Dr. Cyberlove… Or, How I Learned to Stop Worrying and Love Cyberwar
“Based on the findings of the report, my conclusion was that this idea was not a practical deterrent for reasons which at this moment must be all too obvious...”
The Cyberwars and Your Government
Today I opened an email/link that started me on a long strange trip into the wonderful world of cyber-idiocy once again. I suppose that since I work in this business I should not be surprised to be brought to the heights of Tourettes ticking and swearing by what I read, but, yet again my brain just dumps like a BSOD and the stupidity laid before me.
The quote that got me is the following from a Senate hearing yesterday afternoon:
“I fear that when it comes to protecting America from cyberattack it is Sept. 10, 2001, and the question is whether we will confront this existential threat before it happens,”
Comparing the FUD of a cyber attack on our infrastructure to 9/11 is the WORST kind of fear mongering and pandering that I can even consider and YOU Mr. Lieberman have no idea what you are talking about. It is unconscionable that you go around spouting this in front of your colleagues as a means to an end to getting a bill signed with your name on it!
I was yet again astonished by the hubris of this guy until I read the next graph of the story where he is backed by Jay Rockefeller;
“We are on the brink of what could be a calamity,” he said. “A widespread cyberattack could potentially be as devastating to this country as the terror attacks that tore apart this country 10 years ago.”
Holy what the? Really?
So, you and Lieberman are saying that you are both experts on hacking, infrastructure design and implementation, AND just KNOW that its indeed possible to just destroy the system? That that system will cause a cataclysm that will end life as we know it? Sure sounds like you think you are on top of that.
Oh, and you two are going to bring the specter of 9/11 in there as well huh? Is this the only number you guys know? I mean even Hope & Crosby had other dance numbers they could throw out there to entertain in those road movies!
Hey, I have news for you two... 9/11 did not destroy us. Nor will any attacks, “if at all really possible” on our infrastructure. You are just using jingoism and FUD to sway the other non-experts in the senate. I know you two are not hackers nor are you even able to understand IP implementation never mind anything on the OSI layers..
So... Where are you getting all this stuff?
Enter Dr. CYBERLOVE
Enter Richard “Dr. Cyberlove” Clarke III, a man of mystery brought here from Germany in Operation: PAPER-CLIP. The man with the plan, the only one who KNOWS that the cyber villains out there can easily subvert all of our systems and turn out the lights on the US within a matter of 15 minutes.
He’s in the know and he’s got a plan...
Quietly in the background he is whispering into the earwhigs of Rockefeller and Lieberman, telling them what to say. With gravitas, he whispers in his not quite so German accent about how absolute pandemonium will break out if the Chinese and Anonymous break into a water facility in podunk Iowa and tamper with a bilge pump. A cascade effect will build from that single small failure until minutes later we are all out of power and unable to respond to… to… Something.
Yes, it’s the likes of Richard Clarke and others out there in the world with desires on the security space and having “powers” as well as sacks of money, are the ones selling this crap to the senate and the house. Spinning tales of absolute destruction to those who can’t even plug in their own DSL routers at home. Selling them all with tales of 9/11 and how devastating it will be once the hackers gain control of the pipelines and the power grid and the planes, trains, AUTOMOBILES!
FOR GOD’S SAKE FLEE! SAVE YOURSELVES!
Or… You could maybe make some new laws granting more powers with less oversight and understanding *he says sheepishly* Let us handle it all for you… It’ll be ok. I can help, I am in the private sector now and I happen to know these guys.. Well, it’s a company.. Well, uhh yeah I kinda am CEO... But... WE CAN HELP YOU!
For a fee…
CHA CHING! FUD, Legislation, and Sales
The one thing that I can kind of agree with that AntiSec has put out there (the old one not the new) is that generally, there is too much FUD being sold to the straights to make sales. The snake oil is thick out there and the use of terms like DLP, DPI, and APT are buzzwords that make sales through fear and whizzbang. In the case of APT it is one of the most misused terms today that unfortunately gets put on the side of appliances and in brochures that offer the cure all to your ills.
There are too many companies out there with marketing schemes selling to the latest FUD nomenclature and it is really quite sad. The saddest thing though to me, is seeing such snake oil and chicanery being used on our government and the congress critters to manipulate them. In the case of the congress it is not only the interests of those companies monetarily at work, but also, as I alluded to, other forces, perhaps somewhat darker in nature.
Digital land grabs are being made by corporations (MPAA/RIAA) as well as the military and other services seeking to have dominance in a new world of opportunity, the digital space where, just like the days of old, you can do pretty much what you want to, until it is legislated on. So much of this lately though, seems to be corporately driven (MPAA) with ACTA, SOPA, PIPPA and so on where corporations want to control the space in order to not lose profit. Sometimes I understand this, in the case of IP (Intellectual Property) it’s warranted in many ways. However, the lengths that the MPAA and others want to go to to get what they feel is theirs is completely out of scope with the realities of the world.
It really just comes down to profit margins in the end.. And they are willing to spend big bucks to lobby the government to get their way. Sadly, the lobbyists cater to the senators desires for money to keep their jobs as well as perhaps line their pocket (poor babies soon won’t be able to carry on their insider trading in the senate! OH NO!). Awww.
Hi, I’m Your CYBER-WARFARE Lobbyist Chip…
On the other end of the spectrum we have the military and their desires for dominance of the battlespace. They make dire predictions (ala Dr. Cyberlove) that the infrastructure is gonna get taken down, and that we will see our civilization crumble before us. Poppycock!
Sure, there are potential issues with regard to infrastructure and hacking/warfare, but, it is not such that we need to frame it and clothe it in the ripped flag of 9/11 do we? Obviously these guys all think so. I would beg to differ, and I find it shameful that it has come again to this jingoism. It is fair that the military and others might want to get ahead of the curve here in the protection of what we have.
However, it is necessary that a clear and non slanted approach be taken to the problems at hand. The studies out there are few and far between (those available to non TS folks) on the actual risk assessments of the current infrastructure. I for one would like to see a practical assessment of the current technologies in place and just what it would take to bring them down... Hard.
Instead we get theories and suppositions as well as the old “trust me”. Well, I work in the business and I know more than a few people and as yet no one I have talked to is often hiding in their basement waiting for the end to come from this vector of attack.
… And there is a singular reason... REALITY
The Realities of Information Security and Digital Warfare
Somehow reality seems to be a foreign concept to many of those out there in the FUD sector. Whether they be corporate, government, or military, they all seem to be living only in the last Die Hard movie existence than in any consensual reality the rest of us have. I recently read a paper by Sean Lawson that pretty much summed it up for me.
The take away is that the realities are different from the perceptions of “cyberwar” on all levels:
- Technical levels,
- Sociological levels
- Perception levels
It’s a good read and covers the truth that even with substantial incidents, society tends to band together and survive. So, when you hear the dire predictions from the likes of Dr. Cyberlove, you should stop and think a bit about this paper. Surely there are areas where I disagree with Mr. Lawson, but the basic premise stands. Nothing, not 9/11, not Chernobyl, not Bhopal, utterly destroyed civilization and a cyber war certainly won’t as well.
Additionally, from the perspective of systems (be they natural or man made infrastructure) tend to have resiliency built into them to some greater or lesser degree. This means that the very nature of the “internet” is to be labile enough to handle an attack. The same could be said about the electrical grid. There is no way presently that everything could go dark in the US short of there being a large EMP accident stemming from a mass coronal ejection. It would not happen from a “cyber attack in 15 minutes” as Dr. Cyberlove would have you believe in his book.
Even with all of the SCADA out there connected to the internet I still cannot see my way to equating ANY of it to 9/11 levels of scary nor do I think it at all appropriate. We are presently at a state where espionage and LULZ are king. These things are not going to destroy our way of life. Only the stupid that is being propagated by the misinformation and outright obfuscation going on in the senate and other places is.
What We Don’t Understand We Fear… Like a VCR clock that blinks 12:00 All Day Long
Fear is the key. Fear is being used as a cudgel against us all by it being trotted out for the government to see and feel. All of these players making the laws can’t even program their DVR clocks never mind making laws about such technical subjects as hacking and information warfare. Yet, here we are, reading in the NY Times about how two senators are making bold claims about how horrible the day will be when someone finally hacks the matrix and turns off our lights or messes with our traffic lights.
Fear on a general level is the great motivator and I am afraid that they are afraid because they lack the understanding to know any better. I also fear that they keep getting bad information from the likes of Dr. Cyberlove and his pals who are just as misinformed but have a platform to speak because they are snuggy bears to the senate.
On a mass scale, the general populace fears it all because they too don’t get it all, it’s a magic two thousand dollar facey-space machine to them… It just works, as the Mac heads say. They need not know how it works or how to protect it. They are wrong.
Though, I don’t expect them all to be experts, but I do expect that real experts would be put in front of the people who make the laws and forge the countries direction on such things. Instead we get Pinky and the Brain.
Our collective fears could allow these governments to control more and more of our online lives as well as place us in the position of the always monitored and suspect populace. It’s already happening and I fear that with the help of the Dr. Cyberlove’s it will only get worse.
So, where is our cyber doom? Our real cyber doom is allowing this to go on. To not get involved and correct the silliness that is being propagated by the likes of Mr. Clarke. We will continue on this path and eventually something will happen. The Dr. Cyberlove’s of the world will say AH HA! WE TOLD YOU! but the reality will be we will move on. There will be no apocalypse. There will be no Cyber Katrina, the systems are just not that connected and it would take a HUGE effort to make that happen with kinetic attacks (picture Red Dawn, Chinese dropping into our country in parachutes) to cause the real “war” they seem to be predicting.
I just don’t see it happening.
Instead, how about we just talk about doing the right thing and protecting our networks from attacks big and small? Perhaps a little “due diligence” so that we are protecting things and are being accountable?
Is this too much to ask?
Cross-posted from Krypt3ia