Bruce Schneier writes that The Threat of Cyberwar Has Been Grossly Exaggerated.
Not unpredictably – the essay yielded a lively discussion, I agree with Bruce – especially because of all the hype around Stuxnet.
On one hand – the locals in Israel more or less know, or guess who worked on the project and on the other hand – there are clumsy attempts at disinformation – Shai Blitzbau is trying to claim that it is not military code, but didn’t do his homework regarding WinCC ( a Siemens Windows application for industrial command and control, not a special version of Windows for SCADA systems as Blitzbau wrote).
WinCC V6.2 is released for the following operating systems:
Windows XP Professional Service Pack 2 (client / single-user station)
- Windows 2000 Professional Service Pack 4 (client / single-user station)
- Windows Server 2003 Service Pack 1 (client / single-user station / server)
- Windows Server 2003 R2 (client / single-user station / server)
Microsoft SQL Server 2005 SP1 is used as the database and is supplied with WinCC Version 6.2. The SQL Server system administrator password can be assigned by the user and supports adherence to company password conventions.
While Blitzbau is probably trying to link-bait some headlines with contrarian opinion – 500MB of well written code by a large multi-disciplinary team looks and smells like cyberwar no matter what languages the developers speak and use.
Nonetheless – cyberwar is over-hyped.
I found it significant that Schneier’s article and the resulting discussion thread – skimmed over the obvious: namely that:
In real war (as defined by soldiers of one state fighting soldiers of another state) or real terror (as defined by bad people who kill civilians) – real people get killed.
As an Israeli – I find the American fixation on cyber-terror and cyberwar somewhat amusing.
Although I understand that it is fundamentally a way of generating more business for the Raytheons of this world – the American fixation on cyberwar and cyber-terror goes beyond the DoD and Pentagon turf wars.
For many Americans, cyberwar must seem like a safe way of vicariously participating in some kind of a cool war effort without having to pay the physical and emotional price of dealing with losing friends and families to real world terrorists or soldiers.
Perhaps – if I might speculate – it is possible that the President Obama has not declared war on Afghanistan because it runs contrary to his liberal weltanschaung of “lets solve conflicts by talking to everyone since everyone are created equal”.
Cyberwar and cyber-terror are proofs of the inequality of life and the inequality of war.
While the DHS, NSA, FBI, CIA would have difficulty producing a single example of a real person being murdered by a piece of targeted malware – any Israeli you meet – including yours truly, has close friends or family who were killed by real wars and real terrorist.
Cross-posted from Israeli Software