Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Government United States

US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Adversaries, Foreign Policy Expert Says (cnbc.com) 102

America's greatest vulnerability is its continued inability to acknowledge the extent of its adversaries' capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group. From a report: Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the "big four": Russia, China, North Korea, and Iran. "We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea -- no one in the U.S. cybersecurity services believed the North Koreans could actually do that," Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.

Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. "It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data."

This discussion has been archived. No new comments can be posted.

US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Adversaries, Foreign Policy Expert Says

Comments Filter:
  • by Anonymous Coward on Sunday February 18, 2018 @11:47AM (#56147142)
    If we would acknowledge that the problem exists, rather than deny it because it somehow diminishes the ego of the current occupant of the Oval Office, we could start to do something about it.
    • acknowledge that the problem exists, rather than deny it because it somehow diminishes the ego of the current occupant of the Oval Office

      Did you say impeachment? Because it really sounded like you were saying impeachment.

  • Shut the fuck up (Score:1, Insightful)

    by Anonymous Coward

    in the last few years we've learned that America itself is the biggest cyber terrorist on the planet. Stop trying to make us believe other countries are the enemies and aggressors. And if you attack other countries you have to expect that they fight back.

    • Goose, meet Gander (Score:5, Insightful)

      by Archtech ( 159117 ) on Sunday February 18, 2018 @11:58AM (#56147180)

      Stuxnet - I bet the Iranians never believed the USA could do THAT. A real act of war if ever there was one.

      It will be interesting to watch how the US government goes about preventing all "foreign" interference by way of the Internet and the Web without completely cutting the USA off from the rest of the world.

      • by aliquis ( 678370 )

        Americans?
        Not Israelis/Jews?

    • by MightyMartian ( 840721 ) on Sunday February 18, 2018 @12:12PM (#56147222) Journal

      Thanks for that Ivan. How's the weather in St. Petersburg?

      • Pointing out the US government's bloody history isn't foreign meddling. Heck, our "friends" in Europe do it all the time. Among those wars are Afghanistan and Iraq, the longest in our history; Libya, which was left without a stable government; Syriaâ(TM)s civil war, a six-year human rights disaster we helped kick off by arming rebels to overthrow Bashar Assad; and Yemen, where a U.S.-backed Saudi bombing campaign and starvation blockade is causing a humanitarian catastrophe.
  • by Anonymous Coward on Sunday February 18, 2018 @12:02PM (#56147196)

    Instead of the NSA working with privacy industry to fix exploits, it sits on them and weaponizes them. It means other parties who find the same can also exploit them against us. It makes all our security weak.

    Then we insist on putting industrial and military systems on the internet when smarter countries are moving the other way, sometimes even using paper records to make the data more difficult to steal. Not that paper data can't be stolen but it is harder to get a lot at once and it requires old fashioned spy methods.

    'Then we have legions after legions of technically clueless managers who ignore the advice of security experts for "convenience".

    So if we have cyber security probs those are probs we made for ourselves and we deserve to face the consequences.

  • Seriously? (Score:2, Informative)

    by Anonymous Coward

    We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea -- no one in the U.S. cybersecurity services believed the North Koreans could actually do that

    WannaCry famously used exploit code developed by NSA. It demonstrates an almost sociopathic lack of self-awareness to turn around and blame threats caused by the unnecessarily agressive weaponisation of the internet by US state actors on those same actors underestimation of the threat posed by others.

  • by StormReaver ( 59959 ) on Sunday February 18, 2018 @12:11PM (#56147210)

    Our biggest cyberthreat is Windows. Until that thread is neutralized, we will continue to be unnecessarily vulnerable.

    • by DogDude ( 805747 ) on Sunday February 18, 2018 @12:45PM (#56147350)
      Windows isn't the biggest threat. I know plenty of people who don't even have a computer any more. Besides, Windows can be locked down.

      Phones, on the other hand, are always-on cameras and microphones that cannot be locked down in any way. Phones alsoallow for 100% harvesting of all email, text messages, and phone calls sent through them.

      We'd be in good shape, as a country, if Windows really was the greatest "cyberthreat".
      • Windows isn't the biggest threat.

        However, the larger threat of Windows comes from what it's used to manage, specifically SCADA systems.

        Windows can be locked down.

        Unfortunately, Windows has a perpetual stream of 0day bugs being added to it from Microsoft via Windows Update. The other problem is that getting a distribution of Windows that focuses specifically on security costs more money, so Cheapy McCheapskate is just going to use vanilla Windows.

        Phones, on the other hand, are always-on cameras and microphones that cannot be locked down in any way. Phones alsoallow for 100% harvesting of all email, text messages, and phone calls sent through them.

        There is no doubt that they are a significant threat but exploiting them is difficult without having them installing malw

    • Our biggest cyberthreat is Windows

      Br No. Our biggest cyberthreat is from people who know they can take advantage of people who aren't paranoid enough to think twice before falling for every phishing scheme that wanders by. The biggest threats come from compromised credentials, and OS vulnerabilities are only a small fraction of how that happens.

      • ...and OS vulnerabilities are only a small fraction of how that happens.

        You underestimate the power of the dark side's incompetence. The city in which I work has regular compromises, it seems. And every single compromise that I have been made aware of has been traced back to Windows flaws. There has never been a leak that resulted from phishing.

        My own company was regularly infected back when we still ran public-facing Windows. After switching to Linux, they all came to a screeching halt.

    • by antdude ( 79039 )

      Windows uses many threads. ;)

  • In other words: from everyone else on the planet!

  • That wall was painted years ago and they're just now realizing this?
  • As with terrorism, the biggest threat is from inside - home grown terrorists, not foreigners.

    It is likely that cyber vulnerabilities follow the same pattern. While everyone is busy looking for the overseas threat, the domestic (and government) hackers are spreading mayhem and chaos internally.

    • Our company provides security services for many fairly large companies. Rackspace, for example, is one of our many customers. You can imagine how much data flows through our IDS every day. We have millions of security events logged.

      Attacks can be broadly classified into two groups - bulk, unsophisticated attacks, and targeted, more sophisticated attacks.

      The largest VOLUME of attacks come from Eastern Europe and Russia, places where local law enforcement isn't all that concerned about hackers targeting the

  • The biggest threat is incorrectly assessing and overreacting. The threat is there but making it out to be a bigger boogeyman than it really is can and will set in motion consequences both internal to the nation and outside it that will be extremely dangerous and difficult to walk back from. Don't let politicians influence you with their unbridled suspicion and fear. Remember these experts are paid by someone and they have personal incentives that drives their outspokenness.

    • The Russians have been a significant threat since the end of the Second World War. Is there some reason you wish to minimize that?

  • Ignorance (Score:3, Insightful)

    by XSportSeeker ( 4641865 ) on Sunday February 18, 2018 @12:33PM (#56147296)

    The problem lies on a way more fundamental level...
    For instance, how much Equifax had to pay for leaking a whole ton of sensitive data? It was obviously less than enough.
    How much other companies who leaked medical data, credit card data, governmental data, electors data, had to pay for weak security?
    Not enough.
    US is it's own cyber threat, it doesn't need to label other ships as the enemy, it's sinking by itself.
    What's the response around security from US politicians? Let's use fearmongering against smartphone companies without any proof and bar them from the US market without any proof of doing anything wrong, because we think the chinese government might exploit connections to spy on us. It applies because we'd certainly do the same in their position.

    We don't punish incompetence, we put in question the competence of others, and we accuse others of the unethical behaviour that we practice and deserve to be called for. US gets exactly what it deserves. Leaders who thinks they own the place and keep pushing others away while making unreasonable demands all the time eventually gets overthrown. Those who still didn't get this will be forced to given time.

  • by marcle ( 1575627 ) on Sunday February 18, 2018 @12:47PM (#56147352)

    Interesting to see so many comrades on the job right away. Slashdot must be closely monitored.

    • You're kidding yourself if you think Slashdot has any "reach" and is thus worth any effort. Nobody reads the site any more. It's the same 50 people commenting on every article. In the old days Slashdot could bring a website down just by linking to it. But today? Laughable.

      It's like the old Red Scare: confirmation bias causes people to see Russians under the bed. Russians did everything. They made me lose my shoe, they spoiled the milk, they made Hollywood make a movie that pointed out the shortcomi

      • by marcle ( 1575627 )

        I just searched for "slashdotted" and saw a headline from 2005 that said the effect was diminishing (article not available). Come to think of it, I haven't had any trouble reaching a Slashdot link in a long time.
        I still think that anybody who disagrees with me is a Rooshian troll.

  • Here in Europe the Belgcom hack has just come into the newspapers. A Belgian telecom company was hacked by the British GCHQ a few years ago. Although there is more than enough evidence no one dares take them to court because of politics: https://theintercept.com/2018/... [theintercept.com]

  • What it lacks is adequate talent to deal with the adversaries. That exceptional talent comes with a high price tag. Champagne taste, beer budget.
    • by AHuxley ( 892839 )
      The CIA invited the US adversaries in to study at the best US universities for free.
      So they could get "democracy" and "freedom". Want to become a CIA spy while in the USA? Return back to your now nation and spy for decades?
      Then after years of free education make their own nations "freedom" ready after going back.
      The other nations just sent their best and most loyal students to avoid any such spy risks and took all the advanced US tech back to their own nations for free.
      The US gave up its tech futur
      • by GrahamJ ( 241784 )

        So the solution to the problem of being outhacked by adversaries is to “secure US crypto and networks”. Sounds easy, I wonder why they didn’t think of that?

  • Interesting how this article accumulated over 50 posts and nobody (unless I just totally missed it) has pointed out that we are in the fix of a) being under concentrated cyber-attack from Russia and b) we have a president 100% committed to the idea that there is no threat.

    Hopefully the career military, spooks, and bureaucrats are on the job because it is pretty much up to them to defend us.

    • AlanObject [slashdot.org]: "Interesting how this article accumulated over 50 posts and nobody (unless I just totally missed it) has pointed out that we are in the fix of a) being under concentrated cyber-attack from Russia and b) we have a president 100% committed to the idea that there is no threat. Hopefully the career military, spooks, and bureaucrats are on the job because it is pretty much up to them to defend us."

      Have you tried unplugging your 'computer' from the Internet. You're sleepwalking into a police state
      • This whole Russian hacking story is bogus.

        Because bogus stories always result in 4 federal court guilty pleas and 14 indictments rising to the standards of federal prosecutors.

        • Nobody expects the Mueller inquisition, but it's his job to collect scalps to be conveniently lumped together into a pile as evidence for something. I'm not sure what, though. Collusion, or hacking? The narrative changes.

          What hasn't changed is what the hacking narrative started on, which is the emails from the DNC server. So far we still only have their word for it, and the unsolved murder mystery of one of their political operatives.

  • Ian Bremmer???? Wasn't he the dood from the Bushie Administration who helped create ISIS by firing all those Iraqi military types and allowing them to vamoose with their weaponry????
    Now why would anything he had to say be of value, especially as CorporateAmerika continues to offshore jobs, techinology and investment to China, etc.????
  • The threat is a lot closer to home. A mouthpiece for the US state security apparatus, possibly tasked with signaling the Washington establishment as to what their policies are going to be. These leaks against Trump being an attempt to persuade him to get with the program. The program being to do exactly what he's told. America's greatest vulnerability is the backdoors inserted into the communications infrastructure and allowing a particular foreign intelligence to control of them.
  • ...

    US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Advertisers ...

  • We’re not ignoring them – We (well, the GOP anyway) needs to somehow spin them as “false news”, attack anyone who claims it’s valid and redirect to some Clintonian BS when evidence is demonstratively contrary to the GOP story.
    For the GOP to actually admit the 2016 election results were somehow manipulated, would be to validate a false President rules the throne.
    As we’re now seeing, sexual escapades are hidden by shell companies, lawyers and friends, “jobs to A
  • Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks

    I wonder how they came to such a huge number. One thousand billion USD is the GDP of Mexico or Indonesia

  • The biggest indicator that the US is in trouble is that its leadership uses the term “cyber”.

    No one who knows anything about computers says that.

"If it's not loud, it doesn't work!" -- Blank Reg, from "Max Headroom"

Working...