Chaos - everything, everywhere, everywhen
    5. Re:Out of his depth by phantomfive · · Score: 2

      At any rate, there's nothing he or anybody else can do to "stop" a cyberweapons arms race.

      If software makers could be sued for vulnerabilities, then it would clean up a lot of problems quickly. Most vulnerabilities are a result of people not caring (managers, programmers, etc). The human loophole is another problem, but again, with legal liability, companies would pay for training to teach people not to open suspicious attachments.

      --
      "First they came for the slanderers and i said nothing."
  7. Self-inflicted vulnerabilities by jxander · · Score: 5, Insightful

    We must make sure other countries don't attack us, because we've created so many back doors for us to attack ourselves.

    The NSA and their ilk have made us prime targets, and now we rely on begging other countries to not exploit all those vulnerabilities we've created.

    --
    This signature is false.
  8. Better offensive and defensive capabilities?? by burtosis · · Score: 2

    Well I guess that means now everyone in the world is vulnerable to attacks with those same weapons
    If the NSA can't even keep their own weapons from being stolen it looks like we are all in for a world of hurt.

  9. How much laughter greeted him? by Anonymous Coward · · Score: 2, Insightful

    Does anyone take Obama seriously anymore? Certainly none of the leaders at G-20 do.

  10. Exact opposite effect by ArtemaOne · · Score: 2

    It's like when he says "guns are bad m'kay" and sales skyrocket. Cyber war/sex/crime is bad!

  11. Prevent? by onyxruby · · Score: 4, Interesting

    That train left year ago. He's delusional if he thinks a race is even an option. The US is years behind and isn't even in the running. Hell we've just started to realize this is something we ought to /start/ training professionals for. We've still got people trying to outlaw security tools.

    http://breakingdefense.com/201...
    http://blog.hackerrank.com/whi...
    http://www.techinsider.io/nort...
    http://abcnews.go.com/blogs/he...
    http://abcnews.go.com/Blotter/...

    We're years behind the competition, where professionals have been getting trained and put to work for many years. We're just getting to the point of having courses in hacking, never mind college degree based level training. How the hell are we going to enter a race when only a handful of three letter agencies even have professional hackers in their employ? This isn't the kind of thing your going to call up your local friendly pen-test company for. You can't win a race you refuse to enter.

  12. *for* the people instead of against? by dromgodis · · Score: 5, Insightful

    How about if the US government (and others) spent more of the effort protecting their people instead of spying on them? As in helping its citizens to safe(r) communication and storage through technology, legislation and practices instead of letting them be susceptible to any potential enemy and letting them further into the infrastructure.

  13. Real security is plugging the holes, not attacking by Anonymous Coward · · Score: 3, Informative

    The way 'cyber' wars are won is to have proper mechanisms in place such that there aren't security gaps in the first place. The way things are designed today we have significant bloat and in part as a result are incapable of securing our devices. Adding 'security' on top was never the answer and we've done a really terrible job of designing systems from the ground up to be secure. We need to design processors, chipsets, and the like with long-term shelf lifes and the software that runs on these chips with the utmost minimalism and simplicity. By doing so we can spend more time identifying and more easily identify and plug the holes. The systems we utilize should feel more like something from the 1980s and 1990s with a handful of modern enhancements.

  14. Adult conversation about encryption? by tlambert · · Score: 2

    Just wait until next year: Comey has already promised us another "adult conversation" about encryption following the 2016 election.

    Adult conversation about encryption?

    "You see Jimmy, when Alice and Bob love each other very, very much, Bob sends packets to Alice, and..."

  15. Why we don't want everything network-connected by knorthern+knight · · Score: 2

    > Don't put key assets on a common network% of unaffected .
    >
    > If you are an individual or business, it's your choice:
    > * Accept the costs of not being vulnerable (stay disconnected)
    [...deletia...]
    > In modern society, the first option isn't an option for most people and most companies.

    Ex-bleeping-scuse me, we've got too much stuff connected to the internet, and exposed to take-over, already. Here's "The Killshot Event" scenario...

    It's the middle of January, and the weather forecast is calling for a major blizzard along the US East Coast, followed by a brutal cold spell. The blizzard is due to hit the coast around midnight. As millions of commuters are driving home before the storm, "the enemy" takes over GM Onstar to shut down 10% of all cars on the road. You know how badly traffic gets f****d-up with just 1 or 2 stalled vehicles at the wrong place? Well, imagine thousands of cars in each major city shutting down on major roads in each city. They, along with the other 90% of "unaffected" vehicles are stranded on the road.

    Simultaneously, "the enemy" sets off a few well-placed bombs. Hitting major transmission lines knocks out most electrical service. A couple of bombs around internet fiber knocks out a lot of internet service. It also knocks out a lot of telephony, which is now IP-based, except for "the last mile", which is still copper wiring.

    Motorists have to leave their vehicles or freeze to death inside. If they're in the city. instead of a suburban freeway, they might make their way to a major store or office building before midnight. Then the cold front moves in. With no electricity, there's no heating or running water. Because the roads are clogged with abandoned cars, utilities can't send out emergency crews to manually restart electrical generators. And food supply chains seize up. Even the people who've made it home or into a major building will soon start dying of cold and starvation. Chaos ensues, and martial law is declared.

    That scenario is possible right now. Sigh.

    --

    I'm not repeating myself
    I'm an X window user; I'm an ex-Windows user
  16. Re:Already Lost by khallow · · Score: 2
    Or 3) Russia and China don't say anything when they discover they are compromised.

    Even if the US has completely lost the cyberwar or whatever, it remains that Russia and China can hack each other and of course, anyone else with the right tools and knowledge can give it a try too.

    The US has been openly accused of releasing Stuxnet but I am pretty sure the Stuxnet authors wanted the target and the world to know who did it and let it serve as an example to others. The most amazing thing about Stuxnet was getting it carried into one of Iran's most heavily guarded labs and inserting it into the USB drive. Compared to this the rest was easy. Can you just imagine how incensed, scared, and worried that little cyber weapon was to Iran's leaders. They realized if someone was able to do this with impunity what else were they capable of.

    Capable of? Like the usual state-level shenanigans? Iran already knew that the US could do that sort of stuff with impunity. What they didn't know was how successful those shenanigans could be. I guess they know now.