Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security United States IT

US Most Vulnerable To Cyberattack? 118

alphadogg writes "Several nations, most prominently Russia, the People's Republic of China and North Korea, are already assembling cyber armies and attack weapons that could be used to attack other nations. Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control, it's particularly vulnerable to the denial-of-service attacks, electronic jamming, data destruction and software-based disinformation tricks likely in a cyberattack. Here's what ex-presidential adviser Richard Clarke, who is releasing a new book called Cyber War, and others are saying needs to be done to keep cyberwars from escalating into full-scale combat."
This discussion has been archived. No new comments can be posted.

US Most Vulnerable To Cyberattack?

Comments Filter:
  • first post (Score:1, Insightful)

    by slick7 ( 1703596 )
    Quis custodiet ipsos custodet
    • by Jeremiah Cornelius ( 137 ) * on Wednesday April 07, 2010 @10:56AM (#31762278) Homepage Journal

      Same damn tune.

      I'm in InfoSec - vulnerability assessment and remediation. I used to see him speak in the Clinton years, when he'd toot the f-ing horn, how he had Big Bill's ear about this. After 911 he went on a book and lecture circuit.

      Bullshit then, and now.

      • Re: (Score:3, Informative)

        > I used to see him speak in the Clinton years

        As I recall he was one of the few people who was trying to warn about the rise of AQ. Given the outcome, I don't see how this should be construed to be a negative.

        • Re: (Score:3, Insightful)

          by BobMcD ( 601576 )

          Really??? Oh, now THAT is interesting.

          Descend with me for a moment into conspirator territory:

          1) Assume for a moment that 'terrorism' was mostly just a rip-and-replace of the old enemy, 'communism'. And I could discuss this at length if desired, but bear in mind, at a minimum, that Osama being a terrorist was not only okay during the 80's, but he was terrorizing using our own tax dollars. Terrorism isn't new, by any means, and it has only recently become intolerable. Anyway, assume 's/communism/terroris

          • I am not averse to conspiracy theories and I wouldn't dismiss this one out of hand. But at this point in time, with the information available to the general public, Occam's razor doesn't favor this interpretation.

            Although he has a public profile, Clarke is by no means the early voice on this. Check and you will see that this has been raised publicly for at least 3 years now. (The name of early guy escapes me - he's from the Naval War College.) The defense companies started hiring in earnest for this abo

            • Occam's razor is an appropriate tool to identify elegance in scientific theory related to observed processes and phenomena without a determined theoretical explaination. For instance, water seeks its own level, not because of an attraction of the tiny water spirts to other naiads, but rather because of the constant force of gravity

              Applying Occam to complex relations of desire, will, psychology, politics and covert coersion constitutes a fallacy. It's as if you tried to explain racism by means of Ohm's law.

              B

        • Al CIAda? Pull the other one, it's got bells on it.

      • And I assume he's pulling down serious consultant coin from clueless PHBs in both the public and private sector. In a way, he is just another lobbyist trading on his former public service - and he probably only 'served the public' merely to get to these golden tickets.
      • You're in security and you call bullshit on someone who was saying the things that could have prevented the 9/11 attacks?

        You're in a dreamworld.

        He did have Bill's ear. The Clinton administration, as much as I detested it, did do a decent job of protecting the U.S. from terrorist threats.

        Enter George Bush who wanted us to be attacked. They ignored Mr. Clarke and we all know the results.

        • 911 was conducted with the deliberate collusion of agents within the US government, among others. The WTC attacks were a desired outcome, in the Operation Northwoods model, writ large.

          It was always preventable, and intentionally allowed to continue.

          Read PNAC again.

          "Does the order still stand?" [youtube.com]

  • by calibre-not-output ( 1736770 ) on Wednesday April 07, 2010 @10:49AM (#31762144) Homepage
    ...to back any of this up.
    • by Yvanhoe ( 564877 )
      There was no evidence that terrorists could hijack a plane into a building and make it collapse before 9/11.

      Serious security assessment on critical infrastructures is the least effort the government should do. I personally think that allowing full disclosure of security problem would greatly help that but what do I know...
      • by calibre-not-output ( 1736770 ) on Wednesday April 07, 2010 @11:08AM (#31762432) Homepage

        I personally think that allowing full disclosure of security problem would greatly help that but what do I know...

        About as much as me, I'd assume.

        The obvious staring-you-in-the-face difference between this and 9/11 is that this book is flinging accusations at specific parties - all of them major world governments - without any evidence. It's very different from saying "a group of cyberterrorists is in principle capable of hijacking our servers and messing with our communications", and more like saying "Iraq has WMD, let's fuck their shit up" - also without evidence.

        • by hedwards ( 940851 ) on Wednesday April 07, 2010 @11:48AM (#31763090)
          That's not analogous at all. We know, and have known for some time, that a huge number of attacks come out of China and Russia. While we don't specifically know that the Russian or Chinese government is sponsoring it, we do know pretty reliably that they don't seem to care about it as long as the crimes are being addressed over seas. That's completely different than the claim that the Iraqi government owned and controlled weapons of mass destruction something which was never substantiated following the formal dismantling of those after the first gulf war.

          At the end of the day, the argument you make is disturbingly similar to: because Neo-Nazis just post the details of people they want assassinated that they aren't themselves responsible, when it's almost certain that given and address and a motive somebody will follow through.

          And no, I'm not being as extreme with the examples as it might appear, there's any number of electronic devices which could cause that level of trouble. Ever imagine what would happen if somebody were to screw with the communications infrastructure? It's not that hard to believe that people could die as a result. Especially if done in conjunction with a suspected terrorist attack.
          • by BobMcD ( 601576 )

            That's not analogous at all. We know, and have known for some time, that a huge number of attacks come out of China and Russia.

            Just as we knew that Saddam had rockets of some type and the willingness to utilize them?

            Seems perfectly analogous to me.

            Ever imagine what would happen if somebody were to screw with the communications infrastructure? It's not that hard to believe that people could die as a result. Especially if done in conjunction with a suspected terrorist attack.

            Deaths would be assured. The military response against such 'terrorists' would be a decade long, and "China and Russia" know that well.

          • Re: (Score:3, Interesting)

            That's not analogous at all. (...) At the end of the day, the argument you make is disturbingly similar to: because Neo-Nazis just post the details of people they want assassinated that they aren't themselves responsible, when it's almost certain that given and address and a motive somebody will follow through

            Please, do point out to me where I said that it was analogous. What I did say is that

            It's very different from saying "a group of cyberterrorists is in principle capable of hijacking our servers and messing with our communications", and more like saying "Iraq has WMD, let's fuck their shit up" - also without evidence.

            which is very different from your Neo-Nazi analogy. By the way, how is that different from when the police or news outlets divulge photos and information on wanted criminals? someone might decide to hunt them down and do justice with their own hands as well. Or is the fact that the known criminals happen to be missing somehow a merit of the people who are setting the hounds on them?

            Your example is extreme, and it is not

        • > this book is flinging accusations at specific parties - all of them major world governments - without any evidence

          This is very much a mouse and cat game. Given how difficult it is to trace attacks to their source you are rarely going to have absolute technical evidence. What you will have is human asset confirmation of suspicions of each country's programs and capabilities. No country is going to reveal those assets before hand, certainly not for a book issued to the general public.

          Honestly I don

          • I agree with every word of your post, but precisely because of this it's obvious to me that there can be no other reason behind publishing this book full of outrageous (even if true - if there were available evidence it would be different) claims than the furthering of a very specific political agenda. I do think that's a very nice definition of FUD?
      • by sznupi ( 719324 )

        But...there was evidence that "something's up" before 9/11. Wasn't followed properly.Not much of an evidence what exactly will happen of course, but it was quite clearly established that some people are capable of suicide missions, taking many bystanders with them. And that you can hit a building with a plane.

        Somewhat the opposite of what we have here - we are preparing for such attacks all the time after all, trying to secure our networks. Now, it seems, al we need is perpetrators.

        • by Yvanhoe ( 564877 )
          China manufactures much of our electronic equipment and IT infrastructure, has very competent hackers, trained some in military programs (it was fairly proud of it during the dotcom bubble). It is clear that a backdoor can be built into many equipments. In the recent wave of attacks, everyone talked about Google but medias forgot quickly that ~20 US companies were targeted. There are people to do it, means to do it, all that is lacking is a motive.

          I honestly think that every sane country should keep, eve
        • Somewhat the opposite of what we have here - we are preparing for such attacks all the time after all, trying to secure our networks. Now, it seems, al we need is perpetrators.

          You obviously do not work in the security field.

          The problem is, we _aren't_ trying to secure our networks, and we're _not_ preparing for such attacks. We have the idea that "follow this checklist, and I'm secure" and the checklist is giving out 5 year old security advice that's no longer valid.

          Following old security advice is not only ineffective, but it can be dangerous.

          We assume that since we've never noticed an attack, there must not have been one. That works fine in the physical world with bombs and s

      • A FedEx plane was hijacked in 1994 with the express purpose of crashing it into a building. http://en.wikipedia.org/wiki/FedEx_Flight_705 [wikipedia.org] The crew was able to subdue him, so it really didn't make much news.

        Sure, the hijacker never crashed it into a building, thus there was no building collapse. Any idiot could see that a successfully hijacked jet makes a great weapon.
      • by BobMcD ( 601576 )

        There was no evidence that terrorists could hijack a plane into a building and make it collapse before 9/11.

        Not only was there evidence of this, but it was common knowledge. Hijacking happens, and planes do collide with buildings occasionally.

        What was not common knowledge, was the amazing effect of doing so. But the factuality of exactly how this happened is still in debate today.

      • by Bigbutt ( 65939 )

        There were probably lots of books including the Tom Clancy tome, Debt of Honor from 1994 where a jumbo jet was crashed into The Capitol in DC, that brought up the possibility of an airplane crashing into a building on purpose.

        [John]

    • by sznupi ( 719324 )

      Be afraid. Be very afraid.

    • So what, we shouldn't worry about it? That's how the Iranian cylons will win!

    • by Seanface ( 1477009 ) on Wednesday April 07, 2010 @11:32AM (#31762782)

      That's an awfully broad statement. There's evidence, though it's mostly based on circumstance. I don't think I need to be linking articles about the China Cyber Attack stuff, or North Korea, as that's all fresh.

      But I'm happy to offer other links from the recent and not so recent past that are relevant.

      Somewhat recent -

      Russian Cyber Attacks on Georgia
      http://blogs.zdnet.com/security/?p=1670 [zdnet.com]

      PowerGrid Vulnerability of the US
      http://www.time.com/time/nation/article/0,8599,1891562,00.html [time.com]

      In a Galaxy Far Far Away... 1998, a brief description of L0pht testifying before congress.Excerpt included.
      http://hsgac.senate.gov/l0pht.htm [senate.gov]

      ""We have become so dependent on communications links and electronic microprocessors that a determined adversary or terrorist could shut down federal operations or damage the economy simply by hacking into our computers. The two General Accounting office reports which will be released at our hearing--one on the State Department and one on the Federal Aviation Administration- -raise serious concerns about the risks to the public because of information security weaknesses.""

      • That being said, I am not attempting to fearmonger and take away freedom or privacy. I'm playing devil's advocate for what is really more of a business continuity issue than a government concern (at the moment).

      • Re: (Score:1, Flamebait)

        And is there evidence for the general tone that these governments are all planning to sabotage the USA?

        But perhaps that's just me being picky. What really worries me about all this is the combination of this "ciberwar/cyberterrorism" concept with the general mentality of the USA government that "all of our citizens are domestic terrorists until proven otherwise". That just spells out "invasion of privacy" in big bold red letters.
  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Wednesday April 07, 2010 @10:50AM (#31762168)
    Comment removed based on user account deletion
    • Re: (Score:3, Funny)

      by Jazz-Masta ( 240659 )

      Pray tell, why should a system such as Air Traffic Control even be accessible on a public network such as the internet? To the best of my knowledge air traffic controllers aren't allowed to telecommute. Why aren't networks such as this hardened and kept off public networks?

      How else are the Air Traffic Controllers going to get their fix of cute kittens [worldscutestanimals.com]?

    • Re: (Score:3, Insightful)

      by jittles ( 1613415 )
      probably so you can do things like In-flight tracking [flightaware.com] and other handy things. Now that doesn't mean they can't design their network in such a way to make it so such attacks on the actual air traffic system are impossible.
      • Use a data diode (Score:3, Interesting)

        by ka9dgx ( 72702 )
        They could use a data diode [wikipedia.org] to make a read-only copy of the flight tracking information available to all, with zero risk to the air traffic control network. These devices are in use by goverments to protect really secret stuff... so they should work for this as well.
    • > Pray tell, why should a system such as Air Traffic Control even be
      > accessible on a public network such as the internet?

      Why do you believe that it is?

      • by BobMcD ( 601576 )

        > Pray tell, why should a system such as Air Traffic Control even be
        > accessible on a public network such as the internet?

        Why do you believe that it is?

        Um...

        Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control, it's particularly vulnerable to the denial-of-service attacks, electronic jamming, data destruction and software-based disinformation tricks likely in a cyberattack

        I know that's all the way at the top of the page there, but you really might scroll up to see the summary before engaging in the discussion...

  • They have super duper ultra evil weapons that only those in the upper echelons (hehe) of the government know about! Give up more of your freedoms, citizen!

    • Re: (Score:2, Insightful)

      by thijsh ( 910751 )
      The patriotic upper echelons know all about these threats, they have carnivorous software, and cool acronyms like SIGINT, and COINTELPRO and nice 'social networks' like room 641A. And they already have the plans in place to chip away at your block of freedom.
      The only thing they can't figure out is how to explain it to us with a bad car analogy.
  • second post (Score:3, Insightful)

    by slick7 ( 1703596 ) on Wednesday April 07, 2010 @10:52AM (#31762212)
    As long as the US outsources IT, it is to be expected that there will be those that will challenge our preeminence in any field related to IT.
    • by Jeng ( 926980 )

      So by your logic unless we have our own IT 100% in the US then we will not be the leaders in IT? So even having .00something% not in the US we will not be the leaders in IT?

      How about if we outsource the bottom of the barrel tech support but keep the more advanced stuff here in the US? I'm pretty sure that describes the current situation of outsourcing better.

      • Re: (Score:3, Informative)

        by Maxo-Texas ( 864189 )

        Nope.

        At my company, a large indian offshoring company has taken over about 80% of the top technical jobs.

        And of our remaining programmers, at least 90% are not allowed to code any more- only design. out of a 200 person staff that coded for 10 to 20 years, less than 20 code.

        I coded until 2007. Used to be pretty good too. Probably would take me 90 days to come back up to speed even with just installing the tools (and that's assuming I could get to the tools over a battle damaged internet).

        • by Jeng ( 926980 )

          So basically the management of the company you work at sold 80% of how the business is run to another company that will eventually make the company you work for obsolete for short term gain.

          And that is why management makes the big bucks...for now, then like others the management when out of a job will bemoan the outsourcing movement.

          Outsourcing to the extent that you say your company has outsourced is a bad idea in my opinion.

          Outsourcing first level tech support not so bad.

      • by slick7 ( 1703596 )
        If the US workers are not willing to do grunge work, what guarantee the cake work will be available?
    • by fnj ( 64210 )

      WHAT preeminence???

  • Another govt stooge in management like Melissa Hathaway that lacks a background in computer security and only knows what layers of bureaucrats said. Maybe he is qualified to be a CIO?
  • by peter303 ( 12292 ) on Wednesday April 07, 2010 @10:56AM (#31762284)
    His OS is used 90% of US computers, including military ones. And it security holes you could sail an aircraft carrier through.
    MicroSoft has been more diligent about security lately. But the damage has already been done.
    • Only 36 percent of security issues from Microsoft Products are caused by faulty security settings. See this blog post [blogspot.com]for more info.
    • Re: (Score:3, Insightful)

      I'm as anti-Microsoft as you can get without stepping into fanboy territory, but any system that had such a wide deployment would be more sought after by malicious programmers, and would thus have more actively exploited security flaws. Blame MS for default settings being too loose on security, but don't blame them for being under heavy fire all the time.
  • Whats so special about the fact that the US is more vulnerable? Just because the government is vulnerable, that doesn't mean that everyone is vulnerable. If my proposed standard occured, a DDoS attack would actually benefit the internet.
    • by vlm ( 69642 )

      Whats so special about the fact that the US is more vulnerable?

      All our IT (plus or minus rounding errors) is outsourced to our global competitors, most of whom are beyond the reach of our legal system. In the short term they benefit by keeping us running. In the long run they're better off sinking us. Wonder what'll happen?

  • by kbonin ( 58917 ) on Wednesday April 07, 2010 @11:03AM (#31762376)

    As nearly anyone working on the "front lines" of security will tell you, most companies don't really care about security past some low level of lip service. Corporate networks [nearly] always have firewalls, but most of the time the IT staff is paid to care more about restricting employees from 'wasting company time' than in managing advanced multi-level defenses (why most networks are 'crunch on the outside, soft and chewy on the inside.') Equipment and software vendors provide password level security, often with authentication integration into LDAP/AD, but rarely support real tokens or PKI's backed by an HSM, as most companies don't want to pay for a real HSM (and with post dot bomb price escalation, that's often understandable - $40k for a 1U server with layered tamper switches and a custom app?) CSO's are treated as a cost center along with the rest of IT, and its often the policy to force people to keep quiet when major breaches occur. Its simpler and cheaper to make sure the board and stockholders don't know how often the databases and repositories are exported to FTP sites in China than to actually make it really difficult to succeed, as real security often costs real money. There's a whole underground industry of targeted penetration, as ethics and patriotism fall to greed - the underlying problems are far deeper than basic "cybersecurity".

    • Re: (Score:3, Funny)

      by godrik ( 1287354 )

      well I requested an access to a machine where the procedure to get access are crazy (as in checking you are not a known terorist and making notarized declarations). When I had a problem login onto the machine, I sent a uncrypted/unsigned email to help@service and the admin replied by giving me a password in clear...

    • The next thing people need once they care about security is real options which make them secure. By default its not possible to run an untrusted program on a PC in a safe manner. There needs to be a way to do that. There needs to be a way to specify the capabilities a program is going to have at run time, to limit the side-effects to those designated by the user.

      Useful steps in this direction include AppArmor and chroot jails on the Linux side, and SandboxIE on the windows side.

  • Just as most users will never secure their PCs unless Something Very Bad happens, neither will many businesses and government agencies.

    Virus and malware attacks provoke some immune response, but if we are to become strong something must weed out the weak.

    Parasites, botnets, etc, aren't enough of a threat. The only thing that will provoke intelligent security practice is attacks that disrupt, disable, damage and destroy.

  • There is no "cyber". It's just the internet. These politicians sound like they've been briefed out of a copy of Mondo2000 from 1994.

    • That's easy, the internet is all hooked up through cybernetics! Cyborgs actually have to run to carry packets of data around, that's why there are so many lag issues. But with new advances in robots it's getting easier.
    • Re: (Score:3, Interesting)

      by Trepidity ( 597 )

      Indeed, that prefix really makes no sense. To quote Ted Nelson [xanadu.com.au]:

      "Cyber-" is from the Greek root for "steersman" (kybernetikos). Norbert Wiener coined the term "cybernetics" for anything which used feedback to correct things, in the way that you continually steer to left or right to correct the direction of a bicycle or a car. So "cybernetics" really refers to control linkages, the way things are connected to control things.

      Because he was writing in the nineteen-forties, and all of this was new, Wiener beli

    • It's all owned by Cyberdyne Systems. http://en.wikipedia.org/wiki/Cyberdyne_Systems [wikipedia.org] *Terminator theme plays in the background*
  • I bet the postage-stamp countries in Africa are LEAST vulnerable to cyber attack.

  • by petes_PoV ( 912422 ) on Wednesday April 07, 2010 @11:24AM (#31762660)
    I suppose this counts as a firewall gap, or a software gap. In fact it's probably just a load of sabre-rattling and FUD put about by the interseted parties to get a little more pork from an easy target, rather than having to go out there and sell products that normal people want, in the real world.

    Or it could just be good old fashioned xenophobia

    • by Rich0 ( 548339 )

      Moreover, a serious cyber-warfare attack against the US would probably serve as a strong deterrent to a repeated attack in the future.

      A bunch of terrorists in a rogue state knock out the US power grid for a week. US government calls up government of rogue state and one of two things happens:

      a. Rogue state tracks down terrorist, and makes a nasty public example of them, or hands them over to the US to be made a nasty public example of.

      b. Rogue state pulls a Taliban, and US pulls an Enduring Freedom.

      For so

      • Yes, it occurs to me also that escalating cyberwarfare into a real hot war, is the answer.

        Hackers can't do very much when the city they come from has been hit by an EMP from a nuclear weapon.

        • by BobMcD ( 601576 )

          Also, power plants tend to be susceptible to cruise missile attack...

        • 'cept that the hackers (like other forms of terrorist) are just as likely to be "your own" people as from other countries. Even if they were from another country, there's nothing to stop them getting into the target country and then attacking from there. If you nuke'd your own cities I guess they'd win twice :-)
          • by Rich0 ( 548339 )

            Well, in the case of troublemakers back home, the solution would be swat teams or special forces, depending on severity. You don't need to out-hack the hacker - you just need to find them.

          • If they're from your own city, then it's even *easier* to stop them. Trace the packets to the specific neighborhood, pull the fuse from the power line.

  • Has anyone wonder why we need to scrap liberties in the name of security that we seemed to do fine with even during World War II or the Cold War? I mean, once upon a time, we actually had to worry about British spies (for the 19th century), German spies (two world wars), Soviet Spies (the Cold War), and yet we kept to open borders. Why now, is it, that a penny anny bunch of backwards people have us ripping up the Constitution? It's just not worth it.

    • Re: (Score:1, Flamebait)

      Different kind of warfare. The British, Germans, and even the Soviets basically come from the same set of values we do- and thus their spies followed the unwritten rules (get military secrets only, don't attack civilians, etc).

      The Islamics don't come from a Judaeo-Christian background; and the advent of the Dogma of Sola Jihad among the Muwahiddun sect of Islam [blogspot.com] has resulted in a a war we have already lost [blogspot.com].

      This results in only TWO viable solutions: closed borders or genocide. Unfortunately our for-profit

      • by BobMcD ( 601576 )

        You're so far off topic as to be incoherent.

        Topic - 'cyber attacks'.

        Summary - 'Russia, the People's Republic of China and North Korea'

        Your rebuttal - 'Islamic terrorists'

        Does not compute.

        • So was the gp post- we have no need to scrap any liberties to fight cyberattacks. Read what tjstork wrote on, and my reply will make more sense to you.

  • For what I know the NK people does not have access to a computer on school, so how can they be a threat to US? Unless the "great leader" is a genius with computers. I read somewhere that he is the only citizen with Internet access on NK.
  • I don't know if any one saw this or takes Wired seriously for that matter, but here is an "article" about cyberwar attacks being an urban legend. There was an article on Wired a while ago about the same thing, it also brings up the idea that using the word "Cyber" is a very negative prefix for an internet based situation usually before an equally negative word like terrorism or war http://www.wired.com/threatlevel/2010/03/urban-legend/ [wired.com] Have at it.
  • Nail Randall Monroe. He's a terrorist advocating the use of computers as weaponry. http://xkcd.com/504/ [xkcd.com]

  • by MarkvW ( 1037596 ) on Wednesday April 07, 2010 @12:06PM (#31763410)

    This is just lobbying for a powerful special interest group that wants lots of tax money.

    The US is deployed in two nations at extreme cost. People ignore the brutal financial hit these military interventions are making. We're acting like an enraged bull. Our enemies win when they make us exhaust ourself. The military industrial complex is blind to this issue. They are a hammer that sees problems as nails--and they are self interested. The contractors are in it for the money. The military is focused on "defense." There is nothing wrong with either position--but we must DIRECT them--not let them direct us.

  • What worries me is overdependence on GPS. There are a small number of GPS satellites, there aren't as many on-orbit spares as there are supposed to be, and there's one central GPS control center. Migration to GPS as the primary air traffic navigational system is risky.

    The satellites can survive 14 days of control center downtime, and the newer satellites with "autonav" capability can operate on their own for 180 days. If the USAF launches the ten additional satellites now being built on schedule, the

  • The Most? (Score:2, Interesting)

    Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control,

    Given that every country in the whole world is dependent on the same technology for literally everything --down to irrigation control in agriculture in some cases-- it doesn't seem to me like the USA are automatically the "most" vulnerable country.

    Alright, the US has been the host of the most part of the internet for years. It's been the main, or one of the main, repositories of technology worldwide, for years. And yes, it's been the place where the most renowned cybercrimes were perpetrated... for years

  • I'm in the industry and can tell you we are VERY weak. There are relatively simple meathods an attacker could take out nearly everything inside the US. Here's a pretty simple meathod: 1. Hack several PBX's (happens all the time. Most companies don't secure them at all) 2. compile a list of every Tech support number in the US. I happened to have such a list as do most people that work for ISPs. Customer calls you, the problem is someone elses, so you transfer them. It's good to have a list. 3. Setup the PBX
  • by Anonymous Coward

    The cheapest solution is to outsource the security problem to either 1) India or 2) China. Outsourcing to China can lead to better cost benefits, but is in general less established than the outsourcing establishment already in place in Bangalore. American soldiers trained in IT can train the people replacing them in the PLA (Chinese Peoples Liberation Army) on how to keep America safe, and how to monitor America's networks. Similarly, the PLA can just take over for the Department of Homeland Security as

  • We still can disconnect the trunk lines and satellite feeds to any nation that tries this, and they all know it.

    Besides, it won't impact the 1000 Gpbs Internet 2 that most major universities and other important things use - that runs on more secure protocols with more secure devices.

    Not that it won't shut down Facebook ...

  • Oblig Star Trek link (Score:2, Interesting)

    by Curate ( 783077 )
    keep cyberwars from escalating into full-scale combat

    A noble goal. Forget trying to prevent cyberwars, but definitely contain them so that there is no actual physical combat. That way there are no real casualties, right? Somehow this instantly reminded me of the Star Trek episode "A Taste of Armageddon" (http://memory-alpha.org/en/index.php/A_Taste_of_Armageddon_%28episode%29) where two societies wage war using computer simulation, but with real human casualties. Star Trek really was ahead of its time

  • > Here's what ex-presidential adviser Richard Clarke...and others are
    > saying needs to be done to keep cyberwars from escalating into full-scale combat

    How about threats of full-scale combat to keep cyberwars themselves from escalating?

  • I mean an attack by US citizen(s) acting in the interest of foreign power. The Prague agreement should be sufficient example.
    Well, in this case at least the US citizenship has been contested.

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...