The Global Struggle To Prevent Cyberwar 57
blottsie writes: What constitutes war in the 21st century? In an age of almost constant cyberattacks against major corporations and world governments, the consensus among international-law experts is clear: Nobody knows. This sweeping Daily Dot investigation explores the ongoing struggle to define "cyberwar," the increasing geopolitical aggression in cyberspace, and the major players now attempting to write the rules of online battlefields before it's too late.
"Technical experts and legal scholars repeatedly stress that the idea of a 'cyber Pearl Harbor'—a devastating sneak attack on U.S. infrastructure by a powerful state actor that launched a sustained international conflict—is wildly overblown. Right now, Watts said, 'states bite at one another’s ankles in a way to impede progress or to harass them,' but 'as for the likelihood of a major cyber war, I would rate it pretty low.'
Cyber armageddon may be extremely unlikely, but the many attacks below the level of formal armed conflict have still extracted a staggering price, in both economic and political terms. ... For starters, cyber-arms control is effectively hopeless. There’s no point, experts say, in trying to contain the spread of offensive cyber technology. Instead, the best hope for international law is to focus on reducing the incentives for malicious behavior."
"Technical experts and legal scholars repeatedly stress that the idea of a 'cyber Pearl Harbor'—a devastating sneak attack on U.S. infrastructure by a powerful state actor that launched a sustained international conflict—is wildly overblown. Right now, Watts said, 'states bite at one another’s ankles in a way to impede progress or to harass them,' but 'as for the likelihood of a major cyber war, I would rate it pretty low.'
Cyber armageddon may be extremely unlikely, but the many attacks below the level of formal armed conflict have still extracted a staggering price, in both economic and political terms. ... For starters, cyber-arms control is effectively hopeless. There’s no point, experts say, in trying to contain the spread of offensive cyber technology. Instead, the best hope for international law is to focus on reducing the incentives for malicious behavior."
We have always been at war with Eurasia. (Score:5, Funny)
The nature of mankind is conflict. When we had rocks, we threw rocks. When we had bombs, we dropped bombs. When we had nuclear weapons we stepped back a bit, continued with the rocks and bombs and added computers.
May you live in interesting times.
Re: (Score:2)
The nature of mankind is conflict.
What is really remarkable about modern humans, compared to other species, is how rarely we kill each other. Intra-species violence is more common in most other animals. Another remarkable trait of humans, is that when we do have conflict, how much we cooperate in doing so. A band of a dozen chimps may attack a neighboring band, but humans form armies of millions. Only ants are in the same league.
Re: (Score:3)
I'm pretty sure that, taken across the planet and in smaller scales, you'll find humans are pretty much constantly killing one another.
Those of us living in nice communities in Western countries don't see it as much.
But, really, throughout much of the world, humans killing humans has been a staple of life pretty much forever. There's a lot of places where life is pretty cheap.
At a nation to nation scale it may seem well ordered and small, but on smaller scales I'd venture to say it's pretty pervasive.
I'm
Re: (Score:3)
I'm pretty sure that, taken across the planet and in smaller scales, you'll find humans are pretty much constantly killing one another.
There are 7 billion people. So even a very low level of violence is going to mean someone somewhere is killing someone. The chance of a human dying at the hands of another human is less than 1%. In many other species, including most apes, it is an order of magnitude more likely, and is often the leading cause of death.
I'm betting the number of people who will die today from human to human violence is probably a staggering number.
The only really big conflict in the world today is the civil war in Syria, which averages a few hundred deaths per day. The conflicts in Iraq and Afghanistan are smaller. Worldwide, there
Re: (Score:2)
You can't hug your children with nuclear arms. [youtube.com]
Re: (Score:2, Funny)
Sure you can... they're part of your nuclear family!
Re: (Score:2)
The nature of mankind is conflict.
What is really remarkable about modern humans, compared to other species, is how rarely we kill each other. Intra-species violence is more common in most other animals. Another remarkable trait of humans, is that when we do have conflict, how much we cooperate in doing so. A band of a dozen chimps may attack a neighboring band, but humans form armies of millions. Only ants are in the same league.
In 2010, 456,000 people were murdered worldwide.
In the US, 666,160 people were murdered between 1960 and 1996. Murder is the leading cause of death for young African males.
The good news is that murder rates have indeed dropped since medieval times ( I'm not certain how that was compiled)
But let's look at say, the 20th century
WW1 37 million casualties
WW2 - 60 million
Korean War ~1.2 million Vietnam ~1.5 million
Iraq from 2003 to present is probably a half million
And gawd knows the other folks in
Re: (Score:2)
When we had nuclear weapons we stepped back a bit, continued with the rocks and bombs
Correction : When we had nuclear weapons we used them once , got scared when we saw what happened and then stepped back a bit and continued with the rocks and bombs
cyber hides facts (Score:1)
Cyber-spam. Almost everyone who uses the word cyber is out with bulshit.
What we need is proper product liability for people who sell things containing or based on inadequate software. Even if states stopped there would still be enough criminals out there wanting to break and steal things.
Internet sanctions? (Score:2)
We already see international business sanctions -- the embargo of specific goods or services, banking access, oil sales, etc. You can make arguments for and against their effectiveness or even usefulness, but they are still pursued for reasons both publicity-related and practical.
Will we ever see "internet sanctions" where nations have their Internet access to the US limited or blocked?
Re:Internet sanctions? (Score:5, Insightful)
Will we ever see "internet sanctions" where nations have their Internet access to the US limited or blocked?
Building a wall to keep out your enemies didn't work with the Picts or the Manchus. It won't work here either. Most security threats are domestic, and many compromises are internal. Snowden didn't penetrate the NSA. He worked for them. The solution is more pervasive encryption (something the US opposes), better compartmentalization, better endpoint security, better penetration testing of both software and human factors, and taking critical information offline. The emergence of "ransomware" also helps, because it gives more people a motivation to improve their habits and demand more secure systems.
Re: (Score:2)
Snowden didn't penetrate the NSA. He worked for them.
Remember this folks. We have met the enemy and he is us.
A Neverending Struggle (Score:5, Funny)
We continue to fight the good fight, straining endlessly against the sea of foes in the cyberwar - against politicians, government staff, corporate drones, PHBs, and even the tech journalists that have betrayed us. Standing with us, but a few ragged, weary veterans of the IT industry - the programmers, the sysadmins, the network engineers, struggling valiantly in our constant fight to get people to stop putting the prefix "cyber" in front of anything and everything.
Re: (Score:3)
We've lost so many good men in the cyberwar.
Knee jerk reaction could be scary (Score:4, Interesting)
Sounds like the Mr. Robot conspiracy.
I've read and heard policy makers making suggestions that locking down Internet borders in similar fashion to China. Doing this would be like taking 10 steps back from globalization. I would argue that it's a bad thing while others would encourage it.
I'm not a cross continent internet connectivity expert but I would assume traffic source can easily be identified. If a country is known for causing havoc, their connectivity should be limited to none or at least regulated. I know this doesn't stop all perpetrators but it complicates the process hence removing some of the culprits.
We host an IIS server and we have put "honey pots" that hackers have been hitting regularly. 90% of the traffic comes from China and Iran with the other 10% being local (which could be proxies for all we know)
Re: (Score:2)
Yes. That's what I'm saying. Unfortunately some believe it's a job killer and killer of riches. That's usually a right wing way of thinking.
Re: (Score:1)
The "globalization is good" dogma has only favored a very small minority at the expense of nearly everyone else.
Globalization is good for the globe.
You just don't realize that being "middle-class American", you're massively rich compared to everyone else in the world.
Why is this even an issue? (Score:2)
There is a breathtaking amount of critical infrastructure that is very lightly protected on intranets if not outright exposed to the public Internet. There is simply no excuse for this. Even if things require, say, cellular monitoring it's very straightforward to use highly restricted VPNs or even MPLS over cellular (especially for an organization the size of most public utilities). The fact that this is even such a major issue is flat-out sad and stupid.
Re: (Score:2)
But, really, there's your answer.
There's tons of important stuff. Every day, there's more stuff. A lot of that stuff is protected by security which was designed and implemented by drunken chimpanzees -- or, as often as not, essentially not secured at all.
There's all that tasty data out there, and data and information is valuable.
So, from the US and Israel making that Stuxnet thing, or the "Interweb of Stuff" producing products with garbage security
Re: (Score:2)
Nah; the "cyber-" prefix is useful. It's a clear clue that the writer/speaker is relatively clueless about all that interwebs stuff, and only knows a few techie-sounding terms that they use to sound like they know something. Banning the use of such linguistic clues would merely make it a bit more difficult to recognize cluelessness, since we'd have to actually read their comments to decide that they're not worth reading.
It's similar to the use of "hacker", which is another scare term, but it's useful a
TItle is silly (Score:3)
Offense vs. defense (Score:3)
What a load of cyber BS .. (Score:2)
Cyberwar may be neccesary as a learning moment (Score:5, Insightful)
We've become way too dependent on the internet and the idea that it will always be there and can always be relied on and trusted. Cyberwar, for all its negative outcomes, might at least teach a lot of industries, government agencies, systems engineers, etc. that there should ALWAYS BE A BACKUP OFF THE NETWORK and that there should always be a plan to isolate any system from the grid. No important system should be utterly dependent and totally on the internet or even an internal network.
I'm not saying we have to go all William Adama and forgo the internet altogether. But we should definitely end this idea that the internet (or any network) infrastructure is always reliable and always friendly.
Re: (Score:2)
Not so sure about that.
We've had the internet, up alive and working for what, going on 20 years now? With no major outages? Redundancy every step of the way? I think it's OK to assume that the Internet will be around excepting armageddon or maybe a world war.
That said, any one system can be taken offline by targeting it specifically.
Internet Phase-Out (Score:2)
Internet 3 should be designed with jobs one, two and three being near-paranoiac levels of security (AND ANONYMITY) and purpose-built such that all the existing hardware-embedded code (bugs and all) won't even work, such that the entire 'net and equipment have no legacy garbage with neither lazy (corpora
Re: (Score:2)
The Internet was built from the ground up with fault-tolerant collaboration at the heart. It never occurred to the well meaning scientists and engineers that some of the users would be out and out assholes.
Huh? The design and implementation of the Internet, and its predecessor the ARPAnet, was done with roughly 99% military funding. The fault tolerance was there from the start, because the military explicitly wanted a comm system that would survive constant attack by enemies under battle conditions. The scientists and engineers involved understood this quite well, and testing by implementing and running "cyberattack" software was routine from the very early days.
Saying that such attacks "never occurred t
I will tell that to Southern China (Score:1)
They're having factories and buildings explode every day in a coordinated nationwide Islamic terrorist attack.
Cyberwar is the LEAST of their problems.
Backbone providers need to do more to solve this.. (Score:2)
cooperation (Score:2)
We can't expect politicians, bureaucrats or international business to cooperate freely with others around the world. They perceive a world of competition, a world of scarcity in which winning requires others to lose.
But there is another way.
Scientists and engineers around the world have cooperated in the most important projects of our time: the International Space Station; the LHC; the Genome Project; Linux... Scientists often cooperate on medical, climate and other research. Engineers cooperate on Github,
Yeah but... (Score:2)
"Technical experts and legal scholars repeatedly stress that the idea of a 'cyber Pearl Harbor'—a devastating sneak attack on U.S. infrastructure by a powerful state actor that launched a sustained international conflict—is wildly overblown"
No one expects the Spanish Inquisition
better term (Score:2)
Cyber armageddon
Can we all agree on "cybergeddon"?
SCADA Controllers - They Control Everything (Score:2)
Everyone is so scared of these invisible bad guys going after infrastructure, such as power plants, dams and water treatment plants.
Let's think of something even more important. Let's think Wonder Bread. A few lines of code, and *bam!*, you've shut down the production line on a factory that's used to churning out 10,000 loaves of bread per day. Do that for a sugar plant and see what happens. How about an operation that makes chicken and hog feed?
Everyone is so focused on the big stuff. Lemme tell you,
Switch to secure operating systems (Score:2)
We could as a community decide to switch to secure operating systems, the kind that never, ever trust program code to do what it says on the tin. This would require a lot of coding, but nothing more than the scope of GNU/Linux. This would eliminate viruses, spyware, and a whole host of other problems. I look forward to the day when I can tell the OS which files to allow an application to use... until then it's going to keep getting worse.