Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Security United States IT

U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor' 190

SpzToid writes "U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government.' Countries such as Iran, China, and Russia are claimed to be motivated to conduct such attacks (though in at least Iran's case, it could be retaliation). Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress. I think the following message from Richard Bejtlich is more wise and current: 'We would be much better served if we accepted that prevention eventually fails, so we need detection, response, and containment for the incidents that will occur.' Times do changes, even in the technology sector. Currently Congress is preoccupied with the failure of U.S. security threats in Benghazi, while maybe Leon isn't getting the press his recent message deserves?"
This discussion has been archived. No new comments can be posted.

U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor'

Comments Filter:
  • translation (Score:4, Insightful)

    by Anonymous Coward on Saturday October 13, 2012 @09:34AM (#41641301)

    Haliburton now has a kompootar division that needs money.

    • Another Translation: (Score:5, Interesting)

      by Futurepower(R) ( 558542 ) on Saturday October 13, 2012 @11:21AM (#41642007) Homepage
      I'm guessing: The U.S. Secretary of Defense has no knowledge of computer technology whatsoever, except what he learned from his children. But he wants to be cool, seem knowledgeable, get his name in the news, and get government contracts for associates, so he put his name on a scary memo written by his staff, who also have such associates.

      That's a guess, but it seems a likely guess given the fact that technically knowledgeable people use different language and recommend examination of code for security problems and sloppiness.

      Some of those who want government corruption want continuous war because government "defense" contracts provide easy profits, and it is easy to keep corruption secret.

      If they get easy money, the corrupters don't care who is killed, what lives and property are destroyed, or how much money is wasted. For example, the book Funding the Enemy: How U.S. Taxpayers Bankroll the Taliban [amazon.com] provides a huge amount of detail about a small part of the corruption.

      Divide the cost to the U.S. taxpayer of just the war in Afghanistan ($574,624,781,538) [costofwar.com] by the population of Afghanistan (35,320,445) [google.com]. The U.S. taxpayer has already paid 16,268 hard-earned dollars for every man, woman, and child in Afghanistan. The results: Mostly, things are worse.

      If those who want corruption can't get the taxpayers to pay for killing other people, they want "cyber war". See, for example, Obama Order Sped Up Wave of Cyberattacks Against Iran [slashdot.org].

      The U.S. government has invaded or bombed 27 countries since the end of the 2nd world war.

      Constant war makes us poor.
      • by hoboroadie ( 1726896 ) on Saturday October 13, 2012 @01:24PM (#41642885)

        The U.S. taxpayer has already paid 16,268 hard-earned dollars for every man, woman, and child in Afghanistan.

        I am not an anthropologist, but I heard about Afghanis from a friend who used to visit up until the Soviets gave him the boot. From what I heard, we could have bought the love of everyone in the country for much, much, less.
        Probably should have handed out AK47s and a fat purse to every man/woman/child about 18 December 2001, declared the country free, and come home.

        • The January 19, 2010 BBC article, UN Afghanistan survey points to huge scale of bribery [bbc.co.uk] says, "According to the UN survey, bribes averaged $160 (£98) in contrast to an average Afghan annual income of $425."

          After bribes are paid, the income is $265. But that is misleading, because people who take the bribes are included in the overall average. So the average income for those who don't get bribes is apparently much less than $265.

          Using $265 as the figure, U.S. taxpayers paid the equivalent of 61 y
  • by davydagger ( 2566757 ) on Saturday October 13, 2012 @09:38AM (#41641319)
    You mean, the US could spent less money on fearmongering, sting operations to trick poor and socially outcast citizens into conducting fake terrorist attacks for TV. Far flung surviallence systems, which don't work.

    Instead of this crazy cloak and dagger shit, they could have invested in systems that were secure by default, and well coded that would resist cyber assault. In fact with the money spent, I'm sure they could simply paid many many many programers to do nothing but check and re-double check code, fuzz, and re-fuzz a bunch of apps until cyber breakins were not feasaible.

    I am sure they could have done the same with all routers, and in the case of a massive foriegn DDoS, simply firewalled it.
  • by mekkab ( 133181 ) on Saturday October 13, 2012 @09:39AM (#41641323) Homepage Journal
    Honestly... does this come as any surprise to anyone on /.? When I heard about Flame and Stuxnet it was as if every cyberfiction story I read in the 80's had finally come true. Mentally, I'm already prepared.

    Bring on the onslaught of Jihadist Erectile Dysfunction Spam!
  • by maxwell demon ( 590494 ) on Saturday October 13, 2012 @09:41AM (#41641341) Journal

    They just have to make all U.S. routers drop packets with the Evil bit set. Problem solved.

  • ... fabricated by the same people making the claim?

    • Re: (Score:3, Insightful)

      Given that the general public won't even know the difference between a genuine attack and just turning off the power grid? Pretty damn easily! (But, of course, for extra convincingness points, they can always use the years of detailed forensic work done by security analysts on viruses like Stuxnet to fabricate the fingerprint of their attacking nation of choice.)
  • by Hentes ( 2461350 ) on Saturday October 13, 2012 @09:44AM (#41641365)

    I could never understood why America doesn't improve its cybersecurity, but if the plan is the same as with Pearl Harbor that would explain it. The US leaves their systems open and lures China to attack them to get a convincing casus belli for their counterattack, just like they did in WW2.

    • On its final exam each year, beginning in 1931, the Japanese Naval Academy asked its students, âoeHow would you carry out a surprise attack on Pearl Harbor?â
    • lol you think the US 'lured' Japan into attacking Hawaii? Seriously?
      • by bill_mcgonigle ( 4333 ) * on Saturday October 13, 2012 @10:58AM (#41641855) Homepage Journal

        lol you think the US 'lured' Japan into attacking Hawaii? Seriously?

        Hrm, the gp said 'lured'. The oil embargo created the conditions where Japan wanted to seize the oil fields of the Dutch East Indies. Roosevelt said this himself. Then he moved the only fleet that could stop them from San Diego to Honolulu. They had radio intel on Japanese movements and kept some of that info from the Navy by Presidential order. (see some good comments here [amazon.com] or buy the books)

        Roosevelt wanted war and had big trouble selling it (both matters of fact) and these conditions got him an attack which got him what he wanted.

        But that doesn't mean the Japanese had to maintain their empire or that the People had to accept a Japanese attack on Hawaii as a reason to go to war in Europe. Plenty of blame to spread around, but one can't cast Roosevelt as completely surprised or ignorant of the conditions in the region.

        • ok, how about this,, next time you lure someone into attacking, make sure you are prepared with a good defense. Is that too much to ask?
        • The fly in the ointment was the Japs using shallow-running aerial torpedoes and causing too much damage.

          The US public didn't have to accept Pearl as reason for war in Europe.
          Hitler promptly declared war on the US due to treaty with Japan.

      • by tqk ( 413719 )

        lol you think the US 'lured' Japan into attacking Hawaii? Seriously?

        "Let's line up all the planes on the ground close right beside each other, uh, to deter saboteurs and looters, yeah."

        Meanwhile, strangle Japan's oil supply and bitch, bitch, bitch about what they're doing to the poor Chinese.

        Yeah, utterly implausible. I wonder why the carriers weren't in Pearl that day. Oh, and Midway, that was just pure great work and execution on the US' part. Uh huh.

        • So what, you think Roosevelt ordered the Japanese attack?
          • No, he just saw it coming and made sure that it was successful enough to galvanise the rest of the country into action.

            • Successful? What? You don't think that a declaration of war by Japan would be enough to galvanise the rest of the country into action? Do you realize you are being conspiratorial, and making accusations without any real evidence?
              • Just trolling =) There's a line of thinking that says that the US sentiment was very much against war at the time but that the president would ignore this or attempt to manipulate the public, and would need a decisive attack from which no retaliation could be given until the US war effort was well under way. It's fairly well explained here [straightdope.com] that this isn't really true, US polls showed that the people were happy to go to war with Japan and Germany, so I don't really think the motive the conspirators are claim

                • Good link.

                  There's a line of thinking that says that the US sentiment [etc]

                  A lot of those people apparently are here commenting in this thread.....

                  • From that link, it comments that a lot of it may have been influenced by Nixon's decisions. I'd like to add that it was probably furthered by GWB with his WMD wild goose chase in Iraq... these people fail to realise that there was once a time when the US/UK was actually threatened by countries which did real harm to more than a couple buildings...

                    • Probably true, and I think there's just a general trend to be paranoid of power, kind of an echo of the hippies (don't trust anyone over 28, etc)
          • by tqk ( 413719 )

            So what, you think Roosevelt ordered the Japanese attack?

            It didn't have to be FDR. Spooks in the back rooms come up with !@#$ like this all the time. FDR was trying to drag the US out of the Depression and had been trying to figure out how to get the US into WWII for close to a year. The spooks just came up with a way for that to happen. Condolences to the navy.

            • The US economy had been growing for years before 1941. So you think the 'spooks' ordered Japan to attack?
              • by tqk ( 413719 )

                So you think the 'spooks' ordered Japan to attack?

                All 'm saying is, after all the things I've read recently now that some of that stuff's becoming declassified and starting to hit historians' desks, I wouldn't put it past them. Dieppe? William Stevenson (Intrepid) attempting a snatch and grab of the Nazi four rotor Enigma machine and code books. J. Edgar Hoover? Cross dresser. Hell, FDR's polio crippling was a closely guarded secret back then. Read some Vasili Mitrokhin (KGB's historian) for some really stunning stuff.

                FDR, et al, maneouvering Japan i

      • by Hentes ( 2461350 )

        Come on, I was just trying to make a joke here. Of course I don't seriously think that the US wants a war with China, they both depend on each other. Unfortunately, Slashdot has a terrible sense of humour, I should start to use smileys :-(
        As for Pearl Harbor, it's a fact that the American elite wanted a war, but the general population was unconvinced. Tensions with Japan were rising, and the US stopped their oil exports putting Japan in a position where they couldn't continue their war on China unless they

    • I could never understood why America doesn't improve its cybersecurity

      As someone who has had a handful of contracts by government agencies, I can tell you the problem... Visual Basic. I'm up to VB6 for most projects, but I still have one that "requires" Visual Basic 3, because all of the workstations are antiquated Windows 3.11 (for workgroups!) machines that never get replaced. When one finally dies, it gets removed/destroyed and you have one less workstation for everyone to work with. Quite frankly, I a
  • by edibobb ( 113989 ) on Saturday October 13, 2012 @09:58AM (#41641443) Homepage
    If control to the nation's power grid is accessible over the internet, then we have problems far more serious than hackers. It's almost like the head of Homeland Security doesn't even know how to use email [nationaljournal.com].
    • Wasn't Stuxnet installed locally via USB?

    • In the sense that you are implying, it's not ... don't worry, calm down, sleep peacefully, the 'nation's power grid' is in no way going to be brought down by hackers. This is called 'fearmongering'.

  • What's the chance of a person in the U.S. being killed or harmed by any sort of terrorist attack? I don't remember exactly, but I know I'm far more likely to die or get hurt every time I hop into my car, so I hope Uncle Sam will forgive me for not jumping up and shitting my pants in fear this very second.

  • by Zemran ( 3101 ) on Saturday October 13, 2012 @10:11AM (#41641517) Homepage Journal

    Given that the US is the main protagonist in this field they should be careful what precedent they set...

    • The US has been doing this since 1982. See http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage [wikipedia.org]

      > In 2004, Reed, a former Air Force secretary of the Reagan administration, wrote that
      > they had added a Trojan horse to equipment that the Soviet Union obtained from a
      > company in Canada. When the components were deployed on a Trans-Siberian gas
      > pipeline, the Trojan horse led to a huge explosion, according to Reed. As Reed explained,
      > "The pipeline software that was to run the pumps, turbines a

  • by hamburger lady ( 218108 ) on Saturday October 13, 2012 @10:13AM (#41641535)

    persian1234: hey baby, wanna cyber?

    panetta_l: sure

    persian1234: aight, i put on my flight suit and helmet

  • Gee it is now common knowledge that the U.S. LET Pearl Harbor happen... Thank you Dusko Popov for exposing that in your book "Spy Counter Spy". And more and more proof is coming out about how 9/11 was also a false flag, just like the Gulf of Tolkien, lets not forget Oklahoma City, just like the nasty things outlined in "Operation Northwoods" - no tinfoil hat needed here - the facts are all out in the open and available for all to read. If this happens - we will know the government did it... Heck remember w

    • Re: (Score:2, Funny)

      by Anonymous Coward

      a false flag, just like the Gulf of Tolkien

      Those middle-earth bastards sucked us in!

      • It worked, conspiracy theorists are now two a penny. Tolkien has created whole generations of fruitbats. Why are people so prepared to believe conspiracy rather than incompetence? Because in fantasy worlds nobody ever screws up because they were on the sauce, but because of vast conspiracies.
  • ....does include cyber-Kate Beckinsale, doesn't it?

  • by rbrander ( 73222 ) on Saturday October 13, 2012 @10:28AM (#41641633) Homepage

    http://www.pcmag.com/article2/0,2817,2410931,00.asp [pcmag.com]

    He's still good for entertainment some days. And he's got this one nailed: "Cyber War? Bring It On! : The so-called imminent threat of cyber-attack by U.S. enemies is another in a long line of fear-mongering propaganda lines."

    • He'd be a lot more credible if he didn't bring up the old "Y2K wasn't a problem" saw. Yeah, Y2K wasn't a disaster. That's because not only did we see it coming in time, but a lot of effort was spent fixing the problems before it was too late. I realize that it is so rare that a problem is actually anticipated and fixed before disaster happens that this seems unbelievable, but it's true.

      The physical-world equivalent is claiming that there was no problem with the Citicorp Center [duke.edu] because it's stood up to ev

  • Why do we expose ourseles to such risks in the first place? Because we are willing to trade efficiency and lower cost now for certain vulnerabilities, that's why.

    Nothing says we HAVE to have the power grid and other essential utilties on a non-isolated network. We do so because it's convenient and saves money in the short run.

    If it's not practical to physically isolate the electrical grid's control systems from the rest of the world, at the very least put each one in a "bubble" and make sure all traffic i

    • well what about triggering fail safe shutdowns? Hacks can just try to triggering one or trigger the alarms and you better hope someone is on site to handle that alarm.

    • So how many major power grids have been brought offline by hackers so far? Ever? Has there been one even?

    • by tqk ( 413719 )

      Because we are willing to trade efficiency and lower cost now for certain vulnerabilities, that's why.

      I think it's a lot simpler than all of that. Simply put, they don't trust us and don't want to have to use us if they can get away with it. They don't understand our message even when we dumb it down into words they understand. They think we're still the Priests In White Coats and all we really do is feather our nests. If we're not doing something that's going to quickly bring in short term profit, then what we do is a waste of time and money in their view.

      Short of re-education (and I can't realisticall

  • Comment removed based on user account deletion
  • Is suspiciously suspicious. It's almost like.....it's election time, or something...
  • FTFA:

    It would require new standards at critical private-sector infrastructure facilities — like power plants, water treatment facilities and gas pipelines — where a computer breach could cause significant casualties or economic damage.

    In August, a cybersecurity bill that had been one of the administration’s national security priorities was blocked by a group of Republicans, led by Senator John McCain of Arizona, who took the side of the U.S. Chamber of Commerce and said it would be too burdensome for corporations.

    So a new bureaucracy to create standards of questionable usefulness, and then to enforce their compliance.

    . . . then he adds:

    “We’re not interested in looking at e-mail, we’re not interested in looking at information in computers, I’m not interested in violating rights or liberties of people,” Mr. Panetta told editors and reporters at The New York Times earlier on Thursday. “But if there is a code, if there’s a worm that’s being inserted, we need to know when that’s happening.”

    Please elaborate on what exactly you are talking about there, Mr. Panetta . . . ? It sounds to me like that means more snooping . . .

  • Like most stuff that comes out of Washington, it's pure shadow-theater. Or maybe just a bad clown show.

  • ... in which a gullible public is suddenly dive-bombed - without a formal declaration of war - by inadequate but impressive-sounding metaphors comparing present-day dangers with historical military engagements.

  • http://en.wikipedia.org/wiki/Brittle_Power [wikipedia.org]
    "Brittle Power: Energy Strategy for National Security is a 1982 book by Amory B. Lovins and L. Hunter Lovins, prepared originally as a Pentagon study, and re-released in 2001 following the September 11 attacks. The book argues that U.S. domestic energy infrastructure is very vulnerable to disruption, by accident or malice, often even more so than imported oil. According to the authors, a resilient energy system is feasible, costs less, works better, is favoured in t

  • by Animats ( 122034 ) on Saturday October 13, 2012 @12:03PM (#41642361) Homepage

    There are three areas that need attention - electric power distribution, pipelines, and financial systems - because the impacts are high and restoration times are long.

    Power systems have Internet connections because, in the US, they are now market systems, and the bidding process between the various parties is conducted over the Internet. The seven US power grids worry a lot about this, but it's not clear if they worry enough. What needs to be done there is to insure that restoration after a failure in the high voltage network is faster. Worst case downtimes should be brought down from days (as in 2003) to hours. All plants bigger than 250MW or so should be required to have cold start capability, so they can start up and idle even if the grid is down.

    Pipelines I don't know enough about, so I won't say much about that.

    The financial system is a real worry. If the US had a week-long disruption of New York based trading, the center of the financial world would move elsewhere. In 2001, the non-US exchanges weren't big enough to take over. That's no longer the case. Of the top 5 stock exchanges, only one, the NASDAQ, is entirely in the US. London, Tokyo, Shanghai, and Hong Kong could take over.

    • "Markets" are only trading platforms ... the businesses themselves wouldn't move. Some jobs would be lost (or rather, move overseas) that are directly related to implementing a stock exchange, but it wouldn't represent some cataclysm ... 99% of America wouldn't even notice any difference.

  • by Tom ( 822 )

    Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress.

    I hope by that she means laws funding more and better security (actual security, not security theatre) and not laws making it illegal for foreign powers to attack US networks.

    If you need that explained, shoot yourself.

  • So SecDef and wop draft-dodger, Leon Panetta is warning the Iranians about their cyber-retaliation, threatening to offshore yet more jobs, yet more technology, yet more investment and defense secrets, to China, and take that, you Iranian baddies, whines Panetta.
    Oh swee jaysus on a Harley, for chrissakes! Too late, Leon, AMD is already beginning their layoffs, chump! Will someone please vote for Dr. Jill Stein, the way I voted for Cynthia McKinney and Ralph Nader --- we've got to put an end to stooges in
  • by Keychain ( 1249466 ) on Saturday October 13, 2012 @12:52PM (#41642657)
    By cyber pearl harbor, does he mean that the attack will destroy obsolete equipment, leaving critical infrastructure and equipment safe while at the same time providing an excuse for the us government to start a war ?
  • Turns out the poor bastards just got into a DARPA cookie jar and ingested a cocktail of experimental psychotropic drugs. A V-22 Osprey generously packed with raw meat and bottled water has been delivered to sedate them. Once they are too full to move, Marines will enter and secure them with electrified steel chains and muzzles. With a mixture of education and eskrima-sticks, they will be slowly rehabilitated. In the meantime, a gang of substitute paranoid schizophrenics has been hand-selected from the fines
  • When some says "cyber", it means they are confused and frightened about technology, and should not, under any circumstances, be taken seriously on the subject.

  • Honestly.

    Everybody and his granny knows that when you fill a country with computers and then let them manage actuators (you know: things that control real-world stuff), you introduce real-world vulnerabilities to cyberspace mayhem.

    So you'd think that every single government branch in charge of some computer-controlled actuator would take very special care that said actuators can't be accessed by unauthorised people who happen to roam about, right?

    Starting with secure routers, credible VPN connections,

  • `U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government'.

    Assuming this is the case and not a pretext for getting a bigger budget, then it's largely self inflicted due to the excessive and compulsory use of Windows in finance, government and the DHS [dhs.gov] itself ...
  • Just shows you it was poorly designed in the first place and needed to be torn down.

  • Whatever mayhem a "cyber-atttack" might cause, it is almost inconceivable that it could rival the destruction and loss of life of the attack on Pearl Harbor.
    It is insulting to those who died to imply otherwise.

    My Grandfather served in the navy during the war, but was not at Pearl Harbor when it was attacked.
    He was, however, briefly assigned to the detail that had to help clean out the dead, bloated bodies from the ships that were sunk in the attack.

    Leon E Panetta, you are an asshole. Unless we do something

  • Or is this the banksters way of chumming the waters for all the little fishies to swallow that all their hard earned money just simply disappeared. The sad thing is, sheeple are waking up. Lies show just how arrogant leaders have become. Humility will be restored at a cost yet dreamed of. The CON(gress)MEN have failed to realize anything, have failed to uphold the Constitution, have failed in the Stewardship of this country, have failed to divest themselves of avarice. If you are not of the LIGHT, then yo

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...