Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Microsoft Security United Kingdom IT

UK Plans Cyber Weapons Program 59

An anonymous reader writes "The Ministry of Defence says they are working on a range of offensive cyber weapons to increase the country's defensive capabilities. The armed forces minister, Nick Harvey, says, 'The consequences of a well planned, well executed attack against our digital infrastructure could be catastrophic With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student.'"
This discussion has been archived. No new comments can be posted.

UK Plans Cyber Weapons Program

Comments Filter:
  • by Anonymous Coward

    Thanks in advance,

    Slashdots' Readership.

  • by the_raptor ( 652941 ) on Thursday June 02, 2011 @02:44AM (#36317082)

    "With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student"

    What a crock. Any engineering student who couldn't design a fission based nuclear bomb is going to be a terrible engineer. Hell, the guy who has literally "written the book" on the Manhattan Project bombs is a freaking truck driver*. And you have the same with biological weapons. Contrary to what movies show most research into biological weapons wasn't about genetic modification it was simply on how to make the bugs easy to disperse and store. And most of it was done in the 50's and 60's. To combat misuse of both the answer has been to control the key ingredients of isotopes and germs.

    With "cyber" weapons it is the opposite. It is impossible to control the key ingredient, and the 'state of the art' has moved far past the stage where individuals are dominant. Even in the criminal world malware is built by teams. The technical threshold is very high and no individual is going to pull off well planned and well executed attack against a nations infrastructure. The "cyber wars" we see now are all done by large teams of hackers. When nations start actively deploying "cyber warfare" units and the like it will further raise the technical bar.

    P.S. The fingers actually "hovering over the buttons" of NBC weapons were mostly 18-20 year old kids. The systems you see in movies where the president needs to give a code so nukes can be launched is mostly a crock. The US Strategic Air Command famously set the "permissive action locks" on its nukes to the equivalent of "1111" because it believed the system was too complicated to be relied upon.

    *http://www.amazon.com/Atom-Bombs-Secret-Inside-Little/dp/B0006S2AJ0

    • by AmiMoJo ( 196126 )

      I was expecting an announcement like this ever since the US hacking story broke. Osama is dead and there have not been any terror attacks around here for a few years. Despite the threat level being at "severe" for years people were somehow regaining control of their bowels so something had to be done.

  • by VortexCortex ( 1117377 ) <VortexCortex AT ... trograde DOT com> on Thursday June 02, 2011 @02:52AM (#36317098)

    Nick Harvey, says, 'The consequences of a well planned, well executed attack against our digital infrastructure could be catastrophic With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student.'"

    Shuuure; The missile is just gonna arm itself, and intangible cyber villains are going to bypass the physical electrical & mechanical safety mechanisms.

    Sounds like someone's been watching too much Lawnmower Man. If a team of cyber villains is all it takes to launch/detonate warheads, We'd all be dead by now. Yeah, theoretically you would need a hacker on your nuclear terrorist infiltration team.

    I suggest you take a break from the Fear-mongering... Wouldn't you prefer a nice game of chess?

    HEY DUMB-ASSES -- Here's a fucking idea -- Instead of running in fear, wasting tax payer dollars on protecting us from cyber triggered nuclear war -- Why don't we just say: "Fuck it! Everyone's got hackers now! -- Game over, we have to disarm all nuclear bombs in case an angsty 4chan goer decides to an hero via nukes."

    • I believe he's using "the button" to draw a parallel between an attack over the internet and somebody launching nuclear attack.

      I didn’t take it to mean that hackers can easily control the systems capable of launching a nuclear attack.
  • US, North Korea, China and the UK all decide to Cyber together.

  • ..military grade LOIC or what??...
    • by AHuxley ( 892839 )
      Think back to the IRA and the long reach of UK signals intelligence, other friendly intelligence services and what lots and lots of cash can do.
      In the UK, game over.
      In a country on good terms with the UK, game over.
      The SAS can cover some areas.
      Gangs, cults, home invasion, truck with poor breaks, unexpected medical issues, tax issues, deep political issues, gas leak, sucide, drugs, porn ect...
  • by Anonymous Coward on Thursday June 02, 2011 @03:46AM (#36317284)

    Nick Harvey is a wanker

  • Wrong paradigm (Score:5, Informative)

    by goodmanj ( 234846 ) on Thursday June 02, 2011 @04:23AM (#36317396)

    The idea of "Cyber Weapons" is a deliberately wrong paradigm whose only purpose is to wring money out of national defense agencies. A cyber attack is nothing more than an idea. If you know something about computer security which the other guy doesn't, you can attack him with it. But as soon as he (or his operating system or antivirus vendor) knows it too, you've got nothing.

    This is completely unlike a weapon. An AK-47 is still deadly even if your opponent knows what an assault rifle is, but an unpatched SQL injection vulnerability is useless the moment your opponent learns about it.

    • by bye ( 87770 )

      The idea of "Cyber Weapons" is a deliberately wrong paradigm whose only purpose is to wring money out of national defense agencies. A cyber attack is nothing more than an idea. If you know something about computer security which the other guy doesn't, you can attack him with it. But as soon as he (or his operating system or antivirus vendor) knows it too, you've got nothing.

      This is completely unlike a weapon. An AK-47 is still deadly even if your opponent knows what an assault rifle is, but an unpatched SQL injection vulnerability is useless the moment your opponent learns about it.

      While I agree with you that this (like any other public security scare) will be used to wring out monies (private and public monies alike), I do not think that the distinction you outline exists in such a clear way: a security vulnerability has weapon-alike properties too.

      A security hole is like a landmine not discovered yet: destructive if you do not know about it and you walk straight over it, but pretty harmless if a red flag shows where it is.

      Similarly, an AK-47 is pretty harmless to a tank crew that kn

      • the whole internet has for decades been dealing with attacks on a scale which would make any one governments "cyberwarfare" division look like a pack of boyscouts throwing stones.

        The internet is anything but a monoculture, there's thousands of different systems running different software all in their own little firewalled communities with the serious stuff behind DMZ's and multiple firewalls or on encrypted private networks.

      • You're right that information is power even in conventional warfare, but I worry that calling them "cyber weapons" will totally mislead the people making policy decisions. If you're a government official funding conventional weapons, you fork over your $1 billion and you get a weapon system. 5 years later, when the shit hits the fan, you can pull it out of the arsenal and hurt people with it. Even 20 years later, it still does the job pretty well.

        But if you buy $1 billion in "cyber weapons", five years l

        • by bye ( 87770 )

          But if you buy $1 billion in "cyber weapons", five years later -- even six months later -- you've got absolutely nothing.

          Depends on the quality of those 'cyber weapons'.

          If they are of Stuxnet's quality then they can be very efficient and very deniable as well. Think of a weapon doing damage to Iran equivalent to the economic and military damage done by a dozen modern plutonium warheads and 2 years down the line they are still not able to pinpoint the attackers and prove that it was an act of war?

          What kind of shelf time did Stuxnet have? Some of the zero-day Windows exploits it used were years old.

          But yes, you are right th

      • The landmine analogy is laughable. Hacks never did nor probably ever will blow anyones legs off.
        • by bye ( 87770 )

          There were several reports of injuries caused by damage to industrial equipment by Stuxnet.

      • Oh, also, the "weapon" paradigm totally misrepresents the asymmetry of offense vs defense. In your tank vs ak-47 example, yes, if you know about an AK-47, you can defend against it. But to defend against it you need a tank -- to negate a thousand-dollar threat you need a million-dollar defense. Your land mine analogy works the same: it's far more expensive and hazardous to clear a minefield than it is to deploy it.

        But for cyber weapons, an attack that cost millions to research can be negated for pennies

        • by bye ( 87770 )

          Oh, also, the "weapon" paradigm totally misrepresents the asymmetry of offense vs defense. In your tank vs ak-47 example, yes, if you know about an AK-47, you can defend against it. But to defend against it you need a tank -- to negate a thousand-dollar threat you need a million-dollar defense. Your land mine analogy works the same: it's far more expensive and hazardous to clear a minefield than it is to deploy it.

          But for cyber weapons, an attack that cost millions to research can be negated for pennies by typing "mysql_real_escape_string()" in the right place.

          While the assymetry is there (did you really expect 'weapons of information' to be 100% equivalent to physical weapons?) you do not need a million dollar defense against a known $1000 AK47 position: you only need a $100 mortar, or a well placed $10 bullet or a $1 knife.

          With the tank example I wanted to highlight how deadly damage the right kind of information can inflict, even against million dollar defenses. The tank gunner will still be dead after the incident even though we know it very well that had h

  • the services require that computers are accessible somehow.

    -

    so there are some backdoors, trojans etc in the OS

    so there is the dominance of Closed Source Software to allow this

    -

    then it is too expensive to produce hard-to-access systems for the critical areas.

    even if they would have such systems, then there are too many critical areas ro deploy them without being noticed

    - I fear these cyber militant statements are preparing a decoy target of standard systems - inviting for an attack

    which will be the r

  • the services require that computers are accessible somehow.

    -

    so there are some backdoors, trojans etc in the OS

    so there is the dominance of Closed Source Software to allow this

    - then it is too expensive to produce hard-to-access systems for the critical areas.

    even if they would have such systems, then there are too many critical areas ro deploy them without being noticed

    - I fear these cyber militant statements are preparing a decoy target of standard systems - inviting for an attack

    which will be the r

  • by Kamiza Ikioi ( 893310 ) on Thursday June 02, 2011 @05:17AM (#36317652)

    ... they already have a surgical assassination team trained in both WoW and Farmville.

  • Every time you use the word "cyber" your credibility drops by 20%.

  • I suppose Steve Moffat will be employed to bring the cybermen to "life".
  • they are working on a range of offensive cyber weapons to increase the country's defensive capabilities

    This kind of thinking shows the plan is doomed to failure before a single module of american software has been bought (at hyper-inflated prices) - which is the standard british technique for <strike> doing what the americans tell them to </strike> implementing a defence strategy.

    While that might (although since it was impossible to test, we'll never really know) have been a successful strategy for nuclear war - when there were only 2 sides and therefore no uncertainty who the "enemy" was, it

  • HEY HEY 16K, R: Tape Loading Error, Thursday (NTK) — GCHQ has begun work on a range of uniquely British cyber-weapons [newstechnica.com] to add to Britain's defensive capability.

    "Cyber-Space," said General Jonathan Shaw, pronouncing the hyphen between the words, "represents conflict without borders. But we can use the finest of British technical pluck to fight off Johnny Cyberforeigner!"

    "We need a toolbox of capabilities," said armed forces minister Nick Harvey."For instance, we have a truckload of old Psion EPOCs, whi

  • If there is such a thing as cyber weapons, and a cyber attack can be an act of war, does a government cyber attack on civilians constitute a war crime legally?

You know you've landed gear-up when it takes full power to taxi.

Working...