Forgot your password?
typodupeerror
The Internet The Military

Is Cyberwarfare Fiction? 205

Posted by CmdrTaco
from the hands-off-my-grid dept.
An anonymous reader writes "In response to calls by Russia and the UN for a 'cyberwarfare arms limitation treaty,' this article explains that 'cyberwar' and 'cyberweapons' are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and the tools hackers use are nothing like weapons. Putting 'cyber' in front of something is just a way for people to grasp technical concepts. The analogies quickly break down, and are useless when taken too far (such as a 'cyber disarmament treaty').'"
This discussion has been archived. No new comments can be posted.

Is Cyberwarfare Fiction?

Comments Filter:
  • by syntap (242090) on Monday June 07, 2010 @10:58AM (#32483900)

    In response to calls by Russia and the UN for a "cyberwarfare arms limitation treat"

    And then we can all dress up as h4x0r3z, maybe call the event Geek-o-Ween.

  • by Pojut (1027544) on Monday June 07, 2010 @11:00AM (#32483928) Homepage

    One of the common claims regarding "cyber warfare" are attacks against the power grid. What I'd like to know is this: why is the power grid accessible to any outside system?

    • by Monkeedude1212 (1560403) on Monday June 07, 2010 @11:03AM (#32483962) Journal

      So that someone somewhere (probably higher up) can work from home.

      Probably, anyways. You know how it is.

      • by westlake (615356)

        So that someone somewhere (probably higher up) can work from home.

        It might also be a question of distance and scale - transmission lines that run hundreds of miles cross-country.

    • by PolygamousRanchKid (1290638) on Monday June 07, 2010 @11:19AM (#32484142)

      why is the power grid accessible to any outside system?

      Because using the Internet is way cheaper than building your own intranet.

    • by captainpanic (1173915) on Monday June 07, 2010 @11:21AM (#32484174)

      I think it is because there are remote installations that need to be operated from a single location.

      The power grid is a lot of generators (scaling from enormous powerplants to small scale wind/solar and other types of production, including stuff that can be switched on and off all the time such as gas engines).
      Someone has to control the whole lot of it in order to balance power production and consumption.

      I see no way that we can do that without actually connecting the whole lot to a network. It would be awesome if it was a completely independent network - but the internet is there anyway... why no use it in a secure way?

      (Note: I am no expert - I just expressed my opinion, which happens to contain a lot of technical assumptions)

      • Re: (Score:2, Interesting)

        by rtfa-troll (1340807)

        the internet is there anyway... why no use it in a secure way?

        Simply put because there isn't really yet such a thing as a "secure" way. Our current systems are too new, too complex and put together too quickly to make them anything approaching what you would mean by "secure". First let's start by defining secure. I'll put it as "you would have to invest 10% of the cost of the network in order to destroy it". That's an arbitrary and quite low value. I should probably have used about 30% and talked about the value of the dependent systems, but it's still a good sta

      • As you note, the logic behind some sort of networked control for power stuff is more or less impeccable.

        On the other hand, given that any part of the power grid is part of the power grid because somebody laid big fat power cables between it and something else, one suspects that a matching data network could be added(at least whenever a line is replaced/upgraded/added) for relatively low cost. My understanding is that, already, a nontrivial amount of "power line" actually includes a strand or strands of f
    • I wish I could clarify, but I've honestly never gotten a satisfactory explanation for this either. I've talked to former and current government employees with knowledge in this area, but none of them have really been able to give me a good answer as to why this is even possible.
    • by wjousts (1529427)
      Well, my local power company is now into selling broadband over power lines. They use the same technology to connect my power meter back to the power company so they don't need to send out meter readers and they can monitor outages.
    • by lymond01 (314120)

      According the the Apple Guy in Live Free or Die Hard (not a porn, but an action movie with Bruce Willis), the power grid isn't on the internet which is why the bad guys had to fly a helicopter, kill all the guards, and hardwire into the system to cause problems.

      It's all right there in the screenplay...

    • by AB3A (192265)

      Many people have written many articles as well as a significant number of books about this subject.

      There are valid reasons, though the short answer is because they don't know any better. Really.

      These networks are supposed to be separated from the office. However, real security is hard. All it takes are one or two dreamy eyed, lazy idiots on the office side, wanting access to all that delicious data "in real time" so that they can surf it and "discover new paradigms." They nag the IT department, and before y

    • what i'd like to know is what damage would attacking the power grid really do? we have power outages all the time already. Most really important systems have their own redundant power supplies.

      people have survived relentless bombing of their cities and that didn't destroy their society or will to fight. i doubt turning someone's lights off is going to be very devastating.
    • by hitmark (640295)

      i dont think it may be intentionally connected to the internet, but that thanks to every computer being a potential router, any computer that can access both will be a gateway to the power grid control network.

  • by elucido (870205) on Monday June 07, 2010 @11:02AM (#32483958)

    When millions of people in key positions have artificial hearts, limbs, microchips in their body, nanotechnology with RFID in their clothes, then cyberwarfare becomes something physical.

    If hackers can stop the artificial heart of somebody important, this is no different than assassinating the person.

    • Hmm, how many people are walking around with artificial hearts, again?

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Dick Cheney for one. The only real hearts he has are the ones hes eaten.

      • by AndersOSU (873247)

        With artificial hearts - 0
        With VADs - hundreds
        With pacemakers or internal defibrillators - tens or hundreds of thousands

        I don't think any of these are accessible via the internet (yet), but most newer pacemakers are accessible wirelessly.

    • Re: (Score:3, Informative)

      by Tetsujin (103070)

      When millions of people in key positions have artificial hearts, limbs, microchips in their body, nanotechnology with RFID in their clothes, then cyberwarfare becomes something physical.

      It's times like this that I really wish I hadn't spent all that money in the 1990s on Internet-enabled toasters... My bagel came out overcooked this morning and I just know it was because of cyber-warfare!

    • by thewiz (24994) *

      If someone is stupid enough to get an artificial heart/pacemaker/defibrillator with a built-in webserver, they should be given an instant Darwin Award.

      There are somethings that don't belong on the Internet now or in the future.

    • Re: (Score:3, Interesting)

      by mcgrew (92797) *

      People already have artificial body parts; the lens in my left eye is artificial, and is on struts so it can focus (I wrote about it here) [slashdot.org]. I know people with artificial knees and hips, and there are people with heart pacemakers. There is an RFID chip in my work's security card. However, these implanted devices aren't connected to the internet, and I can't see them being connected to the internet in the future.

      I found Down and Out in the Magic Kingdom a good read, but I just don't see optical implants to co

      • by hitmark (640295)

        a pacemaker that can call for medical aid if the heart stops responding?

        maybe some combo that can also monitor the patients blood pressure and other vitals and transmit them to the doc for evaluation without having to stop by the office ever so often?

        • by mcgrew (92797) *

          I don't know, those seem like good reasons, but I would think that the information would go one way only -- outwards. Why would one need inwards communication with the devices?

  • by elucido (870205) on Monday June 07, 2010 @11:05AM (#32483988)

    Anyone who does not take cyberwarfare seriously is not envisioning a world where nanotechnology is everywhere in everything. Where the enemy can create a bomb that you shallow in a pill, or that is sprinkled on your food. Where the enemy can use nano bots too small to see to kill people, or hack into or reprogram, etc.

    It's definitely not fiction, it's reality. The technology to do this already exists and for all we know governments could be launching their attacks as we speak. Whoever controls the nanotech weapons will control the future.

    • "you shallow in a pill, or that is sprinkled on your food"

      Newsflash - thats been around since people first figured out how to poison others.
      Take your pick from poisons, bacteria or viruses. You've been reading too much sci-fi
      because biology got there a few hundred million years before William Gibson.

      Nothing to see here, move along please.

  • by rtfa-troll (1340807) on Monday June 07, 2010 @11:11AM (#32484074)
    As ever, this post has so many things wrong with it that it's stupid.

    a) I've had my finger on the "off" switch for an entire country's power grid from a mobile phone

    No you haven't; at least not in the sense that matters. Even if there is a country stupid enough to connect it's "off switch" to the internet, all they have to do is pull the ethernet cable and switch it on again. Even if you can break a small proportion of power stations, the rest will come on again. You are a "cybervandal" not a "cyberwarrior".

    The real serious cyberwarfare people would do both. A disable the off switch (force it on) and b) drop a graphite bomb at a key place to do weeks worth of damage. That's proper "cyber" warfare.

    Cyber"warriors" know the exploit for the radar station and disable the air defences as they fly in with real bombs.

    Cyber"guerilla"s mess with account numbers in the fund transfer excels of most of the big companies in the place they target.

    There's a whole load of resources which are needed for this stuff. Real test suites where you actually have the control systems of your enemies nuclear power plants; actual buildings where you can try messing up the air conditioning system, people who can actually write serious, fully EAL7 compliant defence systems. People who can write EAL7 compliant versions of exploits (have you seen the state of security software????). etc. etc. etc.

    If you think your country's military doesn't have a valid role to play in a "cyberwar" then you haven't understood the difference between a "cyberterrorist" putting an "easter egg" into a flight control system and a "cyberwarrior" diverting all your civilians into the area where his nukes can strike them most effectively.

    • Re: (Score:3, Interesting)

      by daid303 (843777)

      Even if you can break a small proportion of power stations, the rest will come on again.

      Many large power plants need quite a bit of energy to jump start from an 'off' condition (normally they never go 'off' just in lower power mode). Turning off all power plants at once would be a much bigger mess then you think. I don't think you ever could do it because of fail-safes, but if you could you would start a big mess.

      • Re: (Score:3, Informative)

        by Viol8 (599362)

        "Many large power plants need quite a bit of energy to jump start from an 'off' condition"

        Coal fired plants maybe. Pretty much everything else just requires someone to press an on button. Gas turbines are easy to start, nuclear never really goes off even with the rods in and hydro is as simple as opening the sluice gates.

        • by srleffler (721400)
          Nuclear plants won't run without an external power source. It's a safety feature. If the plant can't get power from the grid, the reactor shuts down automatically.
          • Re: (Score:3, Informative)

            by debrain (29228)

            Nuclear plants won't run without an external power source. It's a safety feature. If the plant can't get power from the grid, the reactor shuts down automatically.

            Sir –

            You're right that nuclear power plants need external power to operate as a safety feature - to keep the water pump providing coolant flowing so the reactor doesn't melt. However, the need to be connected to the grid differs from my experience working at nuclear power plants. At the plant I worked at (a CANDU reactor) if the reactor itself wasn't operational there was a grid-backup, a diesel backup, and a battery backup. The battery was the most impressive. The plant could be started and was desig

    • You might lead the casual reader to think that merely throwing a switch has no real world consequences, which is anything but the truth. When you are dealing with systems of such magnitude of energies even the smallest delay in rectifying an issue has a very lasting effect. e.g http://englishrussia.com/index.php/2009/08/17/hydro-electic-power-plant-explosion/ [englishrussia.com] There are any number of ways to force mechanical failures simply by using 'control' software. Any mechanical system can be forced to fail if you know
      • Thanks; I hope I didn't give the wrong impression.

        Any mechanical system can be forced to fail if you know how it is built

        (my emphasis) - you need to work out the right trick to cause a failure; you need to work out how to get that trick to happen through the control system; you need to integrate your software with the particular configuration of the control system in the particular power station you are attacking. Most of all, you need to repeat this whole process across many different installations all o

  • It is warfare in the same sense that computers think or ships swim. In other words, it really isn't, but it's a convenient metaphor to use because the truth is too complicated for the average person.
  • by Anonymous Coward

    Anyone who puts the word 'cyber' in front of something should probably be shot.

    Moving along to more immediate activities, we are actively seeing 'Information Warfare' being executed on the Internet. The latest widely heard event was the Israeli-flotiilla debacle, and subsequent dis-information campaign from every possibly side. Ask someone who has stated they have been following it, and see what factual information they can give you, and have them list multiple non-governmental independent investigatory sou

  • by mapkinase (958129) on Monday June 07, 2010 @11:19AM (#32484140) Homepage Journal

    This is not the first time Russian government reveals its unique idiotic approach to technology. As a former Russian citizen I am following the drama of Russian government politics in technology, which, synthetically speaking, is a laughing stock of Russian technoblogging community.

    Basically, the technology policy of the Russian government does not differ much from:

    1. New exciting promising technology discovered!!
    2. ???
    3. Profit (get recognition, re-establish mother Russia as a world superpower, look wise, etc)

    Replace ??? with "flood zillions of roubles into this technology without any sense of balanced budget" (which was the case of "nanotechnologies") or in this case "propose a treaty to curb technology".

    One would think that smartass KGB spy would do better than idiot Khruschev, but no... the result is the same: embarrassment and ostracism of Russia on the international level.

    • by mcgrew (92797) *

      One would think that smartass KGB spy would do better than idiot Khruschev

      Well, to be fair, at least he didn't take off his shoe at the UN and bang the table with it screaming "WE WILL BURY YOU!!!!"

  • it's real (Score:3, Interesting)

    by Lord Ender (156273) on Monday June 07, 2010 @11:20AM (#32484156) Homepage

    In the same sense that nuclear war is real, cyberwar is real. We've seen both only in limited fashion. We know the technology exists and works. We've just never seen two well-armed adversaries thoroughly go at it.

    There's a lot of fiction about full-scale nuclear war. That doesn't mean nuclear war itself is fiction.

    • by delinear (991444)
      The difference is that we've seen the effects of large scale nuclear attacks agains populated areas - we can make a reasonable extrapolation from that or what it would be like if two superpowers with nuclear weapons were to use them against each other. We've never seen what a "cyberwarfare" attack of the same magnitude could accomplish outside of a movie. Would it really bring society to its knees, or, more likely, would there be a few isolated incidents resulting in us taking some systems offline until exp
      • There was not "large scale" nuclear exchange in WWII. There never has been. That was small-scale one-sided, as the Estonian cyberwarfare was small-scale, one-sided.

      • Your local supermarket keeps less than a day of stock even taking into account it's warehouses and relies entirely on it's networked computer system to ensure that orders get to suppliers in time to deliver directly on site. They couldn't even do the truck routing correctly without the computer. Think about it. How many days stock of food do you have at home?
    • Nuclear war: Large area are vapourised, even larger areas poisoned for centuries. Result - everyone and everything larger than a bacteria dies.

      "Cyber" war: Someone deletes some files on some computers and causes others to crash. Result - ethernet cables are unplugged and machines are restored from backups.

      Get a sense of perspective.

      • You falsely indicate that I claimed they were equivalent in severity. You are wrong.

        You are also wrong about what damage would result from a cyberwar. Communications and telecommunications infrastructure would stop working for days. Food would rot on trucks undelivered. It would be much worse than "someone deletes some files."

  • by fuzzyfuzzyfungus (1223518) on Monday June 07, 2010 @11:25AM (#32484222) Journal
    The convenient thing about "cyberwar" as a slogan is how it allows you to extend the notions of "wartime" into virtually every nook and cranny of life and infrastructure.

    The term "cyberwar" quietly implies that virtually any net-connected system is a potential or actual combatant. From here, it's just a hop, skip, and a jump to applying military/wartime standards for such niceties as atttacking systems, or requisitioning access. Even better, since "cyberwar" is, for suitably nebulous definitions, something that occurs pretty much constantly, among a wide variety of state and nonestate actors, with various levels of covertness, the mandate covers basically everybody, everywhere, and is of unlimited duration(See also: "Global war on terror").

    Who needs bullshit like "warrants" or "due process" when any computer system can simply be declared to be an "enemy combatant" or "materially supporting an enemy combatant"? If you think the notion of charging an object in order to avoid procedural restrictions is absurd, be aware that it is already standard practice in the context of "asset forfeiture". (which makes for some rather ridiculous case names [wikipedia.org]...)
  • Point 1, "Hacking is opportunistic."

    For civilians, yes, it certainly is. When you have operational forces at your command, however, it can get notably less-so. You could, for example, develop a virus and compel Microsoft to include it as a Windows Update. Or get a CIA operative to smuggle it in, conduct a raid on a connected node and have the soldiers upload it, duplicate the hard drive of a dignitary and implant it there, etc, etc, etc.

    This point is basically saying that because small arms don't have ki

  • by jollyreaper (513215) on Monday June 07, 2010 @11:36AM (#32484382)

    Sticking a stupid name on something and overblowing what it means isn't the same thing as it not existing to begin with. Computers are vulnerable. People who don't like us can exploit those vulnerabilities. But this is really just another arena of non-shooting conflict, all under cloak and dagger.

    The CIA has a long history of trying this sort of thing, sometimes successfully, many times not. There's directly funding revolutionaries, slipping agents into countries, running guns, sponsoring assassination attempts, economic sabotage, infrastructure sabotage, spying with human intelligence, electronic intelligence, satellite intelligence, etc. The CIA has a history of over-promising and under-delivering but this doesn't mean they won't still try.

    The Russians have traditionally been much better at running spy rings. The beauty of hacking is you don't even have to put your own assets in-country and risk their capture.

    On one hand, I don't think we'll ever get to the point where it can be Die Hard 4 info-Armageddon with hackers blowing up power plants at will. I think that public screwups will force a higher level of security and more rigorous design so that we are less vulnerable to external attacks. On the other hand, the BP fuckup shows that reason and logic are poor tools for explaining the behavior of large organizations. BP should have taken drilling seriously. They should have realized that they had no good plans for capping an uncontrolled well so if they were going to drill, the only option would be making sure they would never, ever, ever have an uncontrolled well. All the internal warnings they had in the months leading up to the disaster should have been their opportunities to stop the disaster before it happened. And we can see how it turned out.

  • I know that there can be an economic/legal impact, but CyberWar (I think) is used by businesses/C*Os to deflect legal responsibility and by governments to oppress public/citizens rights.

    Yes there can be CyberWar, but CyberWar as a word/term can and (I think) is too frequently misused to fear-exploit and express faux-responsibility of the culpable and innocent.

    I guess, I could be wrong, but... you cannot convince me (on this topic); So, BOOOWho?

  • Crap "article" (Score:2, Informative)

    by m509272 (1286764)

    Printing up counterfeit currency during WW2 by the Germans to destabilize Britain's currency certainly was part of the war and pieces of paper certainly aren't weapons in the killing and blowing up of things. They certainly are weapons in the sense of destroying the economy. So from that point of view any cyber attacks which aid in destabilizing the economy could be part of a war and would be weapons.

    As far as there being some sort of treaty to prevent this, that's probably the most stupid thing I have ev

  • Any action that weakens an economy or makes a resource more difficult top obtain can be an act of war. The perfect example is the deliberate destruction of oak trees that were normally used for barrels essential to Spain's military fleet. Without good oak barrels gun powder and food could not be kept at sea resulting in the destruction of the Spanish fleet.
    Just as we can never be totally certain that the oil rig in the Gulf was not destroyed b

  • ... in bed. (Score:4, Insightful)

    by Zarf (5735) on Monday June 07, 2010 @12:25PM (#32485114) Journal

    Putting 'cyber' in front of something is just a way for people to grasp technical concepts

    ... in bed.

    The analogies quickly break down, and are useless when taken too far

    ... in bed.

  • The article was interesting in discussing the use of nationalist youth groups, and suggesting that hackers may act in the same way.

    I'm left wondering: if several national governments, including the US, and the UN, are devoting significant resources to the problem of "cyberwarfare," wouldn't one of these entities have detailed what they mean, exactly? I saw the point of the analogy of the bigger catapult to the bigger tunnel-sniffing dog, but what, then, are the cyberwarfare people actually proposing to do?

  • by sageres (561626)
    I think that although cyberweapons do not exist, government can implement a best next thing: killswitch for individual networks at the backbone level. Seriously, consider that US owns majority of the Internet. Say they find some sort of DDOS attack that originated in Russia against Estonia. They would be able to immediately cut off some Russian networks out of the main backbones on various levels (cut off access to root DNS if they are naugty, and if they are especially bad -- cut off all their IP blocks).
  • So, to summarize, the idea of nation states waging cyberwar (may be SunTzu, Ideal) with cyberweapons (DDOS, buffer overflow, worm, spoof/snoop, EMP...) is not fiction.

    It's an analogy we might use to describe some things that are virtual/conceptual that can cripple military/government ability to respond to emergency/threat incidents that are not in cyberspace, which triggers an excessive misdirected reaction. It's not what really goes on in cyberspace, but if a small-degree of fire-sale is possible that woul

  • by moeinvt (851793) on Monday June 07, 2010 @01:07PM (#32485738)

    No matter how ridiculous it sounds, we should do our best to keep up the whole "cyber-war", "cyber-weapons", "cyber-attack" theme.

    That way, we can invoke the Second Amendment when the government tries to restrict strong encryption, copyright circumvention software or whatever other "cyber-weapons" they find threatening. Sorry Feds, you were the ones that started this whole theme about electronics and software being "weapons", and as such, you have no power to restrict the citizens from owning them.

             

  • "Cybersex" is nothing like real sex either.
  • "When will China emerge as a military threat to the U.S.? In most respects the answer is: not anytime soon -- China doesn't even contemplate a time it might challenge America directly. But one significant threat already exists: cyberwar. Attacks -- not just from China but from Russia and elsewhere -- on America's electronic networks cost millions of dollars and could in the extreme cause the collapse of financial life, the halt of most manufacturing systems, and the evaporation of all the data and knowledge

If you are good, you will be assigned all the work. If you are real good, you will get out of it.

Working...