US Prepares for Eventual Cyberwar

The New York Times is reporting on preparations in the works by the US government to prep for a 'cyberwar'. Precautionary measures are being taken to guard against concerted attacks by politically-minded (or well-paid) hackers looking to cause havoc. Though they outline scenarios where mass damage is the desired outcome (such as remotely opening a dam's gates to flood cities), most expect such conflicts to be more subtle. Parts of the internet, for example, may be unreachable or unreliable for certain countries. Regardless, the article suggests we've already seen our first low-level cyberwar in Estonia: "The cyberattacks in Estonia were apparently sparked by tensions over the country's plan to remove Soviet-era war memorials. Estonian officials initially blamed Russia for the attacks, suggesting that its state-run computer networks blocked online access to banks and government offices. The Kremlin denied the accusations. And Estonian officials ultimately accepted the idea that perhaps this attack was the work of tech-savvy activists, or 'hactivists,' who have been mounting similar attacks against just about everyone for several years."

Isn't this blown out of proportion, again?

[Anonymous Coward]

I mean who the FUCK would be stupid enough to have the controls for a Dam connected to the internet?

Obvious safeguard

[maharg]

don't connect the dam floodgate controller to the internet ?

The Need for an Enemy

[segedunum]

Well, everyone needs a credible enemy to keep themselves in a job. I mean, what would all those government agencies do with their time? The whole thing is just playing peoples worst fears, and the scenarios they've got there are straight out of Die Hard......or that film Sandra Bullock was in, and of course the all have no basis in reality.

Bring back the Cold War, that's what I say, and it looks as though they are. This whole terrorism thing just isn't working out ;-).

always a war

[had3z]

Why is it that america is always preparing for a war? a war on 'terrer', a cyberwar, a war on drugs, a war on immigrants, a war on pirates, a war on guns. When is the last time america made peace?
I guess big budgets need big reasons

Re:Newspaper ad

[suv4x4]

How does it feel to reply to your own post?

Makes me feel Slashdot had an edit post button, so I wouldn't have to ammend myself in an entire new post.

Mind yo businez

[ancientt]

That's right, because we all know that bullies only beat up other bullies. </sarcasm>>

I love that people assume that the US is a target because of it's actions. I wonder if these are the same people that assume that Microsoft gets hacked because it is an 'evil' company. Let me say it plainly: The US is a target because the US has a lot of money and influence. Microsoft is a target because they have a large number of users. There may be thousands of other reasons, but that is the real reason there is such a disparity in attacks against the two. I am not saying that MS shouldn't be a moral business or that the US shouldn't improve it's interactions in the world, I'm just saying that doing either one will not make a significant difference in the number of attacks.

Both have a need to do the same thing too, actually. They need to improve security and do it in such a way that it doesn't harm their base.

Humans

[Anonymous Coward]

We started as tribes, we warred between villages. We became countries, we warred over boarders. We took our war into space - complete nothingness, and yet we fought over it. We then created a new world that exists only as information coursing through wire and fibre, and yet we brought war to it. What a sad and tedious inevitability.

Born to Lose

[Doc Ruby]

Every US "Cybersecurity Czar" [wikipedia.org] has quit in disgust. The Homeland Security agency can't even find someone to run the office [cybertelecom.org], because it's a total joke.

Meanwhile, the US has already been under siege by China in a full-blown cyberwar [google.com] for several years.

It's cheap to attack the US tech infrastructure, and expensive to defend against it. That's what asymmetric warfare [wikipedia.org], like terrorism, is all about. So 6 years into Bush's Terror War, and the government is still preparing to get started, while our enemies just surge around us.

Re:Hacktivists!?

[Joebert]

People don't beat their kids for the better of the child, they beat their kids because they themselves are incapable of acting in a socially acceptable manor & beating the children allows the parent to vent the fustrations involved with being a failure in society as well as an incapable parent.

Don't beat your kids, better yourself & lead by example.
If the children don't follow your example, abandon them.

Re:Isn't this blown out of proportion, again?

[timeOday]

Actually some very important things are reachable via the internet. Like millions of people's bank accounts, for instance. Heck, it's not the Internet, but highly classified satellites download data all the time through the open air. Relying on encryption is unavoidable.

Ahhhh, Now I understand about paying taxes on ....

[3seas]

....virtual goods.

They can use the virtual taxes to pay for the virtual war (cyberwar) defense.

http://politics.slashdot.org/article.pl?sid=07/06/ 23/2055244 [slashdot.org]

Re:Hacktivists!?

[Dogtanian]

Folks,if you catch your kid engaging in "hactivism" or using words like "politically correct"

Flamebait? Sure. But badly-constructed flamebait- the only people who use the expression "politically correct" are those attacking the concept.

In fact, I'd go so far as to say that "political correctness" only ever really existed as a convenient strawman caricature, useful for smearing anything remotely smacking of "liberal" or left wing views.

There really is a solution of uniqueness....

[3seas]

you know how linux doesn't suffer the windows viruses or the BSD system doesn't suffer linux holes?

Well its all about uniqueness. If ever computer ran a different operating system with different....whatever protocals..

Of course this is not realistic, or is it? Lets say the linux open source system could be compiled with something like an encription code that alters the system enough to make it unique. Any applications to run on that particular system would as well need to be compiled with the same code, etc, and so on... making each system unique enough that the difficulty of infecting or breaking into a system is greatly increased.

Maybe I should patent the idea... oh but wait... Its not novel....though my finger print may be unique, my eye retina unique, everyone has their own. Just look at itunes encripting your personal data to track piracy...

SECURE THE PROTOCOLS!!!

[Spy der Mann]

Just fix the darn protocols, dammit. It's been a year [washingtonpost.com] since Blue Security was taken down by PharmaMaster and NOBODY has done ANYTHING to prevent any subsequent DNS amplification attacks [securiteam.com] from happening.

If ISPs at least blocked forged-ip packets from exiting them, then THAT would be a nice start.

Re:always a war

[GooberToo]

Why is it that america is always preparing for a war?

Um...perhaps because it's the smart thing to do? Only an idiot wouldn't prepare.

You see, any country that has two nickles to rub together makes preparations to keep their two nickles. The reason is simple. Someone with only one nickle or maybe someone with two nickles that would like to have four, may decide to come take your two nickles. So you have a choice. One, give your two nickles up tomorrow (it will happen), or be in a position where it will cost someone three nickles to take your two.

Perhaps you've heard, "Hope for the best. Plan for the worst." Only an idiot running a country wouldn't do that.

neuromancer & ghost in the shell

[VoidEngineer]

Seems to me like we're heading towards some distinctly neuromantic and ghost-in-the-shellish conflict scenarios. Makes sense, considering all the recent technology advancements. Japan is busy at work making their first Mech prototypes, MIT is busy making invisibility cloaks, Van-Eck phreaking devices have been around for ages, and the Russia mafia seems to be busy writing custom viruses. The thing to remember is that a 'cyberwar' would *not* simply be conducted by script-kiddie hackers in their moms basements. Sure, you might have to deal with botnet DDOS attacks, but that's probably the least worrisome scenario. To use the Dam floodgate scenario, consider a sneakernet type attack, where a special-ops actually *applies for a job* at said energy company which runs said Dam floodgates, and moles their way past the firewalls, so they can install a custom one-time virus. Afterwords, they get a nice million dollar bounty from the sponsoring enemy state. That's the espionage scenario. There are others. Toss in some helicopters, invisibility cloaks, van-eck phreaking devices, and emp pulse generators, and you've got yourself an arguably new class of special-ops. You might say, 'yeah, US enemies aren't ever going to get helicopters and those kind of forces onto US soil, so the US only needs to concern itself with remote attacks.' Granted, the US still has a big advantage of being relatively isolated here in North America, but I'm not so convinced. We do have embassies, consulates, and business partnerns all over the world, and most all of them have VPN connections outside the US. Networks make distances less relevant, so we could simply be attacked at one of our embassies or consulates. But I digress. The idea that I'm trying to communicate here, is that a 'cyberwar' isn't necessarily all digital, just as a computer isn't all digital (keyboards and monitors are analog). As such, there will be a sneakernet and analog element to any such 'cyberwars', which will probably involve special-ops using the latest technology to tap into networks, nab passwords, and cover their tracks, *in conjunction* with the crackers doing the cracking. All nicely laid out in neuromancer and ghost-in-the-shell. The specifics differ, but the general concept is spot on in both works. At least in my opinion.

Re:It's not just the Internet

[djmcmath]

OP is right, and he's optimistic about our defenses. Even the military practices "network security" at only a childish level. Most users have no clue how security works, and our military's network security training is horribly remiss.

And of course, the OP only outlined a few attacks that can be conducted from the safety of an office somewhere remotely. We face an enemy who isn't at all afraid to blow stuff up, even if it means the explosives are personally delivered. Anyone take a look at the physical security on a dam recently? Storage sites for nuclear waste? Ferries, busses, trains?

We are ripe for attack from a small team of well-funded and determined enemies, and we're not doing enough to prepare for it.

Re:always a war

[Anonymous Coward]

Of course, centralized power is what gives birth to war in the first place. Without a centralized power to plan and conduct war -- funded through coercive means -- how could war ever come to be? Individuals can form a militia (voluntarily-supported army) for purposes of self-defense, but never could a militia be used for offense, i.e. attacking peaceful groups of people. Who would pay for it? I sure wouldn't -- I'm a peaceful individual. You might find a few nutcases willing to go along, but an entire army? You'd have to collect your revenue by force, meaning taxes.

Every single war that has ever been conducted has been supported through coercive means -- government -- rather than voluntary means.

Now you could argue that since the world today is dominated by centralized power, a standing army is necessary to prevent the inevitable attack. And you may be right. But perhaps it would be wise to remember that as history shows, the power elite who make their fortunes on centralized power aren't quite as interested in protecting you as they are themselves.

Re:It's not just the Internet

[Tim C]

Stop using systems that are inherently flaky. (EG: MS Windows) Move on to something that's proven to be resistant to viruses and the like.

Unfortunately, the vast majority of those systems are used almost exclusively by geeks and other more computer-savvy users. Migrate the masses from Windows to any other OS, and all the same security problems would follow, as we suddenly have tens of millions of unpatched Linux boxes connected directly to the internet with the users permanently logged in as root.

The vast majority of Windows malware requires user interaction to install in the first place. The biggest security problem of any given modern system is the human sat at the keyboard.