The Next Arms Race: Cyberweapons 125
Harperdog writes "Scott Kemp writes about the similarities between the nuclear arms race and the use of cyberweaponry for offensive purposes. As the article points out, offensive cyberwarfare leaves a nation's own citizenry vulnerable to attack as government agencies seek to keep weaknesses in operating systems (such as Windows) secret. Quoting: 'In the world of armaments, cyber weapons may require the fewest national resources to build. That is not to say that highly developed nations are not without their advantages during early stages. Countries like Israel and the United States may have more money and more talented hackers. Their software engineers may be more skilled and exhibit more creativity and critical thinking owing to better training and education. However, each new cyberattack becomes a template for other nations — or sub-national actors — looking for ideas.'"
or you could just... (Score:2, Insightful)
government agencies seek to keep weaknesses in operating systems (such as Windows) secret.
God forbid you simply keep these machines offline.
Nope, gotta keep them open for people to find and attack.
Re:or you could just... (Score:5, Insightful)
The nuclear enrichment site at Natanz was kept offline. That didn't keep stuxnet out of there.
The problem with security in general is that no matter how many protections you put in place humans are still the weakest link. We will always make mistakes.
Re:or you could just... (Score:5, Insightful)
I interpreted that statement differently: it's not that government agencies seek to keep weaknesses secret in order to avoid being attacked, it's that they want them secret so that they can use those weaknesses to attack others.
The nuclear arms race wasn't that bad . . . (Score:3, Insightful)
. . . because both sides were scared enough not to even think about using them. Just a few isolated tests here and there in underground isolated places. No, or very limited, collateral damage.
With the Cyberweapons arms race, it seems to be like the wild west. Cyberweapons are being deployed and tested everywhere, and affecting innocent bystanders. Imagine having nukes tested in your backyard. Or Cyberweapons tested live on your Internet.
More like biological weapons than nuclear, I think (Score:5, Insightful)
I'd say this is a bit more like biological weapons, and less like nuclear - more likely to spread, more likely that a single individual or small group can successfully develop and deploy them, some chance that once deployed, it will come back to attack its creator-state, because you can't be completely sure you can control it. (That is to say, once a given nuclear device is detonated, it's gone and can't attack again, but biological can cyber weapons can be harvested, tweaked, and re-deployed against you).
Re:or you could just... (Score:3, Insightful)
Indeed. Were I in the military, I'd personally ensure that any computer connected to anything remotely important did not even have an Ethernet connector.
The sad part is, the military probably thinks we are joking when IT people tell them "No, really. Just don't connect anything important to the internet. It will be cracked, no matter what the security vendor / sales guy is telling you." It can be running the most harden variant of Unix you know of, with all sorts of security schemes; but if you put it on the internet, it will be found, with people lining up to try and get in.
But I digress. The entire computer 'security' industry that has sprouted up over night is headed by people who couldn't make it as network admins, but want the same rights and privileges. Whole corporations following the advice that is found on page 209 in most 'Welcome to {insert name} Operating Systems: An Administration Guide'
I guess they need to see it from our stand-point: it's a triple face-palming (when it's so bad, you need a friend to lend you a hand) event. However, they probably just hear cursing that would make a sailor blush, and think it's those 'discontent' tech people.