China's Cyber-Militia 196
D. J. Keenan notes that the cover story of the current issue of National Journal reports in depth on China's cyber-aggression against US targets in the government, military, and business. We have discussed China's actions on numerous occasions over the years. The news in this report is the suggestion that Chinese cyber-attackers may have been involved in major power outages in the US. "Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of US companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to US government officials and computer-security experts..."
Re:Some quotes from the article (Score:3, Informative)
If you don't want to go there, the short version is that the data for hacking into the power systems is pretty darn weak.
Since we can't beat up Iran anymore, we have to have somebody to hate.
Re:I hope this guy isn't getting paid (Score:5, Informative)
Professional writing used to be a competition to put on paper the longest sentence with the least amount of punctuation possible.
What we call a paragraph, they called a sentence.
What really happened .. (Score:3, Informative)
No, what really happened was the grid was overloaded and the SQL virus was playing havoc with connectivity, then a tree fell over and tripped out a line, which spread in a domino effect all the way to Canada. A similar virus tripped out the control system in a Nuclear power plant.
http://www.nationaljournal.com/njmagazine/cs_20080531_6948.php [nationaljournal.com]
"During the hour before the Aug. 14 blackout, engineers in the control center of an Ohio utility struggled to figure out why transmission lines were failing and complained that a computer failure was making it difficult to determine what was going on, transcripts of telephone communications released Wednesday show"
http://www.wired.com/science/discoveries/news/2003/09/60285 [wired.com]
"Software failure cited in August blackout investigation
http://www.nrc.gov/reading-rm/doc-collections/gen-comm/info-notices/2003/in200314.pdf [nrc.gov]
http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,87400,00.html [computerworld.com]
Re:Huh!? (Score:3, Informative)
I've always heard it as "Commercial Off The Shelf" - and Google seems to agree with me. (Yes, even Linux use would generally be commercial, because it usually comes with support contracts from someone.)
But anyway, part of the reason for using COTS products in general is that people bitch about "government waste" and things like "$500 hammers" - so in response, the government and the DOD started a mandate to use more COTS products.
The idea is to save money by not reinventing the wheel where it isn't needed. Quite a lot of the government and the military is paper pushing, and when COTS software can be used instead of custom designed software, it's a win in cost - which means spending less taxpayer money, which means taxpayers are less upset.
Which isn't to say everything is COTS, but the government likes the idea of using products that are easy to obtain and have a wide knowledge base of users to draw on. That way, if a COTS product breaks, it's easier to replace or repair, since it may be possible to have it fixed/replaced without going back to the original vendor.
Using COTS products where possible saves government money, which is taxpayer money, which is likely your money. It's a good thing.
Re:Some quotes from the article (Score:1, Informative)