US Unable To Win a Cyber War 327
An anonymous reader writes "The inability to deflect even a simulated cyber attack or mitigate its effects shown in an exercise that took place some six days ago at Washington's Mandarin Oriental Hotel doesn't bode well for the US. Mike McConnell, the former Director of National Intelligence, said to the US Senate Commerce, Science, and Transportation Committee yesterday that if the US got involved in a cyber war at this moment, they would surely lose. 'We're the most vulnerable. We're the most connected. We have the most to lose,' he stated. Three years ago, McConnell referred to cybersecurity as the 'soft underbelly of this country' and it's clear that he thinks things haven't changed much since then."
Stupidity of leadership... (Score:5, Informative)
If you watched the broadcast of this exercise on CNN, you heard many people arguing for things that the government just can't do such as ordering telcos to disable all smartphones, suspending rights, and even nationalizing the power companies.
They spent so much time being told by the simulated AG what they couldn't do, they didn't have time left to discuss what they could do.
Re:Stupidity of leadership... (Score:5, Interesting)
What they don't understand is that it isn't going to be the government or the military that responds to a real cyber attack, it's going to be a nation wide army of several hundred thousand IT admins working 70 hour weeks to keep their companies secure and operational. Once solutions are found they'll be posted to the web and disseminated faster than the new attacks can be devised. In short, cyberwarfare won't work for the exact same reasons that censorship won't work, there's too many people working against the attackers who can communicate too quickly and too effectively.
Or, to put it another way, http://xkcd.com/705 [xkcd.com]
Re: (Score:3, Insightful)
Who would we be at war with? And what would it look like? I already block Large blocks of IPs from china/russia.
Actually this is a better example http://xkcd.com/538/ [xkcd.com]
just imagine in the left panel it's the goverment imagining needing all these 4 amendment violations and the right one is a sysadmin pulling out network cable from the router that connects the supposed country we would be at cyberwar with.
Re: (Score:3, Informative)
Except it probably won't be as simple as lots of evil malicious traffic originating from... say... the hypothetical Peoples Republic of Anich.
And then you can just block all of Anich and you won't be under attack any more.
The traffic of such a cyberattack could conceivably originate from all over the world, including from your own country - originating from compromised personal computers with fast broadband connections. Or even from the very modems or Internet sharing devices that connect their homes to the
Re: (Score:2)
I don't know, a couple of hearty men on a couple of random ships seems to be able to cut off most of the world from the Internet. If you planned it just right, that sysadmin might be on the bridge of a boat, but pull the plug he could.
Foolproof solutions only make smarter fools.
It would not take too long to programmaticly identify and block/drop/disconnect any IP on your network, daisy chain that effort, and you start making parts of the network dark, but it will shut down the attack, legal issues aside. If
Re: (Score:2, Insightful)
That might work well for some countries which are connected only with a small amount of cables. Not so much for the United States, probably the best-connected country in the world. I'd be incredibly surprised if anyone (that doesn't work at an ISP or a telco) would even notice if two or three cables connecting the united states to the world were severed. BGP will find another way.
Re: (Score:2)
Problem is that much of the United States online biz is really offshore biz.
Re: (Score:2)
I knew we should have installed a factory reset button on the internet.
Re: (Score:3, Funny)
If nothing else, that would make the transition to IPv6 much easier...
Re:Stupidity of leadership... (Score:4, Informative)
Re:Stupidity of leadership... (Score:5, Interesting)
You fail to realize that it is not "one network cable" that connects us to (lets say China). The robustness of the internet means that every route to China must be cut in order to stop the attack.
That means England has to cut their ties with China. And France. And so on and so forth until everyone that North America Can access no longer has access to China. If we leave the pipes open to India, and India is still open to China, thats a route through to the US. Thus we resort to IP Blocking, but then spoofing and Proxies comes into play - making things more complex.
The other solution to stop the attack, is to disconnect all the network cables that access any other country. Leaving you with an internet that spans North America Alone.
Personally, if it ever comes to a cyber war, I think it will boil down into a World War kind of thing. One side will cut ties and allegiances will be made. The West will be on their own private network and the rest of the world on theirs, creating two out of sync "Internets".
Re: (Score:2)
Yes, and once the war is over talks will begin on who gets to control what domain names.
Re:Stupidity of leadership... (Score:5, Insightful)
Why would any of that happen???
The internet is essentially millions of walled and gated communities.
Everything that any hypothetical attacker could try is already being done by the legions of script kiddies right through to highly paid top notch programmers working for organised criminal groups.
If any hypothetical attacker from china or *scary place* wanted to launch a DDoS attack why would they write anything of their own when they can just pay for bandwidth from one of the big botnet herders?
Government entities hardly have a monopoly on hackers.
A million Sys admins the world over already deal with these problems every single day of the year.
Re: (Score:3, Insightful)
Why would you assume that a Cyber war would consist of conventional "Attacks"?
Of course they aren't going to DDoS, that's something a million Sys admins the world over already deal with every single day of the year.
I think more damage could be done with Rootkits and backdoors than a DDoS ever could. And believe me, the kind that would be employed are not the kind that script kiddies use every friday night. The kind that would be employed would end up being engineered into the hardware, something China regul
Re:Stupidity of leadership... (Score:4, Informative)
read:
http://webtorque.org/wp-content/uploads/malware_biz.pdf [webtorque.org]
The organised malware business is already leagues ahead of anything script kiddies use.
it's embraced outsourcing.
The people writing viruses these days are professionals.
They're not doing it for the lulz like when we were kids, it's cold hard business.
They teenagers who used to write viruses which turned your mouse into a penis have grown up and now they're not going to do anything unless there's cash in it for them.
The rootkits that are out there are already more advanced than the rootkit detectors and even the best AV programs have perhaps a 20% hit rate. (not miss rate)
They already have countermeasures ready for security measures that we haven't even deployed yet
Re: (Score:3, Insightful)
Re: (Score:2)
Considering the significant language barrier between the East and the West, what would we (in the west) really be losing out on?
Re: (Score:2)
Is that why I can Visit Shanghai and not need to know a word of Chinese? The East has a rather large English speaking population, the language barrier is not as big as it was say 5 years ago.
As for what we'd be losing out on - It's really more complex than just the internet. If we decide to cut of internet ties we're probably cutting off trade as well. And I can't imagine North America functioning well without China's production.
Re: (Score:3, Insightful)
The other solution to stop the attack, is to disconnect all the network cables that access any other country. Leaving you with an internet that spans North America Alone
There are 2 kinds of denial of service attacks:
- The one where i fill your connections/process/whatever so noone else could access you
- The one where i just scare you, and you turn off your servers because big bad wolf is somewhere outside
Guess wich one is the more effective, and will damage you (and probably everyone else) more.
Re: (Score:2)
You can't even effectively cut off the rest of the world as you state. Assuming you blacken all satellite and undersea cables, you'd also have to cut all landlines as well, or someone can dial into the US-Internet.
And even cutting landlines would not be effective, as satellite phones cross all national boundaries. You'd have to blast those out of the sky also... all of them, including your own.
If a war like this happens, I hope we survive enough to defile the graves of every one of our leaders who opted to
Re: (Score:2)
I already block Large blocks of IPs from china/russia.
Then it's a good thing that hackers don't know how to use proxies or make zombie machines. You are perfectly safe!
Why criticize the idea, though? It just seems asinine that you would take a position of 'you are never safe and therefore stupid'. Security in layers is never bad, even though one might suggest increasing the number of layers.
Re:Stupidity of leadership... (Score:5, Insightful)
In short, cyberwarfare won't work for the exact same reasons that censorship won't work, there's too many people working against the attackers who can communicate too quickly and too effectively.
Quiet, you fool! Imagine if they can convince the United States government that part of its defense budget should go to increasing cyber security! We already know the DoD uses Linux [aviationweek.com] and wants more [slashdot.org]. Just think what a very tiny fraction of the US Defense budget could do for security in Linux and its subsequent adoption for corporations!
And for those of you that argue the enemy will then use Linux: who cares? Bullet proof protection on both sides would prevent any attempt of an offensive from ever sparking a war. In light of recent economic ups and downs, I would argue at this point it's more important to make the corporations feel 100% safe and secure -- unlike Google in China.
Re: (Score:2)
When did Linux boxes eliminate human interface? How do the operate without using fallible things such as passwords? When did the migration happen?
Re: (Score:2)
We have BOFH (Score:5, Funny)
We are BOFH. You want Mutual Assured Destruction? We make the USAF look like wusses.
Re: (Score:2)
You obviously don't worry about backdoors in routers, switches, network cards, motherboard BIOS, etc.
What if I am China and I use one of these to rootkit your box. I might not be out for damage, but just to collect intelligence. How would you KNOW?
next let's assume you have an inkling something's going on.
Are you going to rebuild the Windows kernel on a safe PC, checksum it, then bring it and all the other files to repair the damage?
Unlikely for many reasons.
So you start to rebuild your PC from the install
Re: (Score:2)
You got it. Just as our Grandparents rose up to fight the tyranny of the Nazis and to free Europe and Asia from the Axis powers, we shall take up arms with our servers, firewalls and steady supply of caffeinated beverages! To battle my brothers!
How many "accidental" undersea cable cuts in 2008? (Score:3, Interesting)
How many "accidental" undersea cable cuts in 2008? ...just saying...
-- Terry
A cyberwar will be used as a lead up to an attack (Score:5, Interesting)
A "Cyberwar" will be used as part of a campaign for a larger objective. When (not if) China chooses to "annex" Taiwan, the attack would likely go as follows:
US power plants go down because of SCADA systems attached available to anyone who finds them. Other embedded systems will get torn apart, from HVAC systems to traffic light control, paralyzing cities. This will happen all at once, both on CONUS, but on ports the US uses abroad, and in Taiwan as well. As a farewell gift, routers and such are zapped of all configuration to make it harder to reconnect and get infrastructure working, especially core wireless items, such as the infrastructure between towers. Even worse, most companies and organizations have no backup infrastructure in place so a simple dd if=/dev/zero of=/dev/sda will cause permanent data loss. Or random corruption is done to archive records, making them unusable for criminal or civil proceedings down the line.
By the time the mess is cleaned up (and with embedded systems, there *will* be physical damage, such as safety valves jammed shut, causing BLEVEs), the Red Guard will have firmly garrisoned the island nation and will be telling the US that an attack there will result in a nuclear exchange.
Another possibility will be an attack against the Falkland Islands by Argentina. As of recently, that nation has been wanting to take British oil interests in the area, even trying to attack oil rigs. One can expect the UK to be hit by a coordinated attack on critical systems, as well as its allies. Then the next thing would be Argentina with help from Chavez (who is in dire need of a military victory against Europe and the US to bolster his credibility) will be invading the Falkland Islands. No, the islands may not be a major strategic issue, but they have a lot of oil underneath, and would love to attack the UK's oil interests and turn the oil derricks into torches.
Of course, there is Russia. America's grid goes down, and Russia pushes into Western interests without a shot being fired. Since most of Europe went "green" and ditched their national security for reliance on Russian gas, expect no help from France or Germany, as neither country wants its population to freeze to death, and both countries like their cities to have their lights on. It wouldn't even take a cyberattack to make Europe kowtow to Russia... just the threat of turning off the natural gas pipes.
Of course, the Middle East comes to mind. The one oil pipeline that Russia hasn't seized yet that goes through Georgia. Georgian computers go down, American grid suffers, Russian tanks plow into Georgia proper calling it a police action, depose the government and set up a puppet system. Combine that with a military action to grab control of the Persian Gulf, and Russia now has complete control of Europe's and America's oil supplies. Game. Point. Match. Checkmate.
The problem? A good number of American companies don't give a shit about security. Since security has no ROI, little but lip service is paid in that direction. They expect that they can hire an army of consultants to repair any breach 24/7, so don't do anything except put some random policies in place. Of course, come a military strike against American interests, these companies will be having their systems used as staging points and proxies to make it virtually impossible to find out who disabled a cooling system at a nuke plant, causing a SCRAM across all reactors and plunging the grid into a blackout.
When a "cyber attack" that is worth the name happens, the lights will go off, then the ships will sail into some country's harbor, and the troops will be moving in. It won't be done just for giggles by some foreign nation, it will be done in concert with another brutal offensive.
Re: (Score:2)
Re: (Score:3, Insightful)
How could it have gone any other way?
They put a crowd of idiots who couldn't find their arses with both hands, didn't know the law, didn't know about the internet and didn't know about technology in a room and then expected them to do what?
Make sensible choices?
If you want good decisions in that situation you get a small group of experienced sys admins, a couple of really really good lawyers and one person with enough authority and enough sense to keep quiet who's job it is to shout at people until the plan
Which is why they ran the exercise (Score:2)
They didn't know that those things couldn't be done. Would you rather they found out during an exercise, or in a real emergency? Remember, these are not technical people.
Re: (Score:2)
They didn't know that those things couldn't be done. Would you rather they found out during an exercise, or in a real emergency? Remember, these are not technical people.
Then there should be someone who *does* know what can be done.
But are we talking "technically" or "legally". That our lawmakers don't know what is and is not legal is a pretty disturbing thought.
Re: (Score:2)
There was someone there. Several people (legal, technical, and other) who said "You can't do that..."
Also, these weren't lawmakers, they were from the executive branch. Various levels of managers, mostly senior.
Re: (Score:2)
What's the difference between lawmakers and managers, in terms of usefulness?
Re:Stupidity of leadership..or quite the contrary? (Score:5, Insightful)
I wonder how much of this new fear has to do with revving up support for ACTA/etc.
Re: (Score:2)
Heh, I kinda hope ACTA triggers a cyberwar, against all the governments that backed it.
Re: (Score:2)
Wow, they are lobbying to able to shut down cell phone service and internet access when the companies (supposedly under attack) are "unwilling" to do so. I'm glad I'm not a conspiracy theorist or I would be under the table right now wearing my tinfoil hat. To me it sounds more like a South American regime worried about a coup than the "home of the free."
Re: (Score:2)
We what we need are actual cyber attacks to build system immunity, just as virus and malware attack coerce countermeasures.
Re: (Score:2)
A lot could be said for creating a PGP signed mailing list based on a web-of-trust and requiring a government certifier in the trust. Then we could at least share contact information, verify authenticity of requests in the event of attacks and keep reactions to changes in infrastructure confidential. Include key signing in the certification process for basic government clearance.
An announcement mailing list could keep us abreast of potential problems... ideally just a monthly "this is a test of the emer
Re:Stupidity of leadership... (Score:5, Interesting)
even nationalizing the power companies.
I'm all for that, cyberwar or no. Maybe not have the power companies run by the US government, but by local or county governments. My gas company Amerin is a private utility that is a power company as well in most of the state, my electric comppany is CWLP, owned and operated by the city. The difference between these two utilities is astounding.
CWLP has excellent customer service, the lowest rates and the highest uptime of any electric utility in the state, and makes a tidy profit for the city as well, offsetting taxes that would otherwise have to be paid. My gas company, otoh, makes Comcast look good. The reason is simple: if CWLP's customer service goes bad, if the power is out much, or if the rates go up too much the Mayor loses his job.
Amerin's customer service is abysmal, but what is one to do? Many local folks have gone all-electric because of their shodddiness. There isn't even a local office to pay the bill, you have to snail mail it or go to a currency exchange and pay an extra dollar. It's not like you can go to the other gas company down the street, and propane is out of the question. Because of this, they are not beholden to anyone but the stockholders.
The free market works well when there is a free market, but there is no free market when it comes to utilities or any other natural monopoly. I'd like to see all utilities taken over by local or county governments. The customer has at least some say then.
Re: (Score:2)
3rd World War (Score:4, Funny)
Duh. (Score:3, Interesting)
Tell us something we don't know. When script kiddies can invade government networks, I'd say that we are pretty much screwed if an all-out digital conflict were to happen.
Re: (Score:2)
If it helps the US has more script kiddies than almost anyone else and I somehow doubt that many other countries have fantastic security either.
Let me guess the solution: (Score:5, Insightful)
More government intervention and monitoring of the Internet, to be outsourced to 3rd party vendors which are politically connected?
Nah, couldn't happen.
Im in ur internetz fraggin ur servers (Score:4, Insightful)
Propaganda (Score:5, Insightful)
Pretext to OpenID and government surveillance.
Mod up (Score:2)
This is nothing but propaganda.
The term cyber-war is a dumbed down and meaningless term, just likes "series-of-tubes internet" to scare people, and spread ignorance about the topic of security.
Comment removed (Score:3, Interesting)
duck and cover! (Score:3, Funny)
Luckily, I've setup my server farm in my old bomb shelter.
Re: (Score:3, Funny)
Luckily, I've setup my server farm in my old bomb shelter.
For security reason I'm backing up the whole net using Torrents. :)
all this proves (Score:4, Insightful)
Re: (Score:2, Insightful)
Political Machine only cares about one thing .... getting re-elected. ALL other things play second fiddle to this primary fact. How else can you explain how stupid politicians keep getting re-elected? It isn't because they are doing a good job.
What I don't understand is the 10% that think our congress is doing a good job. THESE are idiots that keep voting the other idiots into office.
What makes most Sys Admins good is that they don't play politics, they tend to say exactly what they mean, and mean precisely
Why is infrastructure connected? (Score:5, Interesting)
Re:Why is infrastructure connected? (Score:5, Interesting)
Why are things like power plants, banks, or telcos directly connected to the internet? You'd think they could afford a completely separate network.
A short summary of the problem:
Obviously no one manipulates the reactor control rods over the internet, outsourced to India. Although there is probably an intense desire by the MBAs to do so. Obviously the marketing guys have their PR website on the internet.
The problem is the devices in between. At a past employer, they had a customer whom had to cancel aircraft flights when their net access was down. They had to submit some form or list to the FAA or DHS or big brother or whatever for each flight, and they had a backup plan to submit the info over telephones/cellphones, but not the personnel to handle the load of all flights on backup, so the least essential flight would be canceled. Sales gave them an elaborate SLA.
That is how you shut down a nuclear plant using the internet. They can't email incident reports to the N.R.C., so they have to shut down for "safeties sake". Its not that its technically dangerous, but intentionally operating without N.R.C. oversight might be a $10M/hour fine, so they aren't gonna do it. Or maybe the plant guards won't get paid unless their internet accessible timeclock application works, they won't work for free, and the plant is not allowed to work without guards. Or the VOIP customer service in India is inaccessible and for safety reasons you can't supply power with no way to learn of lines down in the street and/or dispatch the service techs, so off goes the power to the city. To save money, city water SCADA system is now on the internet instead of a private net, and when the inet goes down, no water, no water means the plant shuts off. Thats how you use the internet to shut off a nuclear power plant, not some B.S. about remotely adjusting the control rods and turning pumps on and off.
What was almost certainly not discussed during the govt simulation was the need to remove useless regulations, because that gets the proletariat wondering if those regulations are really required under normal circumstances...
Re:Why is infrastructure connected? (Score:5, Informative)
In this simulations, they weren't. The public cell phone network had a widespread trojan, which went on to attack the public Internet. With phones and data down, they weren't able to respond to simple bomb attacks on a few power locations, and the power grid collapsed.
The threat to the power grid wasn't that that it was cyber attacked, but that a conventional attack was much more powerful when there was no way to direct the repair people. With no way to direct truck drivers or send orders, there was no way to get gas to critical things like hospital and police to run generators.
The team lost the wargame, and was punished by having to be interviewed by Wolf Blitzer.
Re: (Score:2)
Huh? If "they" also includes the cell phone network, and the cell phone network isn't connected to the internet, then how could the cell phone network attack the public internet?
Re: (Score:2)
Until it cost them 100 billion a day in cost and they are making billions in profits every day from it, the executives are right to ignore the IT guy.
Re: (Score:2)
So then the solution should be simple: have congress legislate that the networks be separate.
Computer unable to defeat Nuke (Score:5, Funny)
The headline should really read: "Overseas hacker's computers unable to defeat incoming U.S. nukes."
That would be much more accurate, if we are going to talk about WAR.
Re: (Score:2)
Yeah, but which country? As, for example, a political group in one country uses machines in a second to launch an attack at a third. Retaliation of the weaponised type happens from the third country to the second, leaving countries 2 and 3 smoking ruins, but the first laughing.
If you wait long enough to try and piece things together, you'll likely have bigger problems on your hands than retaliation (i.e. keeping afloat).
Re: (Score:2)
It was soooo funny watching supposedly intelligent people (Chertoff), when told the attack was coming from "a server in Mongolia (or wherever)" their first thought was "Can we take it out?"
These people are so last Century. Someone needs to in there with a clue stick.
Re: (Score:3, Funny)
We just nuke all the likely suspects. All at once.
Problem solved.
Re: (Score:2)
By the time the wargame was over, they didn't know where to send the nukes. They knew the server was in Russia, and they could contact Russian police to get that shut down... but they didn't know who set this server up. They didn't know if this was Russian, or people pretending to be Russian, or Russians hoping they would think they were putting up a Russian diversion.
Bullshit (Score:2, Insightful)
If there was an actual cyber war, we would respond with real war.
We're far and away the best at that.
Random attacks showing the ineptitude of aren't a cyber war. When someone starts launching missles and redirecting our navy clear a path for an attack, then it'll be a cyber war.
When some schlubs steal buckets of personal data, mess with the power grid, or disrupt internet traffic it's just another day in the U S of A.
Bunch of BS (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Yep, this was set up by Fox N... wait a second, it was on CNN!
Re: (Score:3, Insightful)
I'm not even sure what the whole "wargame" consisted of to begin with. Correct me if I'm wrong, but from the sound of things, the entire event was just a bunch of guys sitting around at a table, with their staff telling them what's "happening". Everything they do (i.e. talking about it) is unable to change what they're being told.
Seems to me like it doesn't need to have any basis in reality. It could have had any conclusion they want it to. For all it matters the scenario could have been an invasion by
Of course we can't win a Cyber war (Score:2, Interesting)
For the same reason we can't win a space war, we have the most to lose. The more systems you have dependent on an asset, the more vulnerable you become in that asset.
Note however, that doesn't mean you are in a weaker position, an asset is still an asset.
Convenience isn't just convenient, it is time saved you can use to do other things. We just need to start waking up to what is a security risk and what isn't. What we need to protect and what we don't and finally drills on what to do if the primary syste
Cut the cord (Score:2, Insightful)
Always remember this in a cyber war (Score:5, Funny)
If you're captured by the enemy, there are just three pieces of information you are compelled to divulge: Age, Sex, and Location.
A comment in The Atlantic on cluelessness (Score:5, Interesting)
I wrote this to The Atlantic, which is a "think piece" magazine read by some decision makers in Washington.
After seeing that show, I was struck by the cluelessness of the panelists. I don't expect them to understand how networks really work, but they didn't even understand the organizations involved. Key organizations in a crisis like that would be the North American Network Operators Group and the North American Electric Reliability Council, along with the US Computer Emergency Response Team. The participants didn't know that, and they didn't have staffers to tell them.
The panelists were obsessing over whether they had enough authority to do something, while totally lacking any idea of what to do.
There are a few reasonable steps they could have taken at their level.
Having taken the initial steps, the next priority is bringing the electrical grid back up. If substations were damaged, it may be necessary to move some very large transformers around, and possibly to import them from other countries. Military assets (i.e. big transport aircraft) should be made available to help with that.
In parallel with this, the intelligence community and DoD can work on who's behind the attack. But that's not going to be dealt with in the first hours. Don't obsess on hitting back.
Re:A comment in The Atlantic on cluelessness (Score:4, Insightful)
The panelists were obsessing over whether they had enough authority to do something
"obsessing over whether they had enough authority" was no mistake - it was the whole point of this test from the very beginning. We can already see that "lack of authority" and recommending new powers be granted to the president is the main focus being driven home in the aftermath of this exercise in propaganda. The real aim of course being to garner support for enacting laws giving enough authority to do "something" about this problem of people communicating over the internet. The people behind this test are not stupid or clueless, they merely know which fear buttons to press [wikipedia.org] in order to get what they want.
Re:A comment in The Atlantic on cluelessness (Score:5, Interesting)
Yes, the real responders will be CERT and NANOG. I'd be willing to bet that some fair percentage of the people with their hands on the keyboards in NANOG would be able to fire up their HAM sets if the backbones got so totally overwhelmed that nothing could get through. I KNOW they don't care if their fucking cell phones don't work. They have desks with three screens and a keyboard and a hardwired phone on them. What happens to their daughters' iPhones in no way interferes with their jobs.
But I have a hard time imagining any purely digital situation that would take down the backbones. Script kiddies have been running DDOS botnets for a decade now. The backbones have seen it all, done it all, and when you get right down to it, the trans-Atlantic and trans-Pacific links aren't big enough to saturate the continental backbone. We have a LOT more fiber in the ground than we do underwater.
The only situation that could take down the backbone is an extended, multi-state power outage, and guess what: we've been there and done that. The northeast power outage was our worst case scenario made manifest. Those of us in the Midwest knew about it, but barely even noticed it in our day to day lives. Our grid stayed up, our phones still worked, and business went on as usual for most of us. Those who needed to talk to eastern seaboard customers/employers/whatever had a quiet few days, that's all.
Sure, it looked like the participants were clueless. And I know the old saw about never attributing to malice what can be explained by incompetence. But I've seen the names of the participants, and I know for an absolute fact that malignance is one of their primary motivations. They seek power, at all costs, and they will do anything to get it, including lie, cheat, steal, and manipulate anything and everything they can affect. I think they do have the staffers who can tell them about NANOG and CERT and NERC and they don't like the fact that those organizations exist without their explicit control over everything they do.
They want the authority, in law, to order NANOG around, on any pretext. They want the authority, in law, to disband CERT if they feel like it. They want to exert the full force of the US Government to make all these 'maverick' network operators stand and salute when they say so, or lose their jobs. They've heard how the Internet views censorship as damage and routes around it and they want control of the people who control the routers. They want the power and they want the money, and they're going to do their damndest to stampede their herd of useful idiots into giving it all to them. They are sociopaths and psychotics and we can only hope they die of old age before the country falls headlong into a French Revolution of purges, pogroms, and random bloodletting.
Re:A comment in The Atlantic on cluelessness (Score:4, Insightful)
They are sociopaths and psychotics and we can only hope they die of old age before the country falls headlong into a French Revolution of purges, pogroms, and random bloodletting.
What makes you think their children will be any different? There has been a trend for the ruling class in the US to function equivalently to royalty (Bush I & II, Clintons, Kennedys). I don't see why the next generation of sociopaths will be any better than the current batch.
Re: (Score:3, Interesting)
The children are often different, and the grandchildren, if the money stays around that long, can be very different. The children of sociopathic royalty are often dilettantes and ne'er-do-wells, or uninterested in power for power's sake. I don't see Chelsea Clinton ever being effective in politics. Nearly all of the Kennedys active in politics were the same generation, with a few exceptions in the current generation, and their children are so numerous and so obscure that even the obsessives at Wikipedia
Goes without saying... (Score:4, Interesting)
The US has been and will be stuck back in WWII thinking until it's too late. When you invest in war ships, tanks and fighter planes you have something "show" people. It's pretty hard to demonstrate what you got for the money when it comes to the security of intangible things. The installation of a firewall just doesn't make one go "oooh and ahhh" like the vaporized city and mushroom cloud from a 10 mega-ton ICBM. Even a security fence and a camera or two around a municipal water supply isn't very "impressive" compared to the demonstration of raw power an F-22 can unleash.
Worse still is when people do play "tickle-tickle" with our soft underbelly the response tends to be blowing up FedEx packages, taking off our shoes, having dogs sniff our crotch, and groping pregnant ladies.
Re:Goes without saying... (Score:4, Insightful)
Re: (Score:2)
a big fat EMP over the enemy sure would be cool however. Just hope that enemy is not next door to your house.
just trying to follow the logic here (Score:3, Funny)
So you're saying we should build robots to sniff crotches and grope pregnant women?
Which country _would_ win? (Score:3, Insightful)
Frankly, I feel the US is more prepared than most countries. Unfortunately, that still doesn't quite cut it.
I think the threat of indefensible counter-attack is going to make any government think twice about a full-on cyber-attack, taking the same role nuclear retaliation did during the Cold War.
Re: (Score:2)
Except that nowadays the "nukes", also known as multithousand node botnets, are in the hands of "terrorists", also known as spammers and botnet operators.
And terrorists are not exactly known for being rational.
Anyone who pisses them off is going to face mega retaliation...
A lession that Blue Security unfortunately had to learn the hard way.
This is all a play. (Score:2)
This entire situation is designed to help coerce people and legislators into supporting further restrictions on internet freedom and more - it's entirely apparent.
The other thing that should be apparent is that our intelligence services and military aren't stupid. They've been recruiting people with skills for years.
We're not unprepared; where we stand against Russia and CHina I don't know, but to say we're not ready just doesn't ring true to me.
I agree with Lessig and others about a "cyber 9/11" being on t
Change the system... (Score:4, Interesting)
Unfortunately for the U.S., the problem started decades ago. The downfall began when the corporations convinced politicians to make stronger and stronger laws to punish those who hack their system or product. This led to the idea that instead of fixing any security issues, it was easier and cheaper to try to punish those who hacked. Fast forward to today, and now theres the more laws, EUA's, DMCA's, etc.
If you discover exploits and try to go public with it. The first thing the targeted company might try to do to squash the "exploit" is either litigate or file criminal charges.
I'm not saying that there shouldn't be laws against hacking into systems, but the current environment doesn't bode well for making these system any more secure. It would be nice if there was some kind of "whistle blower" protection for those who discover exploits and maybe a company or government agency that you could disclose these exploits to in order to receive this protection.
Maybe there could be laws inacted that require a company to fix the exploit within a certain amount of time once it has been reported or something. If not they could either be fined or held accountable if any sensitive data is breached. Not sure, but something needs to be changed.
This was a bullshit story (Score:2)
Obama should address this scenario and flat out bitch slap them for using this FUD to float trial balloons to further erode our constitution.
Late Breaking News (Score:2)
The ultimate cyberwar weapon (Score:5, Insightful)
An honest loss? (Score:3, Informative)
The military has conducted dishonest wargames [armytimes.com] before, gaming the rules to prevent the Red team from achieving a politically distasteful victory. Perhaps the parties involved can learn from their loss instead of pretending it didn't happen. Of course, if the Red Team was supposed to win, in order to bolster budget requests and score political points, we're back to meaningless pantomimes.
If the US lost a "cyber war", the world would lose (Score:3, Insightful)
If the US lost a "cyber war" enough to seriously damage our economic infrastructure, the world would lose.
Who imports all that stuff from China? A stalled US economy will lead to a lot of upset Chinese unemployed. Who still has the largest amount of global financial services? Care to try to cash in those stocks/bonds or "safe" US Treasury Securities when the US information infrastructure is down?
If the US real-estate bubble was enough to cause a global recession, what would happen if the entire information infrastructure of the US were taken out?
Any nation-state that thinks taking out the US will help them is stupid. Terrorism (the kind that can accept a global depression) is another story.
Re: (Score:2)
These are the same people who are negatively reporting on Apple removing porn from the App store. They're just a bunch of
Re: (Score:2)
Re: (Score:2)
As I recall many did jump on board for the post 911 hacking of the middle east for a while.
Re: (Score:2)
Re: (Score:3, Informative)
Have you heard of Infragard [infragard.net]?
Re: (Score:2)
Re: (Score:3, Funny)
Yeah, all those explosions do tend to loosen things.
Re:cyberwar = bullshit (Score:4, Informative)
dont buy this cyberwar bullshit. they are just using it as an excuse to justify internet control schemes they want to bring upon you americans. remember how terrorism was used to bring liberties-infringing 'security' measures in all aspects of life. its the same shit, repeating itself.
do NOT buy it.
From an article about the "mock cyber attack": [net-security.org]
"...A bevy of former top US officials were given various roles to play:
The entire scenario was thought up by Michael Hayden, the former CIA Director, and the faux attack began with malware masquerading as a free March Madness application for smartphones...."
Not only the same shit, but the same shit doled out by the same people.
Re:Last 9 years was WASTED (Score:4, Insightful)
Between government regulations and the unions you aren't going to have an opportunity to bring back manufacturing to the US.
The misunderstanding is that manufacturing ever "left" the US.
US manufacturing output reached an all-time-high [economistblog.com] of $1.6 trillion in 2007, nearly double the $811 billion in 1987.
It is true that US manufacturing jobs are on the decline, but not because we are not manufacturing, but because manufacturing productivity is rising. More machines/robots are doing the work, and where humans are involved, the US is concentrating on higher value products.
This is EXACTLY what we saw in the farm industry. In 1900, 30% of Americans worked on a farm. Today, fewer than 2% do, but the US produces more food than it did in 1900 with far fewer workers and less land.
If the (mostly) low value-add manufacturing done by China had to be done in the US, it would be done by machines, not human workers.