US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Adversaries, Foreign Policy Expert Says (cnbc.com) 102
America's greatest vulnerability is its continued inability to acknowledge the extent of its adversaries' capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group. From a report: Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the "big four": Russia, China, North Korea, and Iran. "We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea -- no one in the U.S. cybersecurity services believed the North Koreans could actually do that," Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.
Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. "It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data."
Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. "It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data."
Re: (Score:3, Informative)
Snappy!
Pity it just sounds good. That's nothing more than some philosophical bubble gum to make you feel better about your contrarian bullshit.
There's a problem with the internet and it's eating your country alive.
Re: (Score:2)
Interesting article
https://medium.com/incerto/the... [medium.com]
Ergodicity
As we saw, a situation is deemed non ergodic here when observed past probabilities do not apply to future processes. There is a "stop" somewhere, an absorbing barrier that prevents people with skin in the game from emerging from it -and to which the system will invariably tend. Let us call these situations "ruin", as the entity cannot emerge from the condition. The central problem is that if there is a possibility of ruin, cost benefit analyses are no longer possible.
Consider a more extreme example than the Casino experiment. Assume a collection of people play Russian Roulette a single time for a million dollars -this is the central story in Fooled by Randomness. About five out of six will make money. If someone used a standard cost-benefit analysis, he would have claimed that one has 83.33% chance of gains, for an "expected" average return per shot of $833,333. But if you played Russian roulette more than once, you are deemed to end up in the cemetery. Your expected return is ... not computable.
Re: (Score:2)
Nassim Nicholas Taleb is one of the most overrated of the celebrity twitter "philosophers". He's what a dumb person thinks a smart person sounds like.
Well, possibly, just possibly (Score:5, Insightful)
Re: (Score:2)
acknowledge that the problem exists, rather than deny it because it somehow diminishes the ego of the current occupant of the Oval Office
Did you say impeachment? Because it really sounded like you were saying impeachment.
Shut the fuck up (Score:1, Insightful)
in the last few years we've learned that America itself is the biggest cyber terrorist on the planet. Stop trying to make us believe other countries are the enemies and aggressors. And if you attack other countries you have to expect that they fight back.
Goose, meet Gander (Score:5, Insightful)
Stuxnet - I bet the Iranians never believed the USA could do THAT. A real act of war if ever there was one.
It will be interesting to watch how the US government goes about preventing all "foreign" interference by way of the Internet and the Web without completely cutting the USA off from the rest of the world.
Re: (Score:1)
Americans?
Not Israelis/Jews?
Re: (Score:2)
Iran was already committing an act of war by enriching uranium outside of the nonproliferation agreement.
No it wasn't. Your talk of "war" is meaningless provocation.
"Iran signed the Nuclear Non-Proliferation Treaty (NPT) in 1968 and ratified it in 1970, making Iran's nuclear program subject to IAEA verification".
https://en.wikipedia.org/wiki/... [wikipedia.org]
That means that Iran has been rigorously inspected ever since 1970, proving that it not only has no nuclear weapons, but that it has not even begun working toward their possession - which would take many years. On the other hand Israel, India and Pakistan never even sig
Re:Shut the fuck up (Score:4, Funny)
Thanks for that Ivan. How's the weather in St. Petersburg?
Re: (Score:2)
Re: (Score:2)
Thanks Ivan. It's good to know you can flip to "totally hyperbolic" when you need to. I'm sure you'll make a few extra rubles for this little exchange.
Re: (Score:2)
Well at least you're not pretending to be an American anymore Ivan, but that's going to cost you some rubles. You'll get downgraded to calling the Ukrainian government "Nazis" at this rate. Maybe you'll get some points for the Israel comments t. We all know how much Russians hate Jews.
The problem is of our own making (Score:5, Insightful)
Instead of the NSA working with privacy industry to fix exploits, it sits on them and weaponizes them. It means other parties who find the same can also exploit them against us. It makes all our security weak.
Then we insist on putting industrial and military systems on the internet when smarter countries are moving the other way, sometimes even using paper records to make the data more difficult to steal. Not that paper data can't be stolen but it is harder to get a lot at once and it requires old fashioned spy methods.
'Then we have legions after legions of technically clueless managers who ignore the advice of security experts for "convenience".
So if we have cyber security probs those are probs we made for ourselves and we deserve to face the consequences.
Seriously? (Score:2, Informative)
We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea -- no one in the U.S. cybersecurity services believed the North Koreans could actually do that
WannaCry famously used exploit code developed by NSA. It demonstrates an almost sociopathic lack of self-awareness to turn around and blame threats caused by the unnecessarily agressive weaponisation of the internet by US state actors on those same actors underestimation of the threat posed by others.
Re: (Score:2)
The term was in use before George Orwell was even born.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
It's also a key concept in Foundations of Geopolitics by Aleksandr Dugin, influential Russian nutcase
https://en.wikipedia.org/wiki/... [wikipedia.org]
In Foundations of Geopolitics, Dugin calls for the influence of the United States and Atlanticism to lose its influence in Eurasia and for Russia to rebuild its influence through annexations and alliances.
The book declares that "the battle for the world rule of [ethnic] Russians" has not ended and Russia remains "the staging area of a new anti-bourgeois, anti-American revolution." The Eurasian Empire will be constructed "on the fundamental principle of the common enemy: the rejection of Atlanticism, strategic control of the USA, and the refusal to allow liberal values to dominate us."
Military operations play relatively little role. The textbook believes in a sophisticated program of subversion, destabilization, and disinformation spearheaded by the Russian special services. The operations should be assisted by a tough, hard-headed utilization of Russia's gas, oil, and natural resources to bully and pressure other countries.
The book states that "the maximum task [of the future] is the 'Finlandization' of all of Europe".
In Europe:
* Germany should be offered the de facto political dominance over most Protestant and Catholic states located within Central and Eastern Europe. Kaliningrad oblast could be given back to Germany. The book uses the term "Moscow-Berlin axis".
* France should be encouraged to form a "Franco-German bloc" with Germany. Both countries have a "firm anti-Atlanticist tradition".
* The United Kingdom should be cut off from Europe.
* Finland should be absorbed into Russia. Southern Finland will be combined with the Republic of Karelia and northern Finland will be "donated to Murmansk Oblast".
* Estonia should be given to Germany's sphere of influence.
* Latvia and Lithuania should be given a "special status" in the Eurasian-Russian sphere.
* Poland should be granted a "special status" in the Eurasian sphere.
* Romania, Macedonia, "Serbian Bosnia" and Greece - "Orthodox collectivist East" - will unite with "Moscow the Third Rome" and reject the "rational-individualistic West".
* Ukraine should be annexed by Russia because "Ukraine as a state has no geopolitical meaning, no particular cultural import or universal significance, no geographic uniqueness, no ethnic exclusiveness, its certain territorial ambitions represents an enormous danger for all of Eurasia and, without resolving the Ukrainian problem, it is in general senseless to speak about continental politics". Ukraine should not be allowed to remain independent, unless it is cordon sanitaire, which would be inadmissible.
In the Middle East and Central Asia:
* The book stresses the "continental Russian-Islamic alliance" which lies "at the foundation of anti-Atlanticist strategy". The alliance is based on the "traditional character of Russian and Islamic civilization". ... [like] the Iranians and the Kurds".
* Iran is a key ally. The book uses the term "Moscow-Tehran axis".
* Armenia has a special role: It will serve as a "strategic base," and it is necessary to create "the [subsidiary] axis Moscow-Erevan-Teheran". Armenians "are an Aryan people
* Azerbaijan could be "split up" or given to Iran.
* Georgia should be dismembered. Abkhazia and "United Ossetia" (which includes Georgia's South Ossetia) will be incorporated into Russia. Georgia's independent policies are unacceptable.
Russia needs to create "geopolitical shocks" within Turkey. These can be achieved by employing Kurds, Armenians and other minorities.
* The book regards the Caucasus as a Russian territory, including "the eastern and northern shores of the Caspian (the territories of Kazakhstan and Turkmenistan)" and Central Asia (mentioning Kazakhstan, Uzbekistan, Kyrgyzstan and Tajikistan).
In Asia:
* China, which represents a danger to Russia, "must, to the maximum degree possible, be dismantled". Dugin suggests that Russia start by taking Tibet-Xinjiang-Mongolia-Manchuria as a security belt. Russia should offer China help "in a southern direction - Indochina (except Vietnam), the Philippines, Indonesia, Australia" as geopolitical compensation.
* Russia should manipulate Japanese politics by offering the Kuril Islands to Japan and provoking anti-Americanism.
* Mongolia should be absorbed into Eurasia-Russia.
The book emphasizes that Russia must spread Anti-Americanism everywhere: "the main 'scapegoat' will be precisely the U.S."
In the United States:
* Russia should use its special services within the borders of the United States to fuel instability and separatism, for instance, provoke "Afro-American racists". Russia should "introduce geopolitical disorder into internal American activity, encouraging all kinds of separatism and ethnic, social and racial conflicts, actively supporting all dissident movements - extremist, racist, and sectarian groups, thus destabilizing internal political processes in the U.S. It would also make sense simultaneously to support isolationist tendencies in American politics."
Biggest Cyberthreat (Score:4, Insightful)
Our biggest cyberthreat is Windows. Until that thread is neutralized, we will continue to be unnecessarily vulnerable.
Bullshit: It's "smart phones" (Score:4, Insightful)
Phones, on the other hand, are always-on cameras and microphones that cannot be locked down in any way. Phones alsoallow for 100% harvesting of all email, text messages, and phone calls sent through them.
We'd be in good shape, as a country, if Windows really was the greatest "cyberthreat".
Actually, it's people. (Score:2)
Windows isn't the biggest threat.
However, the larger threat of Windows comes from what it's used to manage, specifically SCADA systems.
Windows can be locked down.
Unfortunately, Windows has a perpetual stream of 0day bugs being added to it from Microsoft via Windows Update. The other problem is that getting a distribution of Windows that focuses specifically on security costs more money, so Cheapy McCheapskate is just going to use vanilla Windows.
Phones, on the other hand, are always-on cameras and microphones that cannot be locked down in any way. Phones alsoallow for 100% harvesting of all email, text messages, and phone calls sent through them.
There is no doubt that they are a significant threat but exploiting them is difficult without having them installing malw
Re: (Score:2)
Our biggest cyberthreat is Windows
Br No. Our biggest cyberthreat is from people who know they can take advantage of people who aren't paranoid enough to think twice before falling for every phishing scheme that wanders by. The biggest threats come from compromised credentials, and OS vulnerabilities are only a small fraction of how that happens.
Re: (Score:2)
...and OS vulnerabilities are only a small fraction of how that happens.
You underestimate the power of the dark side's incompetence. The city in which I work has regular compromises, it seems. And every single compromise that I have been made aware of has been traced back to Windows flaws. There has never been a leak that resulted from phishing.
My own company was regularly infected back when we still ran public-facing Windows. After switching to Linux, they all came to a screeching halt.
Re: (Score:2)
Windows uses many threads. ;)
Re: (Score:2)
Yeah, I realized the typo after pressing Submit.
Re: (Score:2)
Hehe. I was just teasing you. ;)
... Threats From Our Adversaries (Score:2)
In other words: from everyone else on the planet!
No fucking shit. (Score:1)
That is probably only the second biggest vulnerabi (Score:2)
It is likely that cyber vulnerabilities follow the same pattern. While everyone is busy looking for the overseas threat, the domestic (and government) hackers are spreading mayhem and chaos internally.
The data very much indicates the opposite (Score:3)
Our company provides security services for many fairly large companies. Rackspace, for example, is one of our many customers. You can imagine how much data flows through our IDS every day. We have millions of security events logged.
Attacks can be broadly classified into two groups - bulk, unsophisticated attacks, and targeted, more sophisticated attacks.
The largest VOLUME of attacks come from Eastern Europe and Russia, places where local law enforcement isn't all that concerned about hackers targeting the
Don't think so... (Score:2)
The biggest threat is incorrectly assessing and overreacting. The threat is there but making it out to be a bigger boogeyman than it really is can and will set in motion consequences both internal to the nation and outside it that will be extremely dangerous and difficult to walk back from. Don't let politicians influence you with their unbridled suspicion and fear. Remember these experts are paid by someone and they have personal incentives that drives their outspokenness.
Re: (Score:2)
The Russians have been a significant threat since the end of the Second World War. Is there some reason you wish to minimize that?
Ignorance (Score:3, Insightful)
The problem lies on a way more fundamental level...
For instance, how much Equifax had to pay for leaking a whole ton of sensitive data? It was obviously less than enough.
How much other companies who leaked medical data, credit card data, governmental data, electors data, had to pay for weak security?
Not enough.
US is it's own cyber threat, it doesn't need to label other ships as the enemy, it's sinking by itself.
What's the response around security from US politicians? Let's use fearmongering against smartphone companies without any proof and bar them from the US market without any proof of doing anything wrong, because we think the chinese government might exploit connections to spy on us. It applies because we'd certainly do the same in their position.
We don't punish incompetence, we put in question the competence of others, and we accuse others of the unethical behaviour that we practice and deserve to be called for. US gets exactly what it deserves. Leaders who thinks they own the place and keep pushing others away while making unreasonable demands all the time eventually gets overthrown. Those who still didn't get this will be forced to given time.
Deny/deflect/trivialize (Score:3)
Interesting to see so many comrades on the job right away. Slashdot must be closely monitored.
Re: (Score:2)
You're kidding yourself if you think Slashdot has any "reach" and is thus worth any effort. Nobody reads the site any more. It's the same 50 people commenting on every article. In the old days Slashdot could bring a website down just by linking to it. But today? Laughable.
It's like the old Red Scare: confirmation bias causes people to see Russians under the bed. Russians did everything. They made me lose my shoe, they spoiled the milk, they made Hollywood make a movie that pointed out the shortcomi
Re: (Score:2)
I just searched for "slashdotted" and saw a headline from 2005 that said the effect was diminishing (article not available). Come to think of it, I haven't had any trouble reaching a Slashdot link in a long time.
I still think that anybody who disagrees with me is a Rooshian troll.
Not only the US (Score:2)
Here in Europe the Belgcom hack has just come into the newspapers. A Belgian telecom company was hacked by the British GCHQ a few years ago. Although there is more than enough evidence no one dares take them to court because of politics: https://theintercept.com/2018/... [theintercept.com]
The US does understand its adversaries (Score:2)
Re: (Score:2)
So they could get "democracy" and "freedom". Want to become a CIA spy while in the USA? Return back to your now nation and spy for decades?
Then after years of free education make their own nations "freedom" ready after going back.
The other nations just sent their best and most loyal students to avoid any such spy risks and took all the advanced US tech back to their own nations for free.
The US gave up its tech futur
Re: (Score:2)
So the solution to the problem of being outhacked by adversaries is to “secure US crypto and networks”. Sounds easy, I wonder why they didn’t think of that?
There are solutions (Score:2)
Interesting how this article accumulated over 50 posts and nobody (unless I just totally missed it) has pointed out that we are in the fix of a) being under concentrated cyber-attack from Russia and b) we have a president 100% committed to the idea that there is no threat.
Hopefully the career military, spooks, and bureaucrats are on the job because it is pretty much up to them to defend us.
Re: (Score:2)
Have you tried unplugging your 'computer' from the Internet. You're sleepwalking into a police state
Re: (Score:2)
This whole Russian hacking story is bogus.
Because bogus stories always result in 4 federal court guilty pleas and 14 indictments rising to the standards of federal prosecutors.
Re: (Score:2)
Nobody expects the Mueller inquisition, but it's his job to collect scalps to be conveniently lumped together into a pile as evidence for something. I'm not sure what, though. Collusion, or hacking? The narrative changes.
What hasn't changed is what the hacking narrative started on, which is the emails from the DNC server. So far we still only have their word for it, and the unsolved murder mystery of one of their political operatives.
Saaaaaay Whaaaat ????? Bremmer??? (Score:2)
Now why would anything he had to say be of value, especially as CorporateAmerika continues to offshore jobs, techinology and investment to China, etc.????
Political front firm Eurasia Group? (Score:2)
FTFY ... (Score:2)
...
US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Advertisers ...
Willful Bliss (Score:2)
For the GOP to actually admit the 2016 election results were somehow manipulated, would be to validate a false President rules the throne.
As we’re now seeing, sexual escapades are hidden by shell companies, lawyers and friends, “jobs to A
Thousand billion losses (Score:2)
Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks
I wonder how they came to such a huge number. One thousand billion USD is the GDP of Mexico or Indonesia
Re: (Score:2)
I like how they have to dumb down the number. No one will know what a trillion is!
Nomenclature indication (Score:2)
The biggest indicator that the US is in trouble is that its leadership uses the term “cyber”.
No one who knows anything about computers says that.