Is Cyberwarfare Fiction? 205
An anonymous reader writes "In response to calls by Russia and the UN for a 'cyberwarfare arms limitation treaty,' this article explains that 'cyberwar' and 'cyberweapons' are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and the tools hackers use are nothing like weapons. Putting 'cyber' in front of something is just a way for people to grasp technical concepts. The analogies quickly break down, and are useless when taken too far (such as a 'cyber disarmament treaty').'"
Cyber warfare: FUD for vendors. (Score:1, Insightful)
I can disable the national power grids of half the countries in the world using nothing more than an iPhone
And you need a guy there to knock out the backup generator.
Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer.
Shut something life threatening down or screw it up by hacking into it? There's backup or work around.
"Cyber warfare" is a small threat and not worth all the time and money spent on it. We should be spending the effort on ground surveillance and other means to reducing life threatening issues.
Re:The only new thing is the UN (Score:3, Insightful)
They are all FBI Agents.
Warning, noobish question ahead. (Score:5, Insightful)
One of the common claims regarding "cyber warfare" are attacks against the power grid. What I'd like to know is this: why is the power grid accessible to any outside system?
Re:Cyber warfare: FUD for vendors. (Score:5, Insightful)
You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode. Second, if you mess with the supply chain electronically, it's possible to do some really interesting stuff with medical supplies, parts for just in time manufacturing, etc. Could go on - but the overall effect is direct, substantial life threatening consequences.
Maybe not today but in the future. (Score:5, Insightful)
When millions of people in key positions have artificial hearts, limbs, microchips in their body, nanotechnology with RFID in their clothes, then cyberwarfare becomes something physical.
If hackers can stop the artificial heart of somebody important, this is no different than assassinating the person.
Re:Cyber warfare: FUD for vendors. (Score:5, Insightful)
whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off
I'm not confident that you fully understand the perceived danger on the part of world leaders. The issue is that people with an inordinately high ability to compromise computer systems might have access to information. Consider information like troop movements, secret bomb/nuclear supply facilities, infrastructure weak points, and financial information (account balances, passwords, etc). While compromising a system with this information may not kill somebody directly, the information could most certainly be used to kill many people, or perhaps to temporarily stunt or even cripple entire economies.
no different from other metaphors (Score:2, Insightful)
Re:Warning, noobish question ahead. (Score:4, Insightful)
why is the power grid accessible to any outside system?
Because using the Internet is way cheaper than building your own intranet.
Re:Maybe not today but in the future. (Score:2, Insightful)
It's a very useful fiction... (Score:5, Insightful)
The term "cyberwar" quietly implies that virtually any net-connected system is a potential or actual combatant. From here, it's just a hop, skip, and a jump to applying military/wartime standards for such niceties as atttacking systems, or requisitioning access. Even better, since "cyberwar" is, for suitably nebulous definitions, something that occurs pretty much constantly, among a wide variety of state and nonestate actors, with various levels of covertness, the mandate covers basically everybody, everywhere, and is of unlimited duration(See also: "Global war on terror").
Who needs bullshit like "warrants" or "due process" when any computer system can simply be declared to be an "enemy combatant" or "materially supporting an enemy combatant"? If you think the notion of charging an object in order to avoid procedural restrictions is absurd, be aware that it is already standard practice in the context of "asset forfeiture". (which makes for some rather ridiculous case names [wikipedia.org]...)
cyber is a dumb name but it is real (Score:5, Insightful)
Sticking a stupid name on something and overblowing what it means isn't the same thing as it not existing to begin with. Computers are vulnerable. People who don't like us can exploit those vulnerabilities. But this is really just another arena of non-shooting conflict, all under cloak and dagger.
The CIA has a long history of trying this sort of thing, sometimes successfully, many times not. There's directly funding revolutionaries, slipping agents into countries, running guns, sponsoring assassination attempts, economic sabotage, infrastructure sabotage, spying with human intelligence, electronic intelligence, satellite intelligence, etc. The CIA has a history of over-promising and under-delivering but this doesn't mean they won't still try.
The Russians have traditionally been much better at running spy rings. The beauty of hacking is you don't even have to put your own assets in-country and risk their capture.
On one hand, I don't think we'll ever get to the point where it can be Die Hard 4 info-Armageddon with hackers blowing up power plants at will. I think that public screwups will force a higher level of security and more rigorous design so that we are less vulnerable to external attacks. On the other hand, the BP fuckup shows that reason and logic are poor tools for explaining the behavior of large organizations. BP should have taken drilling seriously. They should have realized that they had no good plans for capping an uncontrolled well so if they were going to drill, the only option would be making sure they would never, ever, ever have an uncontrolled well. All the internal warnings they had in the months leading up to the disaster should have been their opportunities to stop the disaster before it happened. And we can see how it turned out.
Re:Cyber warfare: FUD for vendors. (Score:4, Insightful)
Think: no mains power, the backup generators can only sustain so much equipment for so long. Since the fuel pumps don't function either, you can't hop down to the gas station to buy some more fuel, and it will eventually run out. Then what? Production grinds to a halt, administration is disabled, communication services non-functional.
All you need then is one act of terrorism. No ambulances, no firefighters, as nobody can call for help. If someone does make it to the hospital, no X-ray, no life-support, no vital monitors, no defibrillator.
And this is just one scenario. Use your imagination!
Re:Cyber warfare: FUD for vendors. (Score:4, Insightful)
"Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer."
What the hell are you doing on Slashdot?
Turn all the traffic lights green in even a small part of Los Angeles, and I think it's likely someone will die in an accident caused, proximately, by the hacking of the traffic control system. Simple enough.
Crippling a cell system might result in the failure of any number of people to make contact and deliver critical information, resulting in accidents, mistakes, lack of care, and those could result in needless deaths.
If your definition of 'warfare' must include deadly force, then much of what we think of as 'cyberwarfare' doesn't meet that definition. Emptying bank accounts, DDOS attacks, defacing websites, etc. probably don't quite rise to the definition of deadly force. But I have only the one example of traffic control. Oh, another one - disabling at least some of the electrical grid seems to be possible, and blackouts can easily result in deaths.
There's plenty of hype around 'cyberwarfare'. Now to listen to the hype around 'smart grids', and how people will feel when their refirgerators get turned off during the day, or the furnace runs continuously on 103 days. Or any number of interesting nuisances that aren't fatal (except for your plants, pets, and bed-ridden grandmother) but are sure a pain.
Oh yeah. Grandma. She might not think it's to hot until she's too faint to reach the phone.
Food for thought. Go smart grids, go!
Re:Cyber warfare: FUD for vendors. (Score:3, Insightful)
They also run on their own closed-circuit network, so good luck causing trouble without physical access or making yourself pretty obvious digging up the cables.
Or find out that the closed-circuit network was not that close as you thought...
Re:Maybe not today but in the future. (Score:3, Insightful)
You are aware that you're talking about people who put their private life in the hands of Facebook and the like, yes.
But hey, maybe that's the cyber version of Mendelian selection.
Re:Cyber warfare: FUD for vendors. (Score:3, Insightful)
They also run on their own closed-circuit network, so good luck causing trouble without physical access or making yourself pretty obvious digging up the cables.
They also have fixed electromechanical failsafes. I think that most electrical engineers are sufficiently aware of the fact that computers go wrong not to put protection solely in the hands of software.
... in bed. (Score:4, Insightful)
Putting 'cyber' in front of something is just a way for people to grasp technical concepts
... in bed.
The analogies quickly break down, and are useless when taken too far