UK Plans Cyber Weapons Program 59
An anonymous reader writes "The Ministry of Defence says they are working on a range of offensive cyber weapons to increase the country's defensive capabilities. The armed forces minister, Nick Harvey, says, 'The consequences of a well planned, well executed attack against our digital infrastructure could be catastrophic With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student.'"
Re: (Score:1)
Strangely enough, the irony would likely be lost on those who made the decision.
Re: (Score:2)
I'm sure there is some point to the wars. I can't see it. but there must be some point.
Re: (Score:2)
Re: (Score:2)
For an interesting take on wars and such watch Rob Newman's History of Oil.
http://video.google.com/videoplay?docid=-5267640865741878159 [google.com]
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Proper coding? More like not connecting anything that goes bang a lot to the internet. Another good idea is to make sure there's a carbon unit (or more than one) that presses the final button. They're less reliable but tend to fail in the safe direction.
Re: (Score:3)
If the UK wants to master its NBC suit production they "thought experiment" with the best offensive weapons they can dream up.
1. If the UK wants to master digital infrastructure they roll out very expensive Microsoft and watch everybody have a go at hacking it.
2. ?
3. Cyber victory
Its cost saving to have 1 expensive engineer watching a few counties critical infrastructure from a cheap Windows laptop after 5 pm but
Stop Pimping The Fear Mongering. (Score:1)
Thanks in advance,
Slashdots' Readership.
Reality called. It wanted its buzzwords back. (Score:4, Informative)
"With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student"
What a crock. Any engineering student who couldn't design a fission based nuclear bomb is going to be a terrible engineer. Hell, the guy who has literally "written the book" on the Manhattan Project bombs is a freaking truck driver*. And you have the same with biological weapons. Contrary to what movies show most research into biological weapons wasn't about genetic modification it was simply on how to make the bugs easy to disperse and store. And most of it was done in the 50's and 60's. To combat misuse of both the answer has been to control the key ingredients of isotopes and germs.
With "cyber" weapons it is the opposite. It is impossible to control the key ingredient, and the 'state of the art' has moved far past the stage where individuals are dominant. Even in the criminal world malware is built by teams. The technical threshold is very high and no individual is going to pull off well planned and well executed attack against a nations infrastructure. The "cyber wars" we see now are all done by large teams of hackers. When nations start actively deploying "cyber warfare" units and the like it will further raise the technical bar.
P.S. The fingers actually "hovering over the buttons" of NBC weapons were mostly 18-20 year old kids. The systems you see in movies where the president needs to give a code so nukes can be launched is mostly a crock. The US Strategic Air Command famously set the "permissive action locks" on its nukes to the equivalent of "1111" because it believed the system was too complicated to be relied upon.
*http://www.amazon.com/Atom-Bombs-Secret-Inside-Little/dp/B0006S2AJ0
Re: (Score:2)
I didn't miss the point I disagreed with the terrible attempt at getting the point across.
Also as far as I know no one has hacked modern critical systems with a single computer and free software. All the stuff making news is very sophisticated team efforts. Stuxnet required physically stealing encryption keys IIRC.
The kind of damage a single hacker can cause is probably less then what a single back-hoe operator can do. And foreign network attacks are probably less of a threat then foreign agents working fro
Re: (Score:2)
I was expecting an announcement like this ever since the US hacking story broke. Osama is dead and there have not been any terror attacks around here for a few years. Despite the threat level being at "severe" for years people were somehow regaining control of their bowels so something had to be done.
BOO! Heh, ScArY ain't it? (Score:4, Informative)
Nick Harvey, says, 'The consequences of a well planned, well executed attack against our digital infrastructure could be catastrophic With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student.'"
Shuuure; The missile is just gonna arm itself, and intangible cyber villains are going to bypass the physical electrical & mechanical safety mechanisms.
Sounds like someone's been watching too much Lawnmower Man. If a team of cyber villains is all it takes to launch/detonate warheads, We'd all be dead by now. Yeah, theoretically you would need a hacker on your nuclear terrorist infiltration team.
I suggest you take a break from the Fear-mongering... Wouldn't you prefer a nice game of chess?
HEY DUMB-ASSES -- Here's a fucking idea -- Instead of running in fear, wasting tax payer dollars on protecting us from cyber triggered nuclear war -- Why don't we just say: "Fuck it! Everyone's got hackers now! -- Game over, we have to disarm all nuclear bombs in case an angsty 4chan goer decides to an hero via nukes."
Re: (Score:2)
I didn’t take it to mean that hackers can easily control the systems capable of launching a nuclear attack.
I see where this is going (Score:2)
US, North Korea, China and the UK all decide to Cyber together.
What weapons?... (Score:2)
Re: (Score:2)
In the UK, game over.
In a country on good terms with the UK, game over.
The SAS can cover some areas.
Gangs, cults, home invasion, truck with poor breaks, unexpected medical issues, tax issues, deep political issues, gas leak, sucide, drugs, porn ect...
Nick Harvey is a wanker (Score:3, Insightful)
Nick Harvey is a wanker
Re: (Score:2)
Wrong paradigm (Score:5, Informative)
The idea of "Cyber Weapons" is a deliberately wrong paradigm whose only purpose is to wring money out of national defense agencies. A cyber attack is nothing more than an idea. If you know something about computer security which the other guy doesn't, you can attack him with it. But as soon as he (or his operating system or antivirus vendor) knows it too, you've got nothing.
This is completely unlike a weapon. An AK-47 is still deadly even if your opponent knows what an assault rifle is, but an unpatched SQL injection vulnerability is useless the moment your opponent learns about it.
Re: (Score:2)
The idea of "Cyber Weapons" is a deliberately wrong paradigm whose only purpose is to wring money out of national defense agencies. A cyber attack is nothing more than an idea. If you know something about computer security which the other guy doesn't, you can attack him with it. But as soon as he (or his operating system or antivirus vendor) knows it too, you've got nothing.
This is completely unlike a weapon. An AK-47 is still deadly even if your opponent knows what an assault rifle is, but an unpatched SQL injection vulnerability is useless the moment your opponent learns about it.
While I agree with you that this (like any other public security scare) will be used to wring out monies (private and public monies alike), I do not think that the distinction you outline exists in such a clear way: a security vulnerability has weapon-alike properties too.
A security hole is like a landmine not discovered yet: destructive if you do not know about it and you walk straight over it, but pretty harmless if a red flag shows where it is.
Similarly, an AK-47 is pretty harmless to a tank crew that kn
Re: (Score:2)
the whole internet has for decades been dealing with attacks on a scale which would make any one governments "cyberwarfare" division look like a pack of boyscouts throwing stones.
The internet is anything but a monoculture, there's thousands of different systems running different software all in their own little firewalled communities with the serious stuff behind DMZ's and multiple firewalls or on encrypted private networks.
Re: (Score:2)
You're right that information is power even in conventional warfare, but I worry that calling them "cyber weapons" will totally mislead the people making policy decisions. If you're a government official funding conventional weapons, you fork over your $1 billion and you get a weapon system. 5 years later, when the shit hits the fan, you can pull it out of the arsenal and hurt people with it. Even 20 years later, it still does the job pretty well.
But if you buy $1 billion in "cyber weapons", five years l
Re: (Score:2)
But if you buy $1 billion in "cyber weapons", five years later -- even six months later -- you've got absolutely nothing.
Depends on the quality of those 'cyber weapons'.
If they are of Stuxnet's quality then they can be very efficient and very deniable as well. Think of a weapon doing damage to Iran equivalent to the economic and military damage done by a dozen modern plutonium warheads and 2 years down the line they are still not able to pinpoint the attackers and prove that it was an act of war?
What kind of shelf time did Stuxnet have? Some of the zero-day Windows exploits it used were years old.
But yes, you are right th
Re: (Score:1)
Re: (Score:2)
There were several reports of injuries caused by damage to industrial equipment by Stuxnet.
Re: (Score:2)
Oh, also, the "weapon" paradigm totally misrepresents the asymmetry of offense vs defense. In your tank vs ak-47 example, yes, if you know about an AK-47, you can defend against it. But to defend against it you need a tank -- to negate a thousand-dollar threat you need a million-dollar defense. Your land mine analogy works the same: it's far more expensive and hazardous to clear a minefield than it is to deploy it.
But for cyber weapons, an attack that cost millions to research can be negated for pennies
Re: (Score:2)
Oh, also, the "weapon" paradigm totally misrepresents the asymmetry of offense vs defense. In your tank vs ak-47 example, yes, if you know about an AK-47, you can defend against it. But to defend against it you need a tank -- to negate a thousand-dollar threat you need a million-dollar defense. Your land mine analogy works the same: it's far more expensive and hazardous to clear a minefield than it is to deploy it.
But for cyber weapons, an attack that cost millions to research can be negated for pennies by typing "mysql_real_escape_string()" in the right place.
While the assymetry is there (did you really expect 'weapons of information' to be 100% equivalent to physical weapons?) you do not need a million dollar defense against a known $1000 AK47 position: you only need a $100 mortar, or a well placed $10 bullet or a $1 knife.
With the tank example I wanted to highlight how deadly damage the right kind of information can inflict, even against million dollar defenses. The tank gunner will still be dead after the incident even though we know it very well that had h
double edged (Score:2)
-
so there are some backdoors, trojans etc in the OS
so there is the dominance of Closed Source Software to allow this
-
then it is too expensive to produce hard-to-access systems for the critical areas.
even if they would have such systems, then there are too many critical areas ro deploy them without being noticed
- I fear these cyber militant statements are preparing a decoy target of standard systems - inviting for an attack
which will be the r
double edged (Score:2)
-
so there are some backdoors, trojans etc in the OS
so there is the dominance of Closed Source Software to allow this
- then it is too expensive to produce hard-to-access systems for the critical areas.
even if they would have such systems, then there are too many critical areas ro deploy them without being noticed
- I fear these cyber militant statements are preparing a decoy target of standard systems - inviting for an attack
which will be the r
I hear... (Score:3)
... they already have a surgical assassination team trained in both WoW and Farmville.
Re: (Score:2)
"Cyber" (Score:2)
Every time you use the word "cyber" your credibility drops by 20%.
Re: (Score:2)
http://edition.cnn.com/2009/POLITICS/10/02/dhs.cybersecurity.jobs/index.html?eref=rss_latest [cnn.com]
Re: (Score:2)
Woah...
Re: (Score:2)
Why and how the UK did not see this points to a political deal- you dont say no to the USA.
Obvious comment goes here (Score:1)
*Security* is the best form of defence (Score:2)
they are working on a range of offensive cyber weapons to increase the country's defensive capabilities
This kind of thinking shows the plan is doomed to failure before a single module of american software has been bought (at hyper-inflated prices) - which is the standard british technique for <strike> doing what the americans tell them to </strike> implementing a defence strategy.
While that might (although since it was impossible to test, we'll never really know) have been a successful strategy for nuclear war - when there were only 2 sides and therefore no uncertainty who the "enemy" was, it
UK plans cyber-weapons programme (Score:2)
HEY HEY 16K, R: Tape Loading Error, Thursday (NTK) — GCHQ has begun work on a range of uniquely British cyber-weapons [newstechnica.com] to add to Britain's defensive capability.
"Cyber-Space," said General Jonathan Shaw, pronouncing the hyphen between the words, "represents conflict without borders. But we can use the finest of British technical pluck to fight off Johnny Cyberforeigner!"
"We need a toolbox of capabilities," said armed forces minister Nick Harvey."For instance, we have a truckload of old Psion EPOCs, whi
The Geneva Convention (Score:1)