US Unable To Win a Cyber War 327
An anonymous reader writes "The inability to deflect even a simulated cyber attack or mitigate its effects shown in an exercise that took place some six days ago at Washington's Mandarin Oriental Hotel doesn't bode well for the US. Mike McConnell, the former Director of National Intelligence, said to the US Senate Commerce, Science, and Transportation Committee yesterday that if the US got involved in a cyber war at this moment, they would surely lose. 'We're the most vulnerable. We're the most connected. We have the most to lose,' he stated. Three years ago, McConnell referred to cybersecurity as the 'soft underbelly of this country' and it's clear that he thinks things haven't changed much since then."
Let me guess the solution: (Score:5, Insightful)
More government intervention and monitoring of the Internet, to be outsourced to 3rd party vendors which are politically connected?
Nah, couldn't happen.
Im in ur internetz fraggin ur servers (Score:4, Insightful)
Propaganda (Score:5, Insightful)
Pretext to OpenID and government surveillance.
all this proves (Score:4, Insightful)
Re:Stupidity of leadership... (Score:3, Insightful)
Who would we be at war with? And what would it look like? I already block Large blocks of IPs from china/russia.
Actually this is a better example http://xkcd.com/538/ [xkcd.com]
just imagine in the left panel it's the goverment imagining needing all these 4 amendment violations and the right one is a sysadmin pulling out network cable from the router that connects the supposed country we would be at cyberwar with.
in other words... (Score:1, Insightful)
The US Federal Government is unable to win a cyber war.
The nation's private infrastructure has been defending itself for decades now, and knows what it's doing.
Bullshit (Score:2, Insightful)
If there was an actual cyber war, we would respond with real war.
We're far and away the best at that.
Random attacks showing the ineptitude of aren't a cyber war. When someone starts launching missles and redirecting our navy clear a path for an attack, then it'll be a cyber war.
When some schlubs steal buckets of personal data, mess with the power grid, or disrupt internet traffic it's just another day in the U S of A.
Re:Stupidity of leadership... (Score:5, Insightful)
In short, cyberwarfare won't work for the exact same reasons that censorship won't work, there's too many people working against the attackers who can communicate too quickly and too effectively.
Quiet, you fool! Imagine if they can convince the United States government that part of its defense budget should go to increasing cyber security! We already know the DoD uses Linux [aviationweek.com] and wants more [slashdot.org]. Just think what a very tiny fraction of the US Defense budget could do for security in Linux and its subsequent adoption for corporations!
And for those of you that argue the enemy will then use Linux: who cares? Bullet proof protection on both sides would prevent any attempt of an offensive from ever sparking a war. In light of recent economic ups and downs, I would argue at this point it's more important to make the corporations feel 100% safe and secure -- unlike Google in China.
Re:Stupidity of leadership..or quite the contrary? (Score:5, Insightful)
I wonder how much of this new fear has to do with revving up support for ACTA/etc.
Re:all this proves (Score:2, Insightful)
Political Machine only cares about one thing .... getting re-elected. ALL other things play second fiddle to this primary fact. How else can you explain how stupid politicians keep getting re-elected? It isn't because they are doing a good job.
What I don't understand is the 10% that think our congress is doing a good job. THESE are idiots that keep voting the other idiots into office.
What makes most Sys Admins good is that they don't play politics, they tend to say exactly what they mean, and mean precisely what they say. This is 100% opposite of what political machine expects, which saying something that means everything to everyone, while actually not saying anything useful at all.
Cut the cord (Score:2, Insightful)
Which country _would_ win? (Score:3, Insightful)
Frankly, I feel the US is more prepared than most countries. Unfortunately, that still doesn't quite cut it.
I think the threat of indefensible counter-attack is going to make any government think twice about a full-on cyber-attack, taking the same role nuclear retaliation did during the Cold War.
Re:Goes without saying... (Score:4, Insightful)
Re:Stupidity of leadership... (Score:2, Insightful)
That might work well for some countries which are connected only with a small amount of cables. Not so much for the United States, probably the best-connected country in the world. I'd be incredibly surprised if anyone (that doesn't work at an ISP or a telco) would even notice if two or three cables connecting the united states to the world were severed. BGP will find another way. :-)
Re:Stupidity of leadership... (Score:5, Insightful)
Why would any of that happen???
The internet is essentially millions of walled and gated communities.
Everything that any hypothetical attacker could try is already being done by the legions of script kiddies right through to highly paid top notch programmers working for organised criminal groups.
If any hypothetical attacker from china or *scary place* wanted to launch a DDoS attack why would they write anything of their own when they can just pay for bandwidth from one of the big botnet herders?
Government entities hardly have a monopoly on hackers.
A million Sys admins the world over already deal with these problems every single day of the year.
Re:Stupidity of leadership... (Score:1, Insightful)
We hold national security exercises in hotels now? (Score:1, Insightful)
>"exercise that took place some six days ago at Washington's Mandarin Oriental Hotel"
Bullshit was it an exercise. It was a staged marketing promotion, nothing else.
Re:Stupidity of leadership... (Score:3, Insightful)
Why would you assume that a Cyber war would consist of conventional "Attacks"?
Of course they aren't going to DDoS, that's something a million Sys admins the world over already deal with every single day of the year.
I think more damage could be done with Rootkits and backdoors than a DDoS ever could. And believe me, the kind that would be employed are not the kind that script kiddies use every friday night. The kind that would be employed would end up being engineered into the hardware, something China regularly produces for us.
Re:Stupidity of leadership... (Score:3, Insightful)
How could it have gone any other way?
They put a crowd of idiots who couldn't find their arses with both hands, didn't know the law, didn't know about the internet and didn't know about technology in a room and then expected them to do what?
Make sensible choices?
If you want good decisions in that situation you get a small group of experienced sys admins, a couple of really really good lawyers and one person with enough authority and enough sense to keep quiet who's job it is to shout at people until the plans the others have come up with happen.
The politicians meanwhile can be put in another soundproofed room where they can drink coffee, make grand stupid plans and convince themselves they're saving the world while everyone else actually deals with the problems.
Any "real" cyber attack is going to happen at 3 am, the sys admins in the organisations being attacked will for the most part be the only ones who know anything is happening with the exception of a few people who can't get the *organisations web page* to load until after the event.
Just like what happens all the time now when organisations get attacked.
Re:Stupidity of leadership... (Score:3, Insightful)
The other solution to stop the attack, is to disconnect all the network cables that access any other country. Leaving you with an internet that spans North America Alone
There are 2 kinds of denial of service attacks:
- The one where i fill your connections/process/whatever so noone else could access you
- The one where i just scare you, and you turn off your servers because big bad wolf is somewhere outside
Guess wich one is the more effective, and will damage you (and probably everyone else) more.
It's not just the Cyberwar (Score:1, Insightful)
Re:Stupidity of leadership... (Score:3, Insightful)
Re:A comment in The Atlantic on cluelessness (Score:4, Insightful)
The panelists were obsessing over whether they had enough authority to do something
"obsessing over whether they had enough authority" was no mistake - it was the whole point of this test from the very beginning. We can already see that "lack of authority" and recommending new powers be granted to the president is the main focus being driven home in the aftermath of this exercise in propaganda. The real aim of course being to garner support for enacting laws giving enough authority to do "something" about this problem of people communicating over the internet. The people behind this test are not stupid or clueless, they merely know which fear buttons to press [wikipedia.org] in order to get what they want.
The ultimate cyberwar weapon (Score:5, Insightful)
Re:Bunch of BS (Score:3, Insightful)
I'm not even sure what the whole "wargame" consisted of to begin with. Correct me if I'm wrong, but from the sound of things, the entire event was just a bunch of guys sitting around at a table, with their staff telling them what's "happening". Everything they do (i.e. talking about it) is unable to change what they're being told.
Seems to me like it doesn't need to have any basis in reality. It could have had any conclusion they want it to. For all it matters the scenario could have been an invasion by space gorillas and proved that the United States is [prepared/unprepared] to fend of laser banana cannons! When you add the fact that these guys wouldn't even necessarily be part of the government response to the events depicted, how does anyone get "We are unprepared for a cyberattack" out of it?
Also, "Cyber ShockWave" sounds like the title of a bad novel you'd find at a drug store in the late 1990's.
Secretary of War Gates Has The Solution (Score:1, Insightful)
buy more U.S.A. weapons [guardian.co.uk].
Brilliant !
Yours In Ashgabat,
Kilgore T.
Why fight progress? (Score:2, Insightful)
Perhaps its better if no country can win a war, cyber-based or otherwise. Think of it! Peace might break out, and we could begin using the assets that have traditionally been diverted from improving life toward aggressive political ends or empire building.
I understand the perception that a strong military provides security and protection, but this seems true only in as much as it preserves power structures that seek to concentrate wealth and preserve a class system. In the long run Mutually Assured Destruction hasn't improved anything for anyone. The overall systemic effect has been to encourage militarism amongst the so-called civilized societies. The opportunity cost is an unknown. What could be done with the brain power and economic power currently devoted to bigger guns, better bombs and mechanized warfare?
Re:A comment in The Atlantic on cluelessness (Score:4, Insightful)
They are sociopaths and psychotics and we can only hope they die of old age before the country falls headlong into a French Revolution of purges, pogroms, and random bloodletting.
What makes you think their children will be any different? There has been a trend for the ruling class in the US to function equivalently to royalty (Bush I & II, Clintons, Kennedys). I don't see why the next generation of sociopaths will be any better than the current batch.
Re:Last 9 years was WASTED (Score:4, Insightful)
Between government regulations and the unions you aren't going to have an opportunity to bring back manufacturing to the US.
The misunderstanding is that manufacturing ever "left" the US.
US manufacturing output reached an all-time-high [economistblog.com] of $1.6 trillion in 2007, nearly double the $811 billion in 1987.
It is true that US manufacturing jobs are on the decline, but not because we are not manufacturing, but because manufacturing productivity is rising. More machines/robots are doing the work, and where humans are involved, the US is concentrating on higher value products.
This is EXACTLY what we saw in the farm industry. In 1900, 30% of Americans worked on a farm. Today, fewer than 2% do, but the US produces more food than it did in 1900 with far fewer workers and less land.
If the (mostly) low value-add manufacturing done by China had to be done in the US, it would be done by machines, not human workers.
If the US lost a "cyber war", the world would lose (Score:3, Insightful)
If the US lost a "cyber war" enough to seriously damage our economic infrastructure, the world would lose.
Who imports all that stuff from China? A stalled US economy will lead to a lot of upset Chinese unemployed. Who still has the largest amount of global financial services? Care to try to cash in those stocks/bonds or "safe" US Treasury Securities when the US information infrastructure is down?
If the US real-estate bubble was enough to cause a global recession, what would happen if the entire information infrastructure of the US were taken out?
Any nation-state that thinks taking out the US will help them is stupid. Terrorism (the kind that can accept a global depression) is another story.