Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Unable To Win a Cyber War

CmdrTaco posted more than 4 years ago | from the well-that's-not-encouraging dept.

Security 327

An anonymous reader writes "The inability to deflect even a simulated cyber attack or mitigate its effects shown in an exercise that took place some six days ago at Washington's Mandarin Oriental Hotel doesn't bode well for the US. Mike McConnell, the former Director of National Intelligence, said to the US Senate Commerce, Science, and Transportation Committee yesterday that if the US got involved in a cyber war at this moment, they would surely lose. 'We're the most vulnerable. We're the most connected. We have the most to lose,' he stated. Three years ago, McConnell referred to cybersecurity as the 'soft underbelly of this country' and it's clear that he thinks things haven't changed much since then."

cancel ×

327 comments

Stupidity of leadership... (4, Informative)

LostCluster (625375) | more than 4 years ago | (#31260558)

If you watched the broadcast of this exercise on CNN, you heard many people arguing for things that the government just can't do such as ordering telcos to disable all smartphones, suspending rights, and even nationalizing the power companies.

They spent so much time being told by the simulated AG what they couldn't do, they didn't have time left to discuss what they could do.

Re:Stupidity of leadership... (4, Interesting)

MozeeToby (1163751) | more than 4 years ago | (#31260618)

What they don't understand is that it isn't going to be the government or the military that responds to a real cyber attack, it's going to be a nation wide army of several hundred thousand IT admins working 70 hour weeks to keep their companies secure and operational. Once solutions are found they'll be posted to the web and disseminated faster than the new attacks can be devised. In short, cyberwarfare won't work for the exact same reasons that censorship won't work, there's too many people working against the attackers who can communicate too quickly and too effectively.

Or, to put it another way, http://xkcd.com/705 [xkcd.com]

Re:Stupidity of leadership... (3, Insightful)

toastar (573882) | more than 4 years ago | (#31260718)

Who would we be at war with? And what would it look like? I already block Large blocks of IPs from china/russia.

Actually this is a better example http://xkcd.com/538/ [xkcd.com]

just imagine in the left panel it's the goverment imagining needing all these 4 amendment violations and the right one is a sysadmin pulling out network cable from the router that connects the supposed country we would be at cyberwar with.

Re:Stupidity of leadership... (3, Informative)

pv2b (231846) | more than 4 years ago | (#31260924)

Except it probably won't be as simple as lots of evil malicious traffic originating from... say... the hypothetical Peoples Republic of Anich.

And then you can just block all of Anich and you won't be under attack any more.

The traffic of such a cyberattack could conceivably originate from all over the world, including from your own country - originating from compromised personal computers with fast broadband connections. Or even from the very modems or Internet sharing devices that connect their homes to the Internet.

All you'd have to do, from that point on, is to have some way to send command and control traffic to the botnet inside the borders of the country you're trying to attack. And even that traffic could conceivably be hosted by some country neutral in the conflict.

Re:Stupidity of leadership... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31261040)

This is exactly why using IE6 (or any unpatched IE) should be an offence punishable by death.

Re:Stupidity of leadership... (1)

zappepcs (820751) | more than 4 years ago | (#31261078)

I don't know, a couple of hearty men on a couple of random ships seems to be able to cut off most of the world from the Internet. If you planned it just right, that sysadmin might be on the bridge of a boat, but pull the plug he could.

Foolproof solutions only make smarter fools.

It would not take too long to programmaticly identify and block/drop/disconnect any IP on your network, daisy chain that effort, and you start making parts of the network dark, but it will shut down the attack, legal issues aside. If the problem is big enough, this type of answer would be acceptable for a short period to most users. Car analogy: Oh, I have to stop driving my car to get the snakes out of it? ok! screeechhh, door opens, driver exits as if ejected.

I'm not saying it's a practical plan, but in desperate times....

Re:Stupidity of leadership... (2, Insightful)

pv2b (231846) | more than 4 years ago | (#31261254)

I don't know, a couple of hearty men on a couple of random ships seems to be able to cut off most of the world from the Internet.

That might work well for some countries which are connected only with a small amount of cables. Not so much for the United States, probably the best-connected country in the world. I'd be incredibly surprised if anyone (that doesn't work at an ISP or a telco) would even notice if two or three cables connecting the united states to the world were severed. BGP will find another way. :-)

Re:Stupidity of leadership... (1)

cenc (1310167) | more than 4 years ago | (#31261338)

Problem is that much of the United States online biz is really offshore biz.

Re:Stupidity of leadership... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31261328)

I knew we should have installed a factory reset button on the internet.

Re:Stupidity of leadership... (4, Interesting)

Monkeedude1212 (1560403) | more than 4 years ago | (#31261006)

You fail to realize that it is not "one network cable" that connects us to (lets say China). The robustness of the internet means that every route to China must be cut in order to stop the attack.

That means England has to cut their ties with China. And France. And so on and so forth until everyone that North America Can access no longer has access to China. If we leave the pipes open to India, and India is still open to China, thats a route through to the US. Thus we resort to IP Blocking, but then spoofing and Proxies comes into play - making things more complex.

The other solution to stop the attack, is to disconnect all the network cables that access any other country. Leaving you with an internet that spans North America Alone.

Personally, if it ever comes to a cyber war, I think it will boil down into a World War kind of thing. One side will cut ties and allegiances will be made. The West will be on their own private network and the rest of the world on theirs, creating two out of sync "Internets".

Re:Stupidity of leadership... (1)

TheKidWho (705796) | more than 4 years ago | (#31261246)

Yes, and once the war is over talks will begin on who gets to control what domain names.

Re:Stupidity of leadership... (4, Insightful)

HungryHobo (1314109) | more than 4 years ago | (#31261350)

Why would any of that happen???
The internet is essentially millions of walled and gated communities.
Everything that any hypothetical attacker could try is already being done by the legions of script kiddies right through to highly paid top notch programmers working for organised criminal groups.

If any hypothetical attacker from china or *scary place* wanted to launch a DDoS attack why would they write anything of their own when they can just pay for bandwidth from one of the big botnet herders?
Government entities hardly have a monopoly on hackers.

A million Sys admins the world over already deal with these problems every single day of the year.

Re:Stupidity of leadership... (2, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#31261504)

Why would you assume that a Cyber war would consist of conventional "Attacks"?

Of course they aren't going to DDoS, that's something a million Sys admins the world over already deal with every single day of the year.

I think more damage could be done with Rootkits and backdoors than a DDoS ever could. And believe me, the kind that would be employed are not the kind that script kiddies use every friday night. The kind that would be employed would end up being engineered into the hardware, something China regularly produces for us.

Re:Stupidity of leadership... (1)

Xarius (691264) | more than 4 years ago | (#31261426)

Personally, if it ever comes to a cyber war, I think it will boil down into a World War kind of thing. One side will cut ties and allegiances will be made. The West will be on their own private network and the rest of the world on theirs, creating two out of sync "Internets".

Considering the significant language barrier between the East and the West, what would we (in the west) really be losing out on?

Re:Stupidity of leadership... (0, Troll)

JerryLove (1158461) | more than 4 years ago | (#31261038)

I already block Large blocks of IPs from china/russia.

Then it's a good thing that hackers don't know how to use proxies or make zombie machines. You are perfectly safe!

Re:Stupidity of leadership... (1)

BobMcD (601576) | more than 4 years ago | (#31261230)

I already block Large blocks of IPs from china/russia.

Then it's a good thing that hackers don't know how to use proxies or make zombie machines. You are perfectly safe!

Why criticize the idea, though? It just seems asinine that you would take a position of 'you are never safe and therefore stupid'. Security in layers is never bad, even though one might suggest increasing the number of layers.

Re:Stupidity of leadership... (5, Insightful)

eldavojohn (898314) | more than 4 years ago | (#31260786)

In short, cyberwarfare won't work for the exact same reasons that censorship won't work, there's too many people working against the attackers who can communicate too quickly and too effectively.

Quiet, you fool! Imagine if they can convince the United States government that part of its defense budget should go to increasing cyber security! We already know the DoD uses Linux [aviationweek.com] and wants more [slashdot.org] . Just think what a very tiny fraction of the US Defense budget could do for security in Linux and its subsequent adoption for corporations!

And for those of you that argue the enemy will then use Linux: who cares? Bullet proof protection on both sides would prevent any attempt of an offensive from ever sparking a war. In light of recent economic ups and downs, I would argue at this point it's more important to make the corporations feel 100% safe and secure -- unlike Google in China.

Re:Stupidity of leadership... (1)

robinstar1574 (1472559) | more than 4 years ago | (#31260830)

Linux is only as good as its compiler. If the compiler modified some code in the process, bam. Hyper-secure, because the person attacking dosn't know those modifications.

Re:Stupidity of leadership... (1)

WrongSizeGlass (838941) | more than 4 years ago | (#31260936)

So you're saying when I screw up my compiler flags I'm actually helping my clients? Excellent ... I now have a justification for billing my clients when I do something stupid.

Re:Stupidity of leadership... (1)

robinstar1574 (1472559) | more than 4 years ago | (#31261080)

No. I mean when you actually modify the source code.

Re:Stupidity of leadership... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31261374)

Watch your words, that blade cuts both sides. The same way defense money goes to make both weapons and defense systems. My bet is that money in cybersecurity goes to make not only tools for defending from attacks, but to develop more sophisticated attacks. The kind that can be used against their own people, such as wiretapping their citizens, etc.

Re:Stupidity of leadership... (1)

BobMcD (601576) | more than 4 years ago | (#31261412)

When did Linux boxes eliminate human interface? How do the operate without using fallible things such as passwords? When did the migration happen?

We have BOFH (4, Funny)

wsanders (114993) | more than 4 years ago | (#31260962)

We are BOFH. You want Mutual Assured Destruction? We make the USAF look like wusses.

Re:Stupidity of leadership... (0)

Anonymous Coward | more than 4 years ago | (#31261056)

your logic is flawed... if we are in cyber war, meaning most of our internet is DOWN, so what if our heroic IT admins found solutions? They won't be able to access the websites, or facebook, or twitter...

Re:Stupidity of leadership... (0)

girlintraining (1395911) | more than 4 years ago | (#31261266)

Once solutions are found they'll be posted to the web and disseminated faster than the new attacks can be devised. In short, cyberwarfare won't work for the exact same reasons that censorship won't work, there's too many people working against the attackers who can communicate too quickly and too effectively.

So maybe what they ought to be doing is setting up a darknet with xDSL, POTs and mobile vans with a spread of networking equipment to keep communication happening between critical infrastructure teams at major network interconnect points and certain websites (like facebook, cnn, etc.) so we retain the ability to inform the general public of what steps to take to assist to counter the threat. That way we can exchange information and coordinate our efforts should our primary communications fail.

But that would require that the military admit that they need civilian expertise and assistance in a disaster, and they're reluctant to admit that they'd need us as much as we'd need them in a real crisis. Ironic, since the military's true strength is in rapid communication, a chain of command, and the ability to rapidly get information to the right people to make tactical decisions. Delays and a lack of timely intelligence is what will kill us in a cyber attack, not lack of resources.

Re:Stupidity of leadership... (0)

Anonymous Coward | more than 4 years ago | (#31261276)

You're almost got it but you have it backwards, that attacker have the overwhelming advantage, 1 good hacker would need a team of 100 working closely together or more to stop, and 1000 to have a chance to catch. You are beyond clueless. Where you in IT during 911? Wasn't even a cyber attack and most admins were glued to the TV or chasing ghosts. Just look at the recent Google attack still haven’t figured that one out have they?

Re:Stupidity of leadership... (1)

jd.schmidt (919212) | more than 4 years ago | (#31261290)

Well, true. But a "Cyberwar" is just designed to gain temporary advantage by diabling systems and pulling resources away from the actual real world conflict. Most of the attacks will be preplanned on already known vulnrabilities. That is the reason for the term "Digital Pearl Harbor", of course the U.S. is a digital "super power", we have extrodianary resources and given time will likely solve most issues. But we don't want a sneak attack "while we sleep".

BTW, I do agree that central control will NOT solve the problem. I don't see any advantage of the goverment ordering all smart phones turned off. Better is simple training to identify critical systmes that should be removed from the Internet and training on plan B if you have to go to manual control.

If you have any interest in this kind of stuff, Infragard (http://www.infragard.net/) is a good place to start. It's primary focus is sharing posible security threats with the public.

in other words... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31260724)

The US Federal Government is unable to win a cyber war.

The nation's private infrastructure has been defending itself for decades now, and knows what it's doing.

Re:in other words... (1)

delinear (991444) | more than 4 years ago | (#31261070)

Furthermore I'd be surprised if any government was in such robust shape as to be able to withstand a prolonged, concerted attack of this kind. As others have suggested, singling itself out this way is just a ploy to get more cash for "security", which as we've seen in the past generally means more monitoring of the average guy.

Re:Stupidity of leadership... (1)

ircmaxell (1117387) | more than 4 years ago | (#31260740)

The upside to that, is now we know what failed during the exercise, so policies and training can focus on those failed areas. I didn't expect things to go flawlessly, and I think that anyone who did is not a realist. The fact of the matter is that they were not prepared for such an event. That's fine (It really is!). What's imperative is that now that we know that breakdowns occurred, and more importantly where they occurred, we can start to fix those breakdowns... It's the natural progress of trying to prepare for the unknown. We'll never truly know if we are prepared until we come under fire (or perhaps realize that we are under fire). But blatant failures such as this one are invaluable in figuring out what should and what shouldn't work in an actual event.

Re:Stupidity of leadership... (2, Insightful)

HungryHobo (1314109) | more than 4 years ago | (#31261512)

How could it have gone any other way?

They put a crowd of idiots who couldn't find their arses with both hands, didn't know the law, didn't know about the internet and didn't know about technology in a room and then expected them to do what?
Make sensible choices?

If you want good decisions in that situation you get a small group of experienced sys admins, a couple of really really good lawyers and one person with enough authority and enough sense to keep quiet who's job it is to shout at people until the plans the others have come up with happen.

The politicians meanwhile can be put in another soundproofed room where they can drink coffee, make grand stupid plans and convince themselves they're saving the world while everyone else actually deals with the problems.

Any "real" cyber attack is going to happen at 3 am, the sys admins in the organisations being attacked will for the most part be the only ones who know anything is happening with the exception of a few people who can't get the *organisations web page* to load until after the event.
Just like what happens all the time now when organisations get attacked.

Which is why they ran the exercise (1)

wiredog (43288) | more than 4 years ago | (#31260802)

They didn't know that those things couldn't be done. Would you rather they found out during an exercise, or in a real emergency? Remember, these are not technical people.

Re:Which is why they ran the exercise (1)

JerryLove (1158461) | more than 4 years ago | (#31261062)

They didn't know that those things couldn't be done. Would you rather they found out during an exercise, or in a real emergency? Remember, these are not technical people.

Then there should be someone who *does* know what can be done.

But are we talking "technically" or "legally". That our lawmakers don't know what is and is not legal is a pretty disturbing thought.

Re:Which is why they ran the exercise (1)

wiredog (43288) | more than 4 years ago | (#31261178)

There was someone there. Several people (legal, technical, and other) who said "You can't do that..."

Also, these weren't lawmakers, they were from the executive branch. Various levels of managers, mostly senior.

Re:Stupidity of leadership..or quite the contrary? (4, Insightful)

sznupi (719324) | more than 4 years ago | (#31260804)

I wonder how much of this new fear has to do with revving up support for ACTA/etc.

Re:Stupidity of leadership..or quite the contrary? (1)

kazade84 (1078337) | more than 4 years ago | (#31261094)

Heh, I kinda hope ACTA triggers a cyberwar, against all the governments that backed it.

Re:Stupidity of leadership... (1)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31260866)

Wow, they are lobbying to able to shut down cell phone service and internet access when the companies (supposedly under attack) are "unwilling" to do so. I'm glad I'm not a conspiracy theorist or I would be under the table right now wearing my tinfoil hat. To me it sounds more like a South American regime worried about a coup than the "home of the free."

Re:Stupidity of leadership... (1)

couchslug (175151) | more than 4 years ago | (#31261210)

We what we need are actual cyber attacks to build system immunity, just as virus and malware attack coerce countermeasures.

Re:Stupidity of leadership... (1)

Dr. Evil (3501) | more than 4 years ago | (#31261302)

A lot could be said for creating a PGP signed mailing list based on a web-of-trust and requiring a government certifier in the trust. Then we could at least share contact information, verify authenticity of requests in the event of attacks and keep reactions to changes in infrastructure confidential. Include key signing in the certification process for basic government clearance.

An announcement mailing list could keep us abreast of potential problems... ideally just a monthly "this is a test of the emergency broadcast system" message checking that we can read and certify government encrypted emails.

Most of us have some kind of government clearance anyway, so I don't think this kind of preparation is too much to ask. Smaller providers can authenticate and cooperate with the upstream provider who does have the clearance.

Information leaks can be dealt with by the government untrusting chains or individuals.

I for one, *want* a list like this where I can find remote admins who can respond to attacks which I detect.

3rd World War (3, Funny)

Krneki (1192201) | more than 4 years ago | (#31260580)

a.k.a. All your base are belong to us.

Duh. (2, Interesting)

Pojut (1027544) | more than 4 years ago | (#31260600)

Tell us something we don't know. When script kiddies can invade government networks, I'd say that we are pretty much screwed if an all-out digital conflict were to happen.

Let me guess the solution: (5, Insightful)

Anonymous Coward | more than 4 years ago | (#31260606)

More government intervention and monitoring of the Internet, to be outsourced to 3rd party vendors which are politically connected?

Nah, couldn't happen.

Re:Let me guess the solution: (1)

wintercolby (1117427) | more than 4 years ago | (#31261346)

Don't forget that those same 3rd party vendors will then outsource those jobs to a 4th party. It will entirely be filled with contractors making good money, but no benefits. It will once again be a way for corporations and our own government to wiggle out covering retirement or health care. It's a far right wing win on all counts:
Big money for defense, check
Big money for private industry, check
No government insurance for public servants, check
No retirement planning for the middle class, check

Im in ur internetz fraggin ur servers (4, Insightful)

calibre-not-output (1736770) | more than 4 years ago | (#31260608)

Given the completely ignorant approach the Legislative and Judiciary powers in the United States of Jeebus have taken to the Internet, I am not surprised that the Executive power is also doing it wrong.

Propaganda (5, Insightful)

Anonymous Coward | more than 4 years ago | (#31260638)

Pretext to OpenID and government surveillance.

Mod up (1)

sakdoctor (1087155) | more than 4 years ago | (#31260870)

This is nothing but propaganda.

The term cyber-war is a dumbed down and meaningless term, just likes "series-of-tubes internet" to scare people, and spread ignorance about the topic of security.

Mod parent up (1)

BhaKi (1316335) | more than 4 years ago | (#31261434)

All these FUD mongering stories are freaking me out and affecting my patience.

Re:Propaganda (1)

maxume (22995) | more than 4 years ago | (#31261342)

A pretext to the OpenID that verifies that a given authentication request originated from the owner of an identifier, without saying anything about the trustworthiness of the identifier?

(No, seriously, the owner of example.com can set up http://example.com/yes [example.com] as an OpenID that is always authorized, OpenID itself is not a threat to anonymity or privacy)

who's inability was it? (2, Interesting)

adosch (1397357) | more than 4 years ago | (#31260660)

To me, all that pony show was six days ago was a mock news and propaganda freak show. It just showed that congressional leadership and suit monkeys couldn't deal with the situation, it didn't say anything about whether our infrastructure or the closet tech experts in charge of it could effectively deal with it.

I also might add, "GNN" did a pretty poor job, too. I didn't catch all of it, but the little I did, it also showed me that there's also an inability on the news reporting front, too.

duck and cover! (2, Funny)

bugi (8479) | more than 4 years ago | (#31260678)

Luckily, I've setup my server farm in my old bomb shelter.

Re:duck and cover! (2, Funny)

Krneki (1192201) | more than 4 years ago | (#31260796)

Luckily, I've setup my server farm in my old bomb shelter.

For security reason I'm backing up the whole net using Torrents. :)

US _Government_ Unable to Win a Cyber War (0)

Anonymous Coward | more than 4 years ago | (#31260690)

America has plenty of hackers that could wreck havoc other countries' computer systems. The Government just isn't employing most of them for various reasons

Stepping away for a moment... (0)

Anonymous Coward | more than 4 years ago | (#31260692)

US Air Force: Hey, I'm logging out for awhile. If someone logs in any time soon, it is a Chinese hacker trying to start WWIII.

US Air Force is away.

US Air Force: DISREGARD THAT.... I SERK DICKS!!! KEKEKEKE LAUNCH ALL NUKEZ!!!!

all this proves (4, Insightful)

gearloos (816828) | more than 4 years ago | (#31260696)

All this proves is that the moronic politcal machine has no idea how to conduct real world I.T. tests

Re:all this proves (1, Insightful)

Archangel Michael (180766) | more than 4 years ago | (#31260862)

Political Machine only cares about one thing .... getting re-elected. ALL other things play second fiddle to this primary fact. How else can you explain how stupid politicians keep getting re-elected? It isn't because they are doing a good job.

What I don't understand is the 10% that think our congress is doing a good job. THESE are idiots that keep voting the other idiots into office.

What makes most Sys Admins good is that they don't play politics, they tend to say exactly what they mean, and mean precisely what they say. This is 100% opposite of what political machine expects, which saying something that means everything to everyone, while actually not saying anything useful at all.

Why is infrastructure connected? (4, Interesting)

pauljlucas (529435) | more than 4 years ago | (#31260702)

Why are things like power plants, banks, or telcos directly connected to the internet? You'd think they could afford a completely separate network.

Re:Why is infrastructure connected? (1)

jbrandv (96371) | more than 4 years ago | (#31261288)

Because the CEOs don't listen to the IT people and they believe that profit is more important than security.
Since they are mostly rich and they are insulated from any problems they cause I guess they may be right.
I still don't agree and have placed many letters in my personnel folder stating that I don't agree. Just to CMA.

Re:Why is infrastructure connected? (1)

cenc (1310167) | more than 4 years ago | (#31261406)

Until it cost them 100 billion a day in cost and they are making billions in profits every day from it, the executives are right to ignore the IT guy.

Re:Why is infrastructure connected? (1)

pauljlucas (529435) | more than 4 years ago | (#31261416)

Because the CEOs don't listen to the IT people and they believe that profit is more important than security. Since they are mostly rich and they are insulated from any problems they cause I guess they may be right.

So then the solution should be simple: have congress legislate that the networks be separate.

Re:Why is infrastructure connected? (0)

Anonymous Coward | more than 4 years ago | (#31261352)

Cost of the separate network would cut into their bonus money.

Re:Why is infrastructure connected? (5, Interesting)

vlm (69642) | more than 4 years ago | (#31261384)

Why are things like power plants, banks, or telcos directly connected to the internet? You'd think they could afford a completely separate network.

A short summary of the problem:

Obviously no one manipulates the reactor control rods over the internet, outsourced to India. Although there is probably an intense desire by the MBAs to do so. Obviously the marketing guys have their PR website on the internet.

The problem is the devices in between. At a past employer, they had a customer whom had to cancel aircraft flights when their net access was down. They had to submit some form or list to the FAA or DHS or big brother or whatever for each flight, and they had a backup plan to submit the info over telephones/cellphones, but not the personnel to handle the load of all flights on backup, so the least essential flight would be canceled. Sales gave them an elaborate SLA.

That is how you shut down a nuclear plant using the internet. They can't email incident reports to the N.R.C., so they have to shut down for "safeties sake". Its not that its technically dangerous, but intentionally operating without N.R.C. oversight might be a $10M/hour fine, so they aren't gonna do it. Or maybe the plant guards won't get paid unless their internet accessible timeclock application works, they won't work for free, and the plant is not allowed to work without guards. Or the VOIP customer service in India is inaccessible and for safety reasons you can't supply power with no way to learn of lines down in the street and/or dispatch the service techs, so off goes the power to the city. To save money, city water SCADA system is now on the internet instead of a private net, and when the inet goes down, no water, no water means the plant shuts off. Thats how you use the internet to shut off a nuclear power plant, not some B.S. about remotely adjusting the control rods and turning pumps on and off.

What was almost certainly not discussed during the govt simulation was the need to remove useless regulations, because that gets the proletariat wondering if those regulations are really required under normal circumstances...

Re:Why is infrastructure connected? (4, Informative)

LostCluster (625375) | more than 4 years ago | (#31261462)

In this simulations, they weren't. The public cell phone network had a widespread trojan, which went on to attack the public Internet. With phones and data down, they weren't able to respond to simple bomb attacks on a few power locations, and the power grid collapsed.

The threat to the power grid wasn't that that it was cyber attacked, but that a conventional attack was much more powerful when there was no way to direct the repair people. With no way to direct truck drivers or send orders, there was no way to get gas to critical things like hospital and police to run generators.

The team lost the wargame, and was punished by having to be interviewed by Wolf Blitzer.

Computer unable to defeat Nuke (4, Funny)

vvaduva (859950) | more than 4 years ago | (#31260732)

The headline should really read: "Overseas hacker's computers unable to defeat incoming U.S. nukes."

That would be much more accurate, if we are going to talk about WAR.

Re:Computer unable to defeat Nuke (1)

masmullin (1479239) | more than 4 years ago | (#31260982)

Yeah, I think the US can stop hackers by SHOOTING THEM IN THE HEAD!

Re:Computer unable to defeat Nuke (1)

malkavian (9512) | more than 4 years ago | (#31261044)

Yeah, but which country? As, for example, a political group in one country uses machines in a second to launch an attack at a third. Retaliation of the weaponised type happens from the third country to the second, leaving countries 2 and 3 smoking ruins, but the first laughing.
If you wait long enough to try and piece things together, you'll likely have bigger problems on your hands than retaliation (i.e. keeping afloat).

Where going about this entire issue all wrong (1)

robinstar1574 (1472559) | more than 4 years ago | (#31260738)

A cyber war is an attack of things trying to leech information from systems illictly, right? Well, we need to change the way we use to combat it. We need to have web routers for personal use that forbid traffic inbound except as reply to outbound packets, by having the routers have a connection log, blocking any connections that do not truely exist. We need a new http server, one that only sends the appropriate files, and don't allow the programs it runs to edit any files except those it has been authorized to edit, we need mail servers to have a hyper-tough encryption, say 2048-bit encryption of some sort. We have the capibility of all this, we just need to utilize. Cyber Insecurity is caused only by carelessness.

Bullshit (3, Insightful)

sexconker (1179573) | more than 4 years ago | (#31260746)

If there was an actual cyber war, we would respond with real war.

We're far and away the best at that.

Random attacks showing the ineptitude of aren't a cyber war. When someone starts launching missles and redirecting our navy clear a path for an attack, then it'll be a cyber war.

When some schlubs steal buckets of personal data, mess with the power grid, or disrupt internet traffic it's just another day in the U S of A.

What is this? Monday? (1)

sexconker (1179573) | more than 4 years ago | (#31260836)

Damn slashdot.

Random attacks showing the ineptitude of <random government-related place/people>...

And for good measure: ...redirecting our navy to clear a path for an attack.

Told ya! (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31260772)

There once was a time when we had the best, cutting edge people in the security biz. Yes, this was a long time ago, when we had most of the technology too.

Then they passed various laws, which had good intentions. But the negative side effects killed any curiousity that new students had in exploring this field. Businesses helped insure this death of talent, by threatening certain schools by not hiring students who took classes that the Businesses found threatening.

One could see the results a mile off. We have a whole generation who is ignorant and unprepared to fight such a war. Many of the more incompetent of them are even under the delusion that they are really hot stuff. But incompetent people are blind to their own incompetence, while the bad guys have free reign to test their skills every day.

If you want a chance at some hope to defend this nation, you need to free the students to explore and learn. Until that happens, yoo'll always be owned by the bad guys. There's not a chance in the world of this happening yet though. The entire rotten system has to come crashing down first. The good news is that with the $700 Trillion ponzi scheme of derivatives, this is about to happen via the Global Financial Crisis.

Bunch of BS (4, Informative)

elrous0 (869638) | more than 4 years ago | (#31260774)

That "excercise" was conducted by a bunch of former Bush officials and other neocons. It wasn't a test of our cyber security, it was a propaganda tool designed to embarass the Obama administration and urge a further erosion of our civil liberties.

Re:Bunch of BS (0)

Anonymous Coward | more than 4 years ago | (#31261008)

it was a propaganda tool designed to embarass the Obama administration and urge a further erosion of our civil liberties.
Yet, even without this report Obama has had no problems embarassing his administration or the tramping on the civil liberties of US citizens.

Re:Bunch of BS (1)

CodeBuster (516420) | more than 4 years ago | (#31261146)

I think you are looking at this all wrong. As others on this thread have pointed out, the real defense against any "cyber attack" (can we all stop using the cyber prefix already? The Internet has very little to do with cyborgs) will come from the private sector. This exercise, like many others conducted by biased parties within the government, is designed to drum up maximum fear and guarantee years of increased budgets and spending for those involved in the exercise. This is about money, plain and simple, and the private sector will be only too happy to supply the government with whatever gear, useful or otherwise, it is willing to pay for. When have you ever heard of a government exercise not resulting in the conclusion that lots more money must be spent and quickly to ensure that we "win" the game?

Re:Bunch of BS (1)

LostCluster (625375) | more than 4 years ago | (#31261508)

Yep, this was set up by Fox N... wait a second, it was on CNN!

GNN? CNN? REALLY? (1)

zcold (916632) | more than 4 years ago | (#31260814)

I think their problem was using GNN as their source for up to date information. Anyone relying on GNN for their news will not make it through...well.. anything... *cough*

Re:GNN? CNN? REALLY? (1)

WrongSizeGlass (838941) | more than 4 years ago | (#31261004)

GNN = Gynecological News Network.

These are the same people who are negatively reporting on Apple removing porn from the App store. They're just a bunch of ... um ... well, infer what you like ;-)

Yeah could win, but... (0)

Anonymous Coward | more than 4 years ago | (#31260826)

Yes, we would lose as this country continues to be wrapped up in Gov. red tape. On the flip side if we experienced a serious cyber outage all it would take is to rally the troops from Blackhat/Defcon etc..., put aside that they don't hold clearance and smoke pot and let them do what they do BEST. Don't think for once the US is incapable of winning this "battle" what impedes us is we spend more time fighting bureaucracy then we do fighting the war.

The movie was good (0)

Anonymous Coward | more than 4 years ago | (#31260832)

Bruce Willis and Justin Long in a good movie: http://en.wikipedia.org/wiki/Live_Free_or_Die_Hard

Whoever wrote the script must have done some research to make it look somewhat real.

Quick! (0)

Anonymous Coward | more than 4 years ago | (#31260850)

Attack them now! Before it's too late!

SysAdmins in Cyberwarfare put on black hats. (1)

wintercolby (1117427) | more than 4 years ago | (#31260874)

All of us that have been gainfully employed for being able to actually work in IT would become modern day partisans in any such event. It would be a rare opportunity to do our worst to other people's systems with the full knowledge of what has unintentionally brought us pain for years. That said, unlike common partisans we do think for ourselves. Many of us would need to be convinced that we were indeed on the side of what we consider good before we took an offensive approach.

AFAIK very few IT workers have decided that they needed to be part of any cyber warfare that could have coincided with the Iraq or Afganistan wars.

Re:SysAdmins in Cyberwarfare put on black hats. (1)

cenc (1310167) | more than 4 years ago | (#31261438)

As I recall many did jump on board for the post 911 hacking of the middle east for a while.

NEED MOAR MCSEs! (1)

newdsfornerds (899401) | more than 4 years ago | (#31260910)

There simply aren't enough Microsoft admins to manage the threat. We need a job corps project for MCSEs! This will keep us safe from Chinese haxorz.

Everyone loses (1)

FlyingBishop (1293238) | more than 4 years ago | (#31260916)

In a real cyber war, the international network chokepoints would be cut (probably brought down by the DDOS load) and the Internet as we know it would cease to be. You can't even guess what that would look like.

Just like now (0, Flamebait)

kondor6c (1278766) | more than 4 years ago | (#31260940)

As soon as we upgrade our ability to win a cyber war, people will be out on the streets protesting the de-arming of computers.

They have a point... (1)

d1r3lnd (1743112) | more than 4 years ago | (#31260952)

Too much of our "national cyber security" policy does seem to be FUDged together by people who don't know what they're talking about.

Of course we can't win a Cyber war (2, Interesting)

jd.schmidt (919212) | more than 4 years ago | (#31260958)

For the same reason we can't win a space war, we have the most to lose. The more systems you have dependent on an asset, the more vulnerable you become in that asset.

Note however, that doesn't mean you are in a weaker position, an asset is still an asset.

Convenience isn't just convenient, it is time saved you can use to do other things. We just need to start waking up to what is a security risk and what isn't. What we need to protect and what we don't and finally drills on what to do if the primary system fails.

Cut the cord (2, Insightful)

Nittle (1356899) | more than 4 years ago | (#31260998)

If an attack was serious enough, we could just start disengaging connections to outside the US, then start dealing with the aspects that were attacking from inside the borders. This is probably mostly government propaganda to make the US look weaker than it really is.

Always remember this in a cyber war (5, Funny)

Tetsujin (103070) | more than 4 years ago | (#31261012)

If you're captured by the enemy, there are just three pieces of information you are compelled to divulge: Age, Sex, and Location.

A comment in The Atlantic on cluelessness (5, Interesting)

Animats (122034) | more than 4 years ago | (#31261018)

I wrote this to The Atlantic, which is a "think piece" magazine read by some decision makers in Washington.

After seeing that show, I was struck by the cluelessness of the panelists. I don't expect them to understand how networks really work, but they didn't even understand the organizations involved. Key organizations in a crisis like that would be the North American Network Operators Group and the North American Electric Reliability Council, along with the US Computer Emergency Response Team. The participants didn't know that, and they didn't have staffers to tell them.

The panelists were obsessing over whether they had enough authority to do something, while totally lacking any idea of what to do.

There are a few reasonable steps they could have taken at their level.

  • First, after a physical attack on electric power facilities, get troops guarding key substations. The NERC would know where those are, and there should be a plan in place to do that.
  • Second, faced with an massive attack via "smart phones", ask network operators to temporarily disable 4G and 3G services while keeping voice up. That would cut traffic 90% and stop further infections. Cellular voice service would probably come back up.
  • Third, ask ISPs to temporarily block all HTML/MIME email, while allowing text email. That would stop most attacks against PCs and virus transmission. Yes, the FCC lacks the authority to order this. But if CERT and NANOG simply asked network operators to do that in an emergency, 99% would do it.
  • Fourth, activate the Emergency Broadcasting System, which uses AM radio, for a Presidential address. That will get through even if almost everything else is down.
  • Fifth, get FEMA cranked up to provide emergency services in areas with power outages. That's where people are going to die. Everything else is an economic problem.

Having taken the initial steps, the next priority is bringing the electrical grid back up. If substations were damaged, it may be necessary to move some very large transformers around, and possibly to import them from other countries. Military assets (i.e. big transport aircraft) should be made available to help with that.

In parallel with this, the intelligence community and DoD can work on who's behind the attack. But that's not going to be dealt with in the first hours. Don't obsess on hitting back.

Goes without saying... (3, Interesting)

Nethemas the Great (909900) | more than 4 years ago | (#31261020)

The US has been and will be stuck back in WWII thinking until it's too late. When you invest in war ships, tanks and fighter planes you have something "show" people. It's pretty hard to demonstrate what you got for the money when it comes to the security of intangible things. The installation of a firewall just doesn't make one go "oooh and ahhh" like the vaporized city and mushroom cloud from a 10 mega-ton ICBM. Even a security fence and a camera or two around a municipal water supply isn't very "impressive" compared to the demonstration of raw power an F-22 can unleash.

Worse still is when people do play "tickle-tickle" with our soft underbelly the response tends to be blowing up FedEx packages, taking off our shoes, having dogs sniff our crotch, and groping pregnant ladies.

Re:Goes without saying... (3, Insightful)

thedonger (1317951) | more than 4 years ago | (#31261096)

You are exactly correct: We'll never win a Cyber War unless we build a big, shiny Robot Army.

Re:Goes without saying... (1)

cenc (1310167) | more than 4 years ago | (#31261500)

a big fat EMP over the enemy sure would be cool however. Just hope that enemy is not next door to your house.

Power to the people (0)

Anonymous Coward | more than 4 years ago | (#31261022)

I'm guessing that there are many people in power that want an excuse to seperate the www and make seperate WAN'S. Seems like nobody is investing in secure networking for the masses for a reason... THEY WANT CONTROL BACK

Which country _would_ win? (2, Insightful)

spookymonster (238226) | more than 4 years ago | (#31261086)

Frankly, I feel the US is more prepared than most countries. Unfortunately, that still doesn't quite cut it.

I think the threat of indefensible counter-attack is going to make any government think twice about a full-on cyber-attack, taking the same role nuclear retaliation did during the Cold War.

Re:Which country _would_ win? (1)

yossarianuk (1402187) | more than 4 years ago | (#31261140)

The country with the lowest level of windows use would win (always)...

Re:Which country _would_ win? (1)

RedTeflon (1695836) | more than 4 years ago | (#31261380)

My windows firewall is up so I'm secure.

Easy solution (0)

Anonymous Coward | more than 4 years ago | (#31261166)

Avoid an digital communications war ("cyber"? There are no cybernetics involved). Don't connect government machines to public networks, and don't rely on public networks for communication.

US Senate Commerce, Science, and Transportation Co (0)

Anonymous Coward | more than 4 years ago | (#31261428)

How in the hell do Commerce, Science and Transportation concerns all belong on the same US Senate committee?!!

We hold national security exercises in hotels now? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31261430)

>"exercise that took place some six days ago at Washington's Mandarin Oriental Hotel"

Bullshit was it an exercise. It was a staged marketing promotion, nothing else.

Win at war? (1)

harris s newman (714436) | more than 4 years ago | (#31261456)

Tell me when someone, anyone, actually is a winner? War is a loose loose situation.

Bruce saw this coming. (1)

Ora*DBA (101576) | more than 4 years ago | (#31261474)

Live free or die hard!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...