The US-Soviet Cyber Cold War 117
Roberto123 writes "A security expert with the NSA says a cyber cold war is being waged that has significant parallels to the Cold War between the US and Soviet Union. Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software."
Damn (Score:2)
Re:Damn (Score:4, Funny)
Re: (Score:2)
I dunno. Waking up nekkid in a VAT of slime might have its downsides. Although there probably would be a lot of nekkid chicks nearby...
It's even more boring. (Score:5, Interesting)
From TFA:
Oh noes!!! The Nigerian scammers are taking our Freedom! Teenagers downloading our movies are stealing our way of life!!!
How about we focus on the real issues? Why don't the banks have a better means of verifying transactions?
I'm still more worried about nuclear missiles than I am about whether the newest Harry Potter movie is available on a torrent.
But that's just me.
Re: (Score:2)
How about we focus on the real issues?
You have to question why a security expert with the NSA compares fighting computer crime from a nation with a GDP comparable to the state of Texas [wikipedia.org] with the old real threat of absolute destruction from a foe that had [wikipedia.org] a little over half the GDP of the US at the time, but had a larger population, larger land mass, and a larger workforce... along with a whole bunch of US destroying missles.
Naw. I understand his job. (Score:4, Informative)
He's propping up his job with whatever rhetoric he can dig up.
zOMG!!! It's like the nukes are coming back! But they're even badder now. We must fears them even moars! Fearz them! It's the only way I'll keep my job!
Instead, just a bit of modification on the side of the banks and we'd have almost no "identify theft" fraud.
But that doesn't happen because the banks don't want the cost of improving their security.
Not when that cost can be dumped onto us (the customers) and the retailers.
More pushing of Clarke's book (Score:2, Insightful)
Somehow, everyone is supposed to conveniently forget how the Clinton administration, with Richard Clarke as the national security advisor, handed the Chicoms the over-the-horizon missile targeting, placing them on par with the USA. And everyone is sup
Re: (Score:2)
I'm not saying your claims are incorrect, but I can find no corroborating sources for them. Would you care to source them?
Re: (Score:2)
Most people are ultimately comfortable with their worldview (even scary one) / need to largely be...supplanted, die out, for the world to improve.
Some of us still remember the cold war... (Score:2, Interesting)
Some ("Many" might be more appropriate here) of us still remember the cold war and lived in the small countries that bordered the soviet union. I lived in a country that bordered the soviet union and the risk of invasion was very real (the communist party also planned a revolution, even though they failed to carry that out) even without a large scale nuclear war. But the risk of the war - That only a few people would need to be too trigger happy and tomorrow the world as we know it might not exist - was al
Re: (Score:2)
I lived in a country that bordered the soviet union and the risk of invasion was very real ... Every news broadcast about the latest political tension between us and our large neighbour was a reminder of it.)
Was? Why is this in the past tense? If you live near Russia, this shit happens now.
Re: (Score:2)
If you live near Russia, this shit happens now.
Can you give one example of any country bordering Russia that is presently at risk of an unprovoked invasion from it?
Re: (Score:3, Interesting)
"Unprovoked." Cute.
Re: (Score:1, Flamebait)
I had to clarify. USSR has invaded Germany in 1945, and US invaded Japan - but I don't suppose that is the kind of thing you had in mind.
Let me be more specific, then - by "provocation" I specifically mean a deliberate and intentional act of aggression against Russian territory, or Russian troops legally stationed overseas. A specific example of that would be Georgian troops shelling Russian peacekeeper base in Tskhinvali during the Georgian invasion of South Ossetia, killing several troops stationed withi
Re: (Score:2)
lived in a country that bordered the soviet union and the risk of invasion was very real ...the communist party also planned a revolution, even though they failed to carry that out
Soviet Union bordered the following twelve countries: Afghanistan, China, Czechoslovakia, Finland, Hungary, Iran, Mongolia, North Korea, Norway, Poland, Romania, and Turkey. Of those, only Finland, Iran, Norway and Turkey did not have communist governments already.
Now, can you clarify which one of those countries was under a "real risk of invasion" from the Soviet Union? Because I'm not aware of any documents in the archives, or indeed anything like that, to indicate that the USSR ever seriously contemplate
Re: (Score:2)
It's just a small step from downloading a Harry Potter movie to building nuclear weapon's and selling them to Iran, I guess.
Re:It's even more boring. -- and even more scary (Score:4, Insightful)
"Why don't the banks have a better means of verifying transactions?"
Why indeed.
There was a time when they did, and investment banks actually invested rather than allowing failed math and physics grad students self-restyled as "quants" and "wiz kids" gin up things like CDOs on Excel.
You'd think the gubmint would pay a little bit more attention to monitoring and regulating the practices that *have* *already* destroyed our country.
These Wall Street spreadsheet jockeys have already destroyed more wealth in this country than all the "cybercriminals" combined.
But going after Wall Street fraudsters just isn't a priority, because they have only destroyed middle-class people and shifted the blame to the poor.
By contrast "Cybercriminals" are actually a threat to the rich and the super-rich, and the government's job is to protect the wealth of the super-rich.
Re: (Score:2)
I'm still more worried about nuclear missiles than I am about whether the newest Harry Potter movie is available on a torrent.
A criminal is a criminal. Clearly the fact that you cannot see that means that you enjoy stealing potential profit from artists! I mean, sure, potential profit doesn't exist and it therefore can't be stolen, but it's still stealing to steal it!
Re: (Score:1)
What I think is they say "we'll help defend against missiles and fuck up your interwebs too"
Re: (Score:2)
I expected the "Cyber cold war" to be way more matrix-y than this.
I expected the "Cyber cold war" to be way more skynet-y than this.
Dickie George?!? (Score:2, Funny)
Uh huh. Is his assistant Mike Hunt by any chance?
Question (Score:3, Funny)
Anyone else amused that the word "cyber" is still in use?
It could be worse! (Score:2, Funny)
Anyone else amused that the word "cyber" is still in use?
At least they didn't say "E-War"!
Re:Question (Score:5, Insightful)
Anyone else amused that the word "cyber" is still in use?
I'm more amused about the "Soviet" part.
Re: (Score:1, Redundant)
Re: (Score:2)
They need more funding to protect you from the 1337nuclear e-Communist iCybersovietmatrixunion.
-
Replace it with blogosphere. (Score:2)
It makes those articles much more interesting to read.
Re: (Score:2, Insightful)
War is war just like cyber-bullying is bullying but the term cyber war does bring with it distinctions. When you say war, people think WWII, Vietnam, Iraq - something tangible. Cyber war is beyond the grasp of most people (especially those normally involved in war) and has different rules.
It's more like e-mail versus mail, or cyber-sex versus sex. You can prepare for or experience one, but that doesn't necessarily help with the other.
Re: (Score:2)
It depends. If a "cyberwar" could do real damage to our infrastructure -- shutting down the power grid is the most commonly used example -- then it's definitely a real war, just as real as if enemy planes are dropping bombs on our power plants. The use of new technology which permits new tactics doesn't make it "not real war," else you could claim that there hasn't been a real war since the invention of the bow! But it's a pretty big "if," and the would be "cyberwarriors" are spending a lot of time pumpi
Re: (Score:2)
It depends. If a "cyberwar" could do real damage to our infrastructure -- shutting down the power grid is the most commonly used example -- then it's definitely a real war, just as real as if enemy planes are dropping bombs on our power plants. The use of new technology which permits new tactics doesn't make it "not real war," else you could claim that there hasn't been a real war since the invention of the bow! But it's a pretty big "if," and the would be "cyberwarriors" are spending a lot of time pumping up the threat without a lot of real evidence.
Hitting the power grid is pretty low class and way obvious. Try thinking more subtle like Stuxnet destroying Iran's nuclear fuel processing capability. Or perhaps something to quietly influence the financial markets to bleed billions out of the US. Crashing the US flight controller computers would have a serious impact (just look at the impact immediately after 911 as an example). Or, as is currently the case, routinely penetrating their networks to collect valuable information or technology.
Re: (Score:2)
Anyone else amused that the word "cyber" is still in use?
When I read/hear "cyber", I generally think of sex.
Re: (Score:2)
Re: (Score:1)
Transparent to the end user yeaaah. (Score:2)
Yay, profits! (Score:2)
to provide 'security', we are restraining and controlling ourselves much more than a foreign occupant would actually do.
And that's much more profitable anyway if we do it ourselves. C.f. Chertoff's gains from his buddies at Rape^Hiscan.
Fed-up-edly,
Screw transparency (Score:5, Insightful)
I don't want transparent security technology. I want security technology that I can see and touch and NEED to think about.
1.When its transparent it just gets abused and used against me for crap like DRM by people who haven't the right.
2.I want the confidence of knowing I have protection because I put it in place.
3.I want to be able to turn it off when need be to understand where a problem exists, the security layer or something else.
4.I don't trust my government to have my interests in mind much of the time, and as much as I distrust foreign governments and foreigners even more that dose not make me included to put the security of my information and communication in the hands of my own government which has proven its often inept and at times malicious.
5.Its my stuff nobody should be dictating to me how I protect it or don't as a matter of principle. Just as with my house its my right to leave the door unlocked if I want to and useless as that right might sound I am unprepared to give it up.
Re: (Score:2)
Sorry, but point 5 only holds for as long as you're not negatively impacting other people with your bad choices. Shoddy security and poor user-awareness results in zombie machines that DDoS and spam their way into my life to the point that I really do care about it enough to want to go around locking peoples' doors for them.
Re: (Score:2)
Sorry, but point 5 only holds for as long as you're not negatively impacting other people with your bad choices.
It's funny that you say that because the stupidity of others is what is effecting me. The answer is education. It doesn't take years and years of experience to realize that downloading random executable files off the internet, for example, is a bad idea. I'm not going to suffer just because they decided to get a computer and then refused to learn anything about it when that is practically needed.
Re: (Score:1, Insightful)
Points 1-5 are good points, for a /.-er who knows what they are doing. However, the big security issues are people who don't care enough to keep their fly zipped.
Point 1 is good because transparent security is security Joe Sixpack isn't leaving disabled.
Point 2 is also good. However, having some sane defaults can't hurt, as Joe is not going to lift a finger to secure anything.
Point 3 is also solid. However, Joe will be turning off his security at the behest of dodgy pr0n sites who tell him to in order to
Re: (Score:2)
5.Its my stuff nobody should be dictating to me how I protect it or don't as a matter of principle. Just as with my house its my right to leave the door unlocked
Are you sure? Even if your "house" contains tons of privacy or otherwise sensitive data and you just know that it will be stolen within a day? The internet is not a local neighbourhood anymore and leaky systems can publish data you never want to be published.
Re: (Score:2)
I'd do it in one point: the whole reasoning in the article is "a mandatory built-in rootkit controlled by national security is the way to win cyber wars" to which I reply "and give an exceptional degree of control to a bunch of people that are answerable to no one, better and cheaper to fix security holes in FOSS stacks instead and sandbox all the rest"
Re: (Score:2)
My account hasn't been getting any mod points lately :(
While I've gotten 15 + 15 + 5 + 5 last week alone. (First time that's happened to my account.)
Re: (Score:2)
Re: (Score:1)
I dunno.. I think by the time we (hopefully..) get to the point in which the internet is safe for computer illiterate grandma, there might not be as much of a need for education beyond just how to use the computer and not sell your soul to Generic Messanger 285. I don't mean to say that education is not important and that we should ignore it, but I see the real 'solution' coming in the form of better written software (operating systems, etc) that encases less trusted software (education goes here).
If mainst
Re: (Score:2)
I dunno.. I think by the time we (hopefully..) get to the point in which the internet is safe for computer illiterate grandma, there might not be as much of a need for education beyond just how to use the computer and not sell your soul to Generic Messanger 285.
I've got a better idea. How about instead of dumbing everything down or forcing security on people, these idiots just learn how to use a computer properly? It's not like you have to have years and years of experience to merely realize the fact that you shouldn't download every single executable file off of the internet and run it. It really doesn't take that much time to at least learn not to do completely retarded things.
Smart Pipes (Score:2)
This is where they argue that the "pipes" need to be smarter and the terminals (our devices) dumber.
Cyberwar is for the incompetent (Score:4, Insightful)
Cyberwar! It's like war, but for people too dumb to protect themselves.
Don't put critical systems or private data on anything attached to the public Internet. Regularly verify the physical integrity and isolation of all secure systems. For everything else, make regular backups to prevent wiping attacks. This is basic vigilance to protect vital assets.
What I'd like to suggest to every cheap-ass corporate exec that is counting on the government instead of internal IT staff to protect their networks, is to listen to how stupid that sounds.
Only stupid if execs are responsible (Score:4, Insightful)
What I'd like to suggest to every cheap-ass corporate exec that is counting on the government instead of internal IT staff to protect their networks, is to listen to how stupid that sounds.
It's only stupid if the execs in question are actually responsible, and held responsible, for failing to do proper due diligence. However, as corporate behaviour in the US has consistently shown for some time now, execs are routinely let off essentially scot-free, even in the case of obviously willful and malicious profit-seeking at the expense of the company and even market -- just have a look at Enron a few years ago, or Wall Street today.
Meanwhile, if execs can save a few bucks by essentially outsourcing network security to the Feds, and pocket the savings themselves in the form of bonuses or other compensation perquisites, then, in the ethical vacuum of US board rooms, they'd have to be mad to do otherwise.
Cheers,
Seems my foes have mod points today (Score:2)
Seriously folks, how is my previous comment here off-topic? Executive malfeasance is a large part of what has made "cyberwar" possible. But for cutting corners, many of the glaringly large holes in the US national infrastructure vis-à-vis the internet would not exist.
Cheers,
Re:Cyberwar is for the incompetent (Score:5, Funny)
Check to see if your mouse is roaring.
The US-Whatnow cybe war? (Score:1, Funny)
"The US-Soviet Cyber Cold War"
Silly me, I thought the Soviet Union hadn't existed for nearly two decades. Clearly I was mistaken, it has simply moved into the cyber-realm with cyber-Stalin at it's cyber-helm.
Re: (Score:2)
Silly me, I thought the Soviet Union hadn't existed for nearly two decades.
Heh. If you look into the linguistic details, you'll find lots of "soviets" still functioning in what used to be the USSR. And we've got lots of them functioning here in New England, too. One of the fun facts about the propaganda industry is that the Russian term "soviet" (or more properly "sovyet", since it's two syllables in Russian) merely means "council". If you live in a town run by a town council, you have a "soviet-style"
Misleading headline (Score:2)
Re: (Score:2)
Of course not - they make the technology now, so you don't want to get them off side, eh?
Who's fighting for freedom? (Score:2, Interesting)
In the cold war, Americans were afraid of losing their freedom to the Soviet Union. But according to the article, the cyber cold war is about America holding on to its "intellectual property":
Re: (Score:2)
In the cold war, Americans were afraid of losing their freedom to the Soviet Union. But according to the article, the cyber cold war is about America holding on to its "intellectual property":
Very interesting. Especially because theft of 'intellectual property' is usually called 'espionage'. While spying and intelligence-gathering happens quite a bit during times of war, it is not warfare, per se.
As usual, the redoubtable Seymour Hersh [newyorker.com] got there first with this observation [imagicity.com].
Re: (Score:2)
Seymour Hersh is a ambulance chasing conspiracy theorist. If he's what you are relying on for information, you need to get out more.
Re: (Score:2)
Especially because theft of 'intellectual property' is usually called 'espionage'.
It's a good thing that you can't actually steal "intellectual property," then!
Re: (Score:2)
Do you have to post at least 1 fear mongering story a day
Of course, they do. And they've done better than that today. One the same /. front page, there's a story about Microsoft buying the IP rights to unix.
I wonder which of these is the scariest to /. readers?
Which Soviet Union would that be ? (Score:3, Informative)
Uh, the Soviet Union has been gone for 19 years. I watched the Russian Federation flags go up 26 December 1991.
The Russian Federation is not the USSR. Neither is the PRC.
So, who, exactly is cyber-warring with whom ?
Re: (Score:2)
The KGB and other soviet era ties that took over Russian enterprise and crime as the Russian Federation flags were going up and are the true power in the post Soviet Warsaw areas.
(I'm not sure if that was meant to be funny or not. If so, I'm laughing at my own joke with a nervous sort of laugh.
Cyber threat drills (Score:1)
Are our kids going to have Global Cyber Annihilation Threat drills in school now?
Re: (Score:2)
Are our kids going to have Global Cyber Annihilation Threat drills in school now?
"Children! Prepare to CONTROL, ALT and DELETE for your homeland!"
"Three Finger... SALUTE!"
Re: (Score:2)
Are our kids going to have Global Cyber Annihilation Threat drills in school now?
Would they like to play a game ??? Where in Matthew Broderick when we REALLY need him ???
Someone who gets it. (Score:5, Insightful)
This guy gets it:
"The cyber security professionals that we are creating today have to make security invisible to the end user. "They have to make it inherent in the out-of-the-box product that you buy and the only way to do that is for us all to work together, industry, government and academia. We need to be partnering on this."
All this crap about "user awareness" is a dead end. It takes too much attention. The mess underneath needs to be fixed. It has to be automatic. (And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems._
The last high-level US Government professional to publicly point this out was Amit Yoran at Homeland Security. He named Microsoft as the problem. He was canned and replaced with a lobbyist.
Re: (Score:2)
NSA's work on secure systems? Let me guess, you where referring to the clipper chip [wikipedia.org].
Re: (Score:2)
All this crap about "user awareness" is a dead end. It takes too much attention. ..... And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems.
You just contradicted yourself. SELinux is a pain in the ass to setup properly and requires user awareness. Most users end up turning it off when they can't figure out why it's breaking something or flooding the syslog with warnings. It's great for a dedicated purpose, internet facing server but it's virtually unusable for a desktop.
Re: (Score:2)
For the US to attack Russia or China next, there need to be visible cyber casualties to whip up Americans into a frenzy.
Re: (Score:2)
This guy gets it:
"The cyber security professionals that we are creating today have to make security invisible to the end user. "They have to make it inherent in the out-of-the-box product that you buy and the only way to do that is for us all to work together, industry, government and academia. We need to be partnering on this."
All this crap about "user awareness" is a dead end. It takes too much attention. The mess underneath needs to be fixed. It has to be automatic. (And don't claim that's impossible unless you've read up on SE Linux and NSA's work on secure systems._
The last high-level US Government professional to publicly point this out was Amit Yoran at Homeland Security. He named Microsoft as the problem. He was canned and replaced with a lobbyist.
No, he doesn't and you don't get it.
People need to be educated. People need to realize that being stupid on the internet, or with computers have a price.
Not to mention who implements and runs this "invisible security"? The gov? The corps? Microsoft?
No, sorry. We need to educate people about the need for security and how to implement it, not get someone else to take care of it so we can blindly go on our way.
Re: (Score:2)
"We need to educate people about the need for security and how to implement it, not get someone else to take care of it so we can blindly go on our way.'"
And you seriously believe the proles are going to stand still long enough to be "educated". Hell, most of them look down on education as being something only geeks and nerds. I believe everyone could be educated, but I also believe not very many give a flying rat's ass about.
Re: (Score:2)
It's impossible!
I have read up on SELinux, and even hacked on it in the kernel. It is the opposite of transparent. You have to either leave it loose so it's almost like standard Unix permissions or you have to anticipate and micro-manage every possible state of every single program on the system. The latter is actually much harder than just finding and fixing all of the security flaws in the software in the first place (which has proven to be an intractable problem so far).
Absolutely NONE of that can overco
Wall of Mexico (Score:2)
Mr. Gorbachev, tear down this wall!
Re: (Score:2)
They'll say anything to get more control over the internet and your free expression.
Well there is also that. Major corporations definitely want a higher level of control over the content people consume on the internet. These corporations are the same ones who pay to have a candidate of their choice in office.
Network security an oxymoron? (Score:5, Insightful)
Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user, continually monitoring networks and updating their security software.
From the earliest days of the ARPAnet that led to the Internet, people have pointed out that it's pointless to build security into the network layer(s). Putting it there is a single point of failure that can be defeated by a single bribe to the right person. And the end users won't know that the network-level security has been compromised. If your security is supplied by a vendor along your message's route, that vendor has access to your message's contents, to do with as they please.
For this reason, it has been long understood that the only real security is in end-to-end encryption. Security at any lower level is merely a waste of cpu cycles and bandwidth. It can't be trusted by the users, who must supply their own security. So the network layer should work on supplying fast, reliable packet transport. Security belongs a higher level, out of control of the companies that deliver the packets.
Note that the most-used widely-available security package, SSL, works solely at the sender and receiver ends of a connection, and relies on the network for nothing but packet transport. And it supplies a list of encryption schemes, so if you learn or suspect that someone along the route has managed to crack your encryption, you can quickly change the scheme without the cooperation of any vendor supplying the links.
It is slowly getting through to a lot of people that the commercial Internet vendors have become a common source of data leaks, for well-understood commercial reasons. So relying on them to supply network-level security is an especially stupid idea. They will simply decode your data, and sell the contents to interested parties without your knowledge. Your only defense against this is to use encryption that they can't decode.
Insightful??? (Score:2)
Hey, maybe I shouldn't be critical of such positive mods, but I'm a bit worried that my post has a "5 insightful" mod, with most of the mods being "insightful". This could be taken as a sign of the low quality of a lot of the moderation here. After all, I didn't write anything the least bit original. I was just saying what any number of security people have been saying for longer than I've been involved in computer software. Everything I wrote is common in the technical literature about network security
Translation - NSA's growing irrelevance - MS (Score:2)
NSA SIGINT guy, to paraphrase, claims that we really need to do something about this end-user "reasonable expectation of privacy," or my agency can collect no domestic signals intelligence, and I'm out of a job. It's just like the "Cold War!" Panic everybody.
And Microsoft stands behind him, ready to sell it, just like they were there to sell DRM/Palladium to Hollywood and the RIAA in 2000. Selling the same basic product. Trying to solve a human problem in software. How's that working out?
It is clear, howeve
War (Score:3, Funny)
War. War is Hell.
Cyber-war is cyber-hell. Full of cyberdemons. Bring a shotgun.
spam (Score:2)
I think ground zero in the security war always begins and ends with the spam industry, which seems to be at the forefront of exploitation.
Goodbye Open Internet (Score:2)
Listen to that funding-generating rhetoric. We can kiss the open internet goodbye now. From now on it will be 'You can choose to have your packets x-rayed or groped.'
Disappointment (Score:2)
Of course we practice what we preach! (Score:2)
Dickie George says the way to fight the cyber cold war is by building security into technology, making it transparent to the end user
In contrast where the NSA has had the potential to hide backdoors (since Windows 95) and make everything so non-tranparent as they work on MS Windows security.
Since the work is undisclosed no one can confirm or deny these backdoors.
Makes you wonder what they're up to now.
http://support.microsoft.com/kb/885409 [microsoft.com]
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems/microsoft_windows.shtml [nsa.gov]
Re: (Score:2)
Damn, you caught us! Now we'll have to work double hard to hide those flying pigs we've been working on.
Re: (Score:2)
We already know about the electronic std navigational radar dildo helmets... just by the by.
Soviet Union=Terrorism? (Score:1)
Re: (Score:2, Funny)
Want to see more Russian women? There are ways. I even hear there are websites that let you "order" one as a kind of live-at-home model/spy. YMMV.
Re: (Score:2)
This is probably just PR crap like the last cold war....
Hardly. The sheer number of Chinese penetrations into our commercial and govt networks is astounding. The media is only reporting a few of the incidents, and the major breaches into the DOD are classified and never publicly disclosed.