Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security China The Military United States

The Global Struggle To Prevent Cyberwar 57

blottsie writes: What constitutes war in the 21st century? In an age of almost constant cyberattacks against major corporations and world governments, the consensus among international-law experts is clear: Nobody knows. This sweeping Daily Dot investigation explores the ongoing struggle to define "cyberwar," the increasing geopolitical aggression in cyberspace, and the major players now attempting to write the rules of online battlefields before it's too late.

"Technical experts and legal scholars repeatedly stress that the idea of a 'cyber Pearl Harbor'—a devastating sneak attack on U.S. infrastructure by a powerful state actor that launched a sustained international conflict—is wildly overblown. Right now, Watts said, 'states bite at one another’s ankles in a way to impede progress or to harass them,' but 'as for the likelihood of a major cyber war, I would rate it pretty low.'

Cyber armageddon may be extremely unlikely, but the many attacks below the level of formal armed conflict have still extracted a staggering price, in both economic and political terms. ... For starters, cyber-arms control is effectively hopeless. There’s no point, experts say, in trying to contain the spread of offensive cyber technology. Instead, the best hope for international law is to focus on reducing the incentives for malicious behavior."
This discussion has been archived. No new comments can be posted.

The Global Struggle To Prevent Cyberwar

Comments Filter:
  • by ColdWetDog ( 752185 ) on Wednesday September 30, 2015 @11:44AM (#50628563) Homepage

    The nature of mankind is conflict. When we had rocks, we threw rocks. When we had bombs, we dropped bombs. When we had nuclear weapons we stepped back a bit, continued with the rocks and bombs and added computers.

    May you live in interesting times.

    • The nature of mankind is conflict.

      What is really remarkable about modern humans, compared to other species, is how rarely we kill each other. Intra-species violence is more common in most other animals. Another remarkable trait of humans, is that when we do have conflict, how much we cooperate in doing so. A band of a dozen chimps may attack a neighboring band, but humans form armies of millions. Only ants are in the same league.

      • I'm pretty sure that, taken across the planet and in smaller scales, you'll find humans are pretty much constantly killing one another.

        Those of us living in nice communities in Western countries don't see it as much.

        But, really, throughout much of the world, humans killing humans has been a staple of life pretty much forever. There's a lot of places where life is pretty cheap.

        At a nation to nation scale it may seem well ordered and small, but on smaller scales I'd venture to say it's pretty pervasive.

        I'm

        • I'm pretty sure that, taken across the planet and in smaller scales, you'll find humans are pretty much constantly killing one another.

          There are 7 billion people. So even a very low level of violence is going to mean someone somewhere is killing someone. The chance of a human dying at the hands of another human is less than 1%. In many other species, including most apes, it is an order of magnitude more likely, and is often the leading cause of death.

          I'm betting the number of people who will die today from human to human violence is probably a staggering number.

          The only really big conflict in the world today is the civil war in Syria, which averages a few hundred deaths per day. The conflicts in Iraq and Afghanistan are smaller. Worldwide, there

        • Re: (Score:2, Funny)

          by Anonymous Coward

          Sure you can... they're part of your nuclear family!

      • The nature of mankind is conflict.

        What is really remarkable about modern humans, compared to other species, is how rarely we kill each other. Intra-species violence is more common in most other animals. Another remarkable trait of humans, is that when we do have conflict, how much we cooperate in doing so. A band of a dozen chimps may attack a neighboring band, but humans form armies of millions. Only ants are in the same league.

        In 2010, 456,000 people were murdered worldwide.

        In the US, 666,160 people were murdered between 1960 and 1996. Murder is the leading cause of death for young African males.

        The good news is that murder rates have indeed dropped since medieval times ( I'm not certain how that was compiled)

        But let's look at say, the 20th century

        WW1 37 million casualties

        WW2 - 60 million

        Korean War ~1.2 million Vietnam ~1.5 million

        Iraq from 2003 to present is probably a half million

        And gawd knows the other folks in

    • When we had nuclear weapons we stepped back a bit, continued with the rocks and bombs

      Correction : When we had nuclear weapons we used them once , got scared when we saw what happened and then stepped back a bit and continued with the rocks and bombs

  • by Anonymous Coward

    Cyber-spam. Almost everyone who uses the word cyber is out with bulshit.

    What we need is proper product liability for people who sell things containing or based on inadequate software. Even if states stopped there would still be enough criminals out there wanting to break and steal things.

  • We already see international business sanctions -- the embargo of specific goods or services, banking access, oil sales, etc. You can make arguments for and against their effectiveness or even usefulness, but they are still pursued for reasons both publicity-related and practical.

    Will we ever see "internet sanctions" where nations have their Internet access to the US limited or blocked?

    • by ShanghaiBill ( 739463 ) on Wednesday September 30, 2015 @12:22PM (#50628973)

      Will we ever see "internet sanctions" where nations have their Internet access to the US limited or blocked?

      Building a wall to keep out your enemies didn't work with the Picts or the Manchus. It won't work here either. Most security threats are domestic, and many compromises are internal. Snowden didn't penetrate the NSA. He worked for them. The solution is more pervasive encryption (something the US opposes), better compartmentalization, better endpoint security, better penetration testing of both software and human factors, and taking critical information offline. The emergence of "ransomware" also helps, because it gives more people a motivation to improve their habits and demand more secure systems.

      • Snowden didn't penetrate the NSA. He worked for them.

        Remember this folks. We have met the enemy and he is us.

  • by Fire_Wraith ( 1460385 ) on Wednesday September 30, 2015 @11:45AM (#50628589)
    Prevent? No, the cyberwar has long since started, and I fear the forces of good are steadily losing.

    We continue to fight the good fight, straining endlessly against the sea of foes in the cyberwar - against politicians, government staff, corporate drones, PHBs, and even the tech journalists that have betrayed us. Standing with us, but a few ragged, weary veterans of the IT industry - the programmers, the sysadmins, the network engineers, struggling valiantly in our constant fight to get people to stop putting the prefix "cyber" in front of anything and everything.
  • by Ravaldy ( 2621787 ) on Wednesday September 30, 2015 @11:49AM (#50628641)

    Sounds like the Mr. Robot conspiracy.

    I've read and heard policy makers making suggestions that locking down Internet borders in similar fashion to China. Doing this would be like taking 10 steps back from globalization. I would argue that it's a bad thing while others would encourage it.

    I'm not a cross continent internet connectivity expert but I would assume traffic source can easily be identified. If a country is known for causing havoc, their connectivity should be limited to none or at least regulated. I know this doesn't stop all perpetrators but it complicates the process hence removing some of the culprits.

    We host an IIS server and we have put "honey pots" that hackers have been hitting regularly. 90% of the traffic comes from China and Iran with the other 10% being local (which could be proxies for all we know)

  • There is a breathtaking amount of critical infrastructure that is very lightly protected on intranets if not outright exposed to the public Internet. There is simply no excuse for this. Even if things require, say, cellular monitoring it's very straightforward to use highly restricted VPNs or even MPLS over cellular (especially for an organization the size of most public utilities). The fact that this is even such a major issue is flat-out sad and stupid.

    • There is a breathtaking amount of critical infrastructure

      But, really, there's your answer.

      There's tons of important stuff. Every day, there's more stuff. A lot of that stuff is protected by security which was designed and implemented by drunken chimpanzees -- or, as often as not, essentially not secured at all.

      There's all that tasty data out there, and data and information is valuable.

      So, from the US and Israel making that Stuxnet thing, or the "Interweb of Stuff" producing products with garbage security

  • by seven of five ( 578993 ) on Wednesday September 30, 2015 @12:04PM (#50628783)
    There's obviously more effort towards creating cyberwar, the "struggle" to prevent it isn't much more than hand-wringing. What do you expect?
  • by king neckbeard ( 1801738 ) on Wednesday September 30, 2015 @12:05PM (#50628803)
    If this is really a threat, the best practice would be to have a multinational effort to make sure software is secure, and that vital infrastructure is set up in a secure way. Encryption, air gaps, regular audits of commonly used software, all in the wide open. None of this "save this 0-day exploit for a good target" bullshit, just focus on getting things fixed.
  • "The cyberwar era arguably began two hours before midnight on April 26, 2007 .. The hackers were using a technique called a distributed denial-of-service (DDoS) attack." consisting of a vast number of compromised Microsoft Windows desktops ..
  • by NotDrWho ( 3543773 ) on Wednesday September 30, 2015 @12:24PM (#50628987)

    We've become way too dependent on the internet and the idea that it will always be there and can always be relied on and trusted. Cyberwar, for all its negative outcomes, might at least teach a lot of industries, government agencies, systems engineers, etc. that there should ALWAYS BE A BACKUP OFF THE NETWORK and that there should always be a plan to isolate any system from the grid. No important system should be utterly dependent and totally on the internet or even an internal network.

    I'm not saying we have to go all William Adama and forgo the internet altogether. But we should definitely end this idea that the internet (or any network) infrastructure is always reliable and always friendly.

    • Not so sure about that.
      We've had the internet, up alive and working for what, going on 20 years now? With no major outages? Redundancy every step of the way? I think it's OK to assume that the Internet will be around excepting armageddon or maybe a world war.

      That said, any one system can be taken offline by targeting it specifically.

  • The Internet was built from the ground up with fault-tolerant collaboration at the heart. It never occurred to the well meaning scientists and engineers that some of the users would be out and out assholes.

    Internet 3 should be designed with jobs one, two and three being near-paranoiac levels of security (AND ANONYMITY) and purpose-built such that all the existing hardware-embedded code (bugs and all) won't even work, such that the entire 'net and equipment have no legacy garbage with neither lazy (corpora
    • by jc42 ( 318812 )

      The Internet was built from the ground up with fault-tolerant collaboration at the heart. It never occurred to the well meaning scientists and engineers that some of the users would be out and out assholes.

      Huh? The design and implementation of the Internet, and its predecessor the ARPAnet, was done with roughly 99% military funding. The fault tolerance was there from the start, because the military explicitly wanted a comm system that would survive constant attack by enemies under battle conditions. The scientists and engineers involved understood this quite well, and testing by implementing and running "cyberattack" software was routine from the very early days.

      Saying that such attacks "never occurred t

  • They're having factories and buildings explode every day in a coordinated nationwide Islamic terrorist attack.

    Cyberwar is the LEAST of their problems.

  • I'm seeing tons of attacks coming from China and Hong Kong ( http://longtail.it.marist.edu/... [marist.edu] ), but only Level 3 seems to be doing anything about blocking them http://www.lightreading.com/se... [lightreading.com] Even though they'll never be able to block all the attacks, the backbone providers could at least slow them down.
  • We can't expect politicians, bureaucrats or international business to cooperate freely with others around the world. They perceive a world of competition, a world of scarcity in which winning requires others to lose.

    But there is another way.

    Scientists and engineers around the world have cooperated in the most important projects of our time: the International Space Station; the LHC; the Genome Project; Linux... Scientists often cooperate on medical, climate and other research. Engineers cooperate on Github,

  • "Technical experts and legal scholars repeatedly stress that the idea of a 'cyber Pearl Harbor'—a devastating sneak attack on U.S. infrastructure by a powerful state actor that launched a sustained international conflict—is wildly overblown"

    No one expects the Spanish Inquisition

  • Cyber armageddon

    Can we all agree on "cybergeddon"?

  • Everyone is so scared of these invisible bad guys going after infrastructure, such as power plants, dams and water treatment plants.

    Let's think of something even more important. Let's think Wonder Bread. A few lines of code, and *bam!*, you've shut down the production line on a factory that's used to churning out 10,000 loaves of bread per day. Do that for a sugar plant and see what happens. How about an operation that makes chicken and hog feed?

    Everyone is so focused on the big stuff. Lemme tell you,

  • We could as a community decide to switch to secure operating systems, the kind that never, ever trust program code to do what it says on the tin. This would require a lot of coding, but nothing more than the scope of GNU/Linux. This would eliminate viruses, spyware, and a whole host of other problems. I look forward to the day when I can tell the OS which files to allow an application to use... until then it's going to keep getting worse.

It is better to travel hopefully than to fly Continental.

Working...