Forgot your password?
typodupeerror
Security United States

The US-Soviet Cyber Cold War 117

Posted by samzenpus
from the mutually-assured-ddos dept.
Roberto123 writes "A security expert with the NSA says a cyber cold war is being waged that has significant parallels to the Cold War between the US and Soviet Union. Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software."
This discussion has been archived. No new comments can be posted.

The US-Soviet Cyber Cold War

Comments Filter:
  • I expected the "Cyber cold war" to be way more matrix-y than this.
    • Re:Damn (Score:4, Funny)

      by K. S. Kyosuke (729550) on Sunday November 21, 2010 @01:36PM (#34299356)
      That wouldn't be just a Cold War, that would be a seriously Cool War.
      • I dunno. Waking up nekkid in a VAT of slime might have its downsides. Although there probably would be a lot of nekkid chicks nearby...

    • by khasim (1285) <brandioch.conner@gmail.com> on Sunday November 21, 2010 @01:44PM (#34299434)

      From TFA:

      "This is life and death and about our freedom and our way of life," he's not talking about the Soviet Union firing nuclear missiles at the U.S. or infiltrating our government with spies bent on subversion. He's talking about cyber criminals hacking into personal, business or government computers, stealing information, intellectual property and/or money.

      Oh noes!!! The Nigerian scammers are taking our Freedom! Teenagers downloading our movies are stealing our way of life!!!

      How about we focus on the real issues? Why don't the banks have a better means of verifying transactions?

      I'm still more worried about nuclear missiles than I am about whether the newest Harry Potter movie is available on a torrent.

      But that's just me.

      • by pitchpipe (708843)

        How about we focus on the real issues?

        You have to question why a security expert with the NSA compares fighting computer crime from a nation with a GDP comparable to the state of Texas [wikipedia.org] with the old real threat of absolute destruction from a foe that had [wikipedia.org] a little over half the GDP of the US at the time, but had a larger population, larger land mass, and a larger workforce... along with a whole bunch of US destroying missles.

        • by khasim (1285) <brandioch.conner@gmail.com> on Sunday November 21, 2010 @02:17PM (#34299616)

          He's propping up his job with whatever rhetoric he can dig up.

          zOMG!!! It's like the nukes are coming back! But they're even badder now. We must fears them even moars! Fearz them! It's the only way I'll keep my job!

          Instead, just a bit of modification on the side of the banks and we'd have almost no "identify theft" fraud.
          But that doesn't happen because the banks don't want the cost of improving their security.
          Not when that cost can be dumped onto us (the customers) and the retailers.

          • I think this, together with that drivel about China hijacking the 'net traffice from the US gov't for 9 minutes, is just more propaganda to push Richard Clarke's pathetic claptrap book ("Cyber War" -- hence the constant usage of the word, "cyber" -- get it??).

            Somehow, everyone is supposed to conveniently forget how the Clinton administration, with Richard Clarke as the national security advisor, handed the Chicoms the over-the-horizon missile targeting, placing them on par with the USA. And everyone is sup

            • I'm not saying your claims are incorrect, but I can find no corroborating sources for them. Would you care to source them?

          • by sznupi (719324)

            Most people are ultimately comfortable with their worldview (even scary one) / need to largely be...supplanted, die out, for the world to improve.

      • by Anonymous Coward

        Some ("Many" might be more appropriate here) of us still remember the cold war and lived in the small countries that bordered the soviet union. I lived in a country that bordered the soviet union and the risk of invasion was very real (the communist party also planned a revolution, even though they failed to carry that out) even without a large scale nuclear war. But the risk of the war - That only a few people would need to be too trigger happy and tomorrow the world as we know it might not exist - was al

        • I lived in a country that bordered the soviet union and the risk of invasion was very real ... Every news broadcast about the latest political tension between us and our large neighbour was a reminder of it.)

          Was? Why is this in the past tense? If you live near Russia, this shit happens now.

          • If you live near Russia, this shit happens now.

            Can you give one example of any country bordering Russia that is presently at risk of an unprovoked invasion from it?

            • Re: (Score:3, Interesting)

              "Unprovoked." Cute.

              • Re: (Score:1, Flamebait)

                I had to clarify. USSR has invaded Germany in 1945, and US invaded Japan - but I don't suppose that is the kind of thing you had in mind.

                Let me be more specific, then - by "provocation" I specifically mean a deliberate and intentional act of aggression against Russian territory, or Russian troops legally stationed overseas. A specific example of that would be Georgian troops shelling Russian peacekeeper base in Tskhinvali during the Georgian invasion of South Ossetia, killing several troops stationed withi

        • lived in a country that bordered the soviet union and the risk of invasion was very real ...the communist party also planned a revolution, even though they failed to carry that out

          Soviet Union bordered the following twelve countries: Afghanistan, China, Czechoslovakia, Finland, Hungary, Iran, Mongolia, North Korea, Norway, Poland, Romania, and Turkey. Of those, only Finland, Iran, Norway and Turkey did not have communist governments already.

          Now, can you clarify which one of those countries was under a "real risk of invasion" from the Soviet Union? Because I'm not aware of any documents in the archives, or indeed anything like that, to indicate that the USSR ever seriously contemplate

      • It's just a small step from downloading a Harry Potter movie to building nuclear weapon's and selling them to Iran, I guess.

      • by wagadog (545179) on Sunday November 21, 2010 @05:57PM (#34301052) Journal

        "Why don't the banks have a better means of verifying transactions?"

        Why indeed.

        There was a time when they did, and investment banks actually invested rather than allowing failed math and physics grad students self-restyled as "quants" and "wiz kids" gin up things like CDOs on Excel.

        You'd think the gubmint would pay a little bit more attention to monitoring and regulating the practices that *have* *already* destroyed our country.

        These Wall Street spreadsheet jockeys have already destroyed more wealth in this country than all the "cybercriminals" combined.

        But going after Wall Street fraudsters just isn't a priority, because they have only destroyed middle-class people and shifted the blame to the poor.

        By contrast "Cybercriminals" are actually a threat to the rich and the super-rich, and the government's job is to protect the wealth of the super-rich.

      • I'm still more worried about nuclear missiles than I am about whether the newest Harry Potter movie is available on a torrent.

        A criminal is a criminal. Clearly the fact that you cannot see that means that you enjoy stealing potential profit from artists! I mean, sure, potential profit doesn't exist and it therefore can't be stolen, but it's still stealing to steal it!

      • by Phoghat (1288088)
        Well you have this, and then you have that [slashdot.org]

        What I think is they say "we'll help defend against missiles and fuck up your interwebs too"

    • by slick7 (1703596)

      I expected the "Cyber cold war" to be way more matrix-y than this.

      I expected the "Cyber cold war" to be way more skynet-y than this.

  • Dickie George of the NSA?

    Uh huh. Is his assistant Mike Hunt by any chance?

  • Question (Score:3, Funny)

    by Pojut (1027544) on Sunday November 21, 2010 @01:20PM (#34299256) Homepage

    Anyone else amused that the word "cyber" is still in use?

    • Anyone else amused that the word "cyber" is still in use?

      At least they didn't say "E-War"!

    • Re:Question (Score:5, Insightful)

      by maxwell demon (590494) on Sunday November 21, 2010 @01:26PM (#34299298) Journal

      Anyone else amused that the word "cyber" is still in use?

      I'm more amused about the "Soviet" part.

    • It makes those articles much more interesting to read.

    • Re: (Score:2, Insightful)

      by Amorymeltzer (1213818)

      War is war just like cyber-bullying is bullying but the term cyber war does bring with it distinctions. When you say war, people think WWII, Vietnam, Iraq - something tangible. Cyber war is beyond the grasp of most people (especially those normally involved in war) and has different rules.

      It's more like e-mail versus mail, or cyber-sex versus sex. You can prepare for or experience one, but that doesn't necessarily help with the other.

      • It depends. If a "cyberwar" could do real damage to our infrastructure -- shutting down the power grid is the most commonly used example -- then it's definitely a real war, just as real as if enemy planes are dropping bombs on our power plants. The use of new technology which permits new tactics doesn't make it "not real war," else you could claim that there hasn't been a real war since the invention of the bow! But it's a pretty big "if," and the would be "cyberwarriors" are spending a lot of time pumpi

        • by fluffy99 (870997)

          It depends. If a "cyberwar" could do real damage to our infrastructure -- shutting down the power grid is the most commonly used example -- then it's definitely a real war, just as real as if enemy planes are dropping bombs on our power plants. The use of new technology which permits new tactics doesn't make it "not real war," else you could claim that there hasn't been a real war since the invention of the bow! But it's a pretty big "if," and the would be "cyberwarriors" are spending a lot of time pumping up the threat without a lot of real evidence.

          Hitting the power grid is pretty low class and way obvious. Try thinking more subtle like Stuxnet destroying Iran's nuclear fuel processing capability. Or perhaps something to quietly influence the financial markets to bleed billions out of the US. Crashing the US flight controller computers would have a serious impact (just look at the impact immediately after 911 as an example). Or, as is currently the case, routinely penetrating their networks to collect valuable information or technology.

    • Anyone else amused that the word "cyber" is still in use?

      When I read/hear "cyber", I generally think of sex.

    • I think using the word "soviet" is even funnier.
  • meaning, 'controlling them'. maybe it would be much better if this 'security' shit is altogether forfeited. to provide 'security', we are restraining and controlling ourselves much more than a foreign occupant would actually do.
    • to provide 'security', we are restraining and controlling ourselves much more than a foreign occupant would actually do.

      And that's much more profitable anyway if we do it ourselves. C.f. Chertoff's gains from his buddies at Rape^Hiscan.

      Fed-up-edly,

  • Screw transparency (Score:5, Insightful)

    by DarkOx (621550) on Sunday November 21, 2010 @01:24PM (#34299282) Journal

    I don't want transparent security technology. I want security technology that I can see and touch and NEED to think about.

    1.When its transparent it just gets abused and used against me for crap like DRM by people who haven't the right.
    2.I want the confidence of knowing I have protection because I put it in place.
    3.I want to be able to turn it off when need be to understand where a problem exists, the security layer or something else.
    4.I don't trust my government to have my interests in mind much of the time, and as much as I distrust foreign governments and foreigners even more that dose not make me included to put the security of my information and communication in the hands of my own government which has proven its often inept and at times malicious.
    5.Its my stuff nobody should be dictating to me how I protect it or don't as a matter of principle. Just as with my house its my right to leave the door unlocked if I want to and useless as that right might sound I am unprepared to give it up.

    • by Spad (470073)

      Sorry, but point 5 only holds for as long as you're not negatively impacting other people with your bad choices. Shoddy security and poor user-awareness results in zombie machines that DDoS and spam their way into my life to the point that I really do care about it enough to want to go around locking peoples' doors for them.

      • Sorry, but point 5 only holds for as long as you're not negatively impacting other people with your bad choices.

        It's funny that you say that because the stupidity of others is what is effecting me. The answer is education. It doesn't take years and years of experience to realize that downloading random executable files off the internet, for example, is a bad idea. I'm not going to suffer just because they decided to get a computer and then refused to learn anything about it when that is practically needed.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Points 1-5 are good points, for a /.-er who knows what they are doing. However, the big security issues are people who don't care enough to keep their fly zipped.

      Point 1 is good because transparent security is security Joe Sixpack isn't leaving disabled.

      Point 2 is also good. However, having some sane defaults can't hurt, as Joe is not going to lift a finger to secure anything.

      Point 3 is also solid. However, Joe will be turning off his security at the behest of dodgy pr0n sites who tell him to in order to

    • 5.Its my stuff nobody should be dictating to me how I protect it or don't as a matter of principle. Just as with my house its my right to leave the door unlocked

      Are you sure? Even if your "house" contains tons of privacy or otherwise sensitive data and you just know that it will be stolen within a day? The internet is not a local neighbourhood anymore and leaky systems can publish data you never want to be published.

    • I'd do it in one point: the whole reasoning in the article is "a mandatory built-in rootkit controlled by national security is the way to win cyber wars" to which I reply "and give an exceptional degree of control to a bunch of people that are answerable to no one, better and cheaper to fix security holes in FOSS stacks instead and sandbox all the rest"

  • This is where they argue that the "pipes" need to be smarter and the terminals (our devices) dumber.

  • by alexwcovington (855979) on Sunday November 21, 2010 @01:27PM (#34299306) Journal

    Cyberwar! It's like war, but for people too dumb to protect themselves.

    Don't put critical systems or private data on anything attached to the public Internet. Regularly verify the physical integrity and isolation of all secure systems. For everything else, make regular backups to prevent wiping attacks. This is basic vigilance to protect vital assets.

    What I'd like to suggest to every cheap-ass corporate exec that is counting on the government instead of internal IT staff to protect their networks, is to listen to how stupid that sounds.

    • by zooblethorpe (686757) on Sunday November 21, 2010 @01:35PM (#34299350)

      What I'd like to suggest to every cheap-ass corporate exec that is counting on the government instead of internal IT staff to protect their networks, is to listen to how stupid that sounds.

      It's only stupid if the execs in question are actually responsible, and held responsible, for failing to do proper due diligence. However, as corporate behaviour in the US has consistently shown for some time now, execs are routinely let off essentially scot-free, even in the case of obviously willful and malicious profit-seeking at the expense of the company and even market -- just have a look at Enron a few years ago, or Wall Street today.

      Meanwhile, if execs can save a few bucks by essentially outsourcing network security to the Feds, and pocket the savings themselves in the form of bonuses or other compensation perquisites, then, in the ethical vacuum of US board rooms, they'd have to be mad to do otherwise.

      Cheers,

      • Seriously folks, how is my previous comment here off-topic? Executive malfeasance is a large part of what has made "cyberwar" possible. But for cutting corners, many of the glaringly large holes in the US national infrastructure vis-à-vis the internet would not exist.

        Cheers,

    • by Sulphur (1548251) on Sunday November 21, 2010 @02:10PM (#34299564)

      Check to see if your mouse is roaring.

  • by Anonymous Coward

    "The US-Soviet Cyber Cold War"
    Silly me, I thought the Soviet Union hadn't existed for nearly two decades. Clearly I was mistaken, it has simply moved into the cyber-realm with cyber-Stalin at it's cyber-helm.

    • by jc42 (318812)

      Silly me, I thought the Soviet Union hadn't existed for nearly two decades.

      Heh. If you look into the linguistic details, you'll find lots of "soviets" still functioning in what used to be the USSR. And we've got lots of them functioning here in New England, too. One of the fun facts about the propaganda industry is that the Russian term "soviet" (or more properly "sovyet", since it's two syllables in Russian) merely means "council". If you live in a town run by a town council, you have a "soviet-style"

  • TFA makes no mention of a US-Soviet Cyber War. It instead compares current events to the actual US-Soviet cold war. Interesting that China wasn't mentioned at all.
    • by ozbird (127571)

      Interesting that China wasn't mentioned at all.

      Of course not - they make the technology now, so you don't want to get them off side, eh?

  • by Anonymous Coward

    In the cold war, Americans were afraid of losing their freedom to the Soviet Union. But according to the article, the cyber cold war is about America holding on to its "intellectual property":

    In the cyber cold war, the capabilities and resources of our adversaries refers to the ability ... to steal intellectual property from businesses, secrets from governments and money from everybody.

    • by grcumb (781340)

      In the cold war, Americans were afraid of losing their freedom to the Soviet Union. But according to the article, the cyber cold war is about America holding on to its "intellectual property":

      In the cyber cold war, the capabilities and resources of our adversaries refers to the ability ... to steal intellectual property from businesses, secrets from governments and money from everybody.

      Very interesting. Especially because theft of 'intellectual property' is usually called 'espionage'. While spying and intelligence-gathering happens quite a bit during times of war, it is not warfare, per se.

      As usual, the redoubtable Seymour Hersh [newyorker.com] got there first with this observation [imagicity.com].

      • by gtall (79522)

        Seymour Hersh is a ambulance chasing conspiracy theorist. If he's what you are relying on for information, you need to get out more.

      • Especially because theft of 'intellectual property' is usually called 'espionage'.

        It's a good thing that you can't actually steal "intellectual property," then!

  • by mbone (558574) on Sunday November 21, 2010 @02:52PM (#34299882)

    Uh, the Soviet Union has been gone for 19 years. I watched the Russian Federation flags go up 26 December 1991.

    The Russian Federation is not the USSR. Neither is the PRC.

    So, who, exactly is cyber-warring with whom ?

    • Uh, the Soviet Union has been gone for 19 years. I watched the Russian Federation flags go up 26 December 1991.

      The Russian Federation is not the USSR. Neither is the PRC.

      So, who, exactly is cyber-warring with whom ?

      The KGB and other soviet era ties that took over Russian enterprise and crime as the Russian Federation flags were going up and are the true power in the post Soviet Warsaw areas.

      (I'm not sure if that was meant to be funny or not. If so, I'm laughing at my own joke with a nervous sort of laugh.

  • Are our kids going to have Global Cyber Annihilation Threat drills in school now?

    • by grcumb (781340)

      Are our kids going to have Global Cyber Annihilation Threat drills in school now?

      "Children! Prepare to CONTROL, ALT and DELETE for your homeland!"

      "Three Finger... SALUTE!"

    • by Salgak1 (20136)

      Are our kids going to have Global Cyber Annihilation Threat drills in school now?

      Would they like to play a game ??? Where in Matthew Broderick when we REALLY need him ???

  • by Animats (122034) on Sunday November 21, 2010 @03:21PM (#34300078) Homepage

    This guy gets it:

    "The cyber security professionals that we are creating today have to make security invisible to the end user. "They have to make it inherent in the out-of-the-box product that you buy and the only way to do that is for us all to work together, industry, government and academia. We need to be partnering on this."

    All this crap about "user awareness" is a dead end. It takes too much attention. The mess underneath needs to be fixed. It has to be automatic. (And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems._

    The last high-level US Government professional to publicly point this out was Amit Yoran at Homeland Security. He named Microsoft as the problem. He was canned and replaced with a lobbyist.

    • NSA's work on secure systems? Let me guess, you where referring to the clipper chip [wikipedia.org].

    • by fluffy99 (870997)

      All this crap about "user awareness" is a dead end. It takes too much attention. ..... And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems.

      You just contradicted yourself. SELinux is a pain in the ass to setup properly and requires user awareness. Most users end up turning it off when they can't figure out why it's breaking something or flooding the syslog with warnings. It's great for a dedicated purpose, internet facing server but it's virtually unusable for a desktop.

    • If it's all transparent and the "war" is waged without anyone from the public ever realizing it, then how will that help convince voters to attack the next country, now that Iraq and Afghanistan are winding down?

      For the US to attack Russia or China next, there need to be visible cyber casualties to whip up Americans into a frenzy.

    • by Nyder (754090)

      This guy gets it:

      "The cyber security professionals that we are creating today have to make security invisible to the end user. "They have to make it inherent in the out-of-the-box product that you buy and the only way to do that is for us all to work together, industry, government and academia. We need to be partnering on this."

      All this crap about "user awareness" is a dead end. It takes too much attention. The mess underneath needs to be fixed. It has to be automatic. (And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems._

      The last high-level US Government professional to publicly point this out was Amit Yoran at Homeland Security. He named Microsoft as the problem. He was canned and replaced with a lobbyist.

      No, he doesn't and you don't get it.

      People need to be educated. People need to realize that being stupid on the internet, or with computers have a price.

      Not to mention who implements and runs this "invisible security"? The gov? The corps? Microsoft?

      No, sorry. We need to educate people about the need for security and how to implement it, not get someone else to take care of it so we can blindly go on our way.

      • by gtall (79522)

        "We need to educate people about the need for security and how to implement it, not get someone else to take care of it so we can blindly go on our way.'"

        And you seriously believe the proles are going to stand still long enough to be "educated". Hell, most of them look down on education as being something only geeks and nerds. I believe everyone could be educated, but I also believe not very many give a flying rat's ass about.

    • by sjames (1099)

      It's impossible!

      I have read up on SELinux, and even hacked on it in the kernel. It is the opposite of transparent. You have to either leave it loose so it's almost like standard Unix permissions or you have to anticipate and micro-manage every possible state of every single program on the system. The latter is actually much harder than just finding and fixing all of the security flaws in the software in the first place (which has proven to be an intractable problem so far).

      Absolutely NONE of that can overco

  • Mr. Gorbachev, tear down this wall!

  • by jc42 (318812) on Sunday November 21, 2010 @04:24PM (#34300484) Homepage Journal

    Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software.

    From the earliest days of the ARPAnet that led to the Internet, people have pointed out that it's pointless to build security into the network layer(s). Putting it there is a single point of failure that can be defeated by a single bribe to the right person. And the end users won't know that the network-level security has been compromised. If your security is supplied by a vendor along your message's route, that vendor has access to your message's contents, to do with as they please.

    For this reason, it has been long understood that the only real security is in end-to-end encryption. Security at any lower level is merely a waste of cpu cycles and bandwidth. It can't be trusted by the users, who must supply their own security. So the network layer should work on supplying fast, reliable packet transport. Security belongs a higher level, out of control of the companies that deliver the packets.

    Note that the most-used widely-available security package, SSL, works solely at the sender and receiver ends of a connection, and relies on the network for nothing but packet transport. And it supplies a list of encryption schemes, so if you learn or suspect that someone along the route has managed to crack your encryption, you can quickly change the scheme without the cooperation of any vendor supplying the links.

    It is slowly getting through to a lot of people that the commercial Internet vendors have become a common source of data leaks, for well-understood commercial reasons. So relying on them to supply network-level security is an especially stupid idea. They will simply decode your data, and sell the contents to interested parties without your knowledge. Your only defense against this is to use encryption that they can't decode.

    • Hey, maybe I shouldn't be critical of such positive mods, but I'm a bit worried that my post has a "5 insightful" mod, with most of the mods being "insightful". This could be taken as a sign of the low quality of a lot of the moderation here. After all, I didn't write anything the least bit original. I was just saying what any number of security people have been saying for longer than I've been involved in computer software. Everything I wrote is common in the technical literature about network security

  • NSA SIGINT guy, to paraphrase, claims that we really need to do something about this end-user "reasonable expectation of privacy," or my agency can collect no domestic signals intelligence, and I'm out of a job. It's just like the "Cold War!" Panic everybody.

    And Microsoft stands behind him, ready to sell it, just like they were there to sell DRM/Palladium to Hollywood and the RIAA in 2000. Selling the same basic product. Trying to solve a human problem in software. How's that working out?

    It is clear, howeve

  • War (Score:3, Funny)

    by The_mad_linguist (1019680) on Sunday November 21, 2010 @05:56PM (#34301040)

    War. War is Hell.

    Cyber-war is cyber-hell. Full of cyberdemons. Bring a shotgun.

  • by mabu (178417)

    I think ground zero in the security war always begins and ends with the spam industry, which seems to be at the forefront of exploitation.

  • Listen to that funding-generating rhetoric. We can kiss the open internet goodbye now. From now on it will be 'You can choose to have your packets x-rayed or groped.'

  • But the Cold War is over! David Kuo told me that the US won. Say it's still so, Kuo!
  • Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user

    In contrast where the NSA has had the potential to hide backdoors (since Windows 95) and make everything so non-tranparent as they work on MS Windows security.

    Since the work is undisclosed no one can confirm or deny these backdoors.

    Makes you wonder what they're up to now.

    http://support.microsoft.com/kb/885409 [microsoft.com]
    http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems/microsoft_windows.shtml [nsa.gov]

    • by gtall (79522)

      Damn, you caught us! Now we'll have to work double hard to hide those flying pigs we've been working on.

  • I don't really see how this is like the Cold War. That would involve Soviet Russia. Seems to be closer to terrorism. Cyber terrorism...I think I've heard that one before...

You don't have to know how the computer works, just how to work the computer.

Working...