Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Chertoff Advocates Cyber Cold War

timothy posted more than 3 years ago | from the sir-your-analogy-is-unbuttoned dept.

Security 115

Jack Spine writes "The US and allied countries should formulate a doctrine to apply the principles of nuclear deterrence to cyber attacks and cyber espionage, according to former US Homeland Security secretary Michael Chertoff. No matter that it's very difficult to attribute the source of cyber attacks — just take punitive action against the platform being used to attack, says Chertoff."

cancel ×

115 comments

Sorry! There are no comments related to the filter you selected.

Really (0)

Anonymous Coward | more than 3 years ago | (#33901362)

Don't you just love people who try too hard to justify their jobs?

Leak more cyber spy data (2, Interesting)

h00manist (800926) | more than 3 years ago | (#33901874)

I'm all for cyber espionage, especially if the data is leaked all over. Perhaps people would figure out how manipulated they are.

So! Skeletor Advocates Drinking of Human Blood? (3, Informative)

Jeremiah Cornelius (137) | more than 3 years ago | (#33903516)

No big surprise.

Chertoff was the head of DHS who hired Stasi officers - like Markus Wolf - to design plans fro a mandatory ID programme, like that used to control freedom of movement in the former East Germany.

"Chertoff is credited with authoring the Patriot Act, the 300-plus page blueprint for the modern National Security State; patterned to great extent on the successes of the KGB in the Soviet system. He's admired among his Bush cadres for making sure that government surveillance operates at maximum efficiency. Under his stewardship at the Dept of Justice, the 4th amendment has withered like summer grass. The long-held belief that citizens, have a right to a "reasonable expectation of privacy" has buckled under the demands of

"Big Brother" and the new "intrusive" security paradigm."

And: "Chertoff's record of failure at Justice is second only to that of Ashcroft. His 4 year tenure hasn't produced even one identifiable success. (Check out his "obstruction of justice" in the John Walker Lindh case on Democracy Now)

Instead, his personal ineptitude and his palpable contempt for the law have only showered more disgrace on the institution of American justice. That probably explains why he's being moved up the bureaucratic dog-pile to the top rung of Homeland Security. In Bush-world "failing upwards" is more commonplace than cowboy boots at a Crawford tent-show."

Falliing Upwards: The Rise of Michael Chertoff [counterpunch.org]

Before this? He was an Assistant Attorney General - who enabled Chiquita to escape prosecution for hiring private, right-wing death squads - to suppress fair-trade practices from emerging in the banana plantations of Colombia.

"Chiquita, [company officials told Chertoff], would have to pull out of the country if it could not continue to pay the violent right-wing group to secure its Colombian banana plantations. Chertoff...affirmed that the payments were illegal but said to wait for more feedback, according to five sources familiar with the meeting...Sources close to Chiquita say that Chertoff never did get back to the company or its lawyers. Neither did Larry D. Thompson, the deputy attorney general, whom Chiquita officials sought out after Chertoff left his job for a federal judgeship in June 2003. And Chiquita kept making payments for nearly another year."

Chertoff, Chiquita and Death Squads [counterpunch.org]

Now, this Mossad-tool wants to escalate the idea - absurd to those with a deep, functional knowledge of IP switched networking - of Cyber Cold War.

This is another part of the steady drumbeat to get a CCOIA type law passed - so the US gets its own "Great Firewall of China".

Chertoff DOES have a real enemy that he wants to damage in his cyberwar: the enemy is YOU.

Re:So! Skeletor Advocates Drinking of Human Blood? (1)

russotto (537200) | more than 3 years ago | (#33904378)

No big surprise.

Chertoff was the head of DHS who hired Stasi officers - like Markus Wolf - to design plans fro a mandatory ID programme, like that used to control freedom of movement in the former East Germany.

Obviously, he understood the purpose of the program and wanted to hire people with a record of success in implementing similar programs. The logic is unassailable, though the morality may be flawed.

Re:So! Skeletor Advocates Drinking of Human Blood? (3, Insightful)

mcgrew (92797) | more than 3 years ago | (#33907154)

the morality may be flawed.

"May be?" Saying the morality of this "may be flawed" is like saying my pet unicorn "may be flawed". There is no morality in it, period. It's completely immoral, plain and simple. The Stasi are evil, and so is Chertov. But it is logical to hire a man without morals to head an immoral agency that should never have existed in the first place.

Re:So! Skeletor Advocates Drinking of Human Blood? (1)

russotto (537200) | more than 3 years ago | (#33907226)

"May be?" Saying the morality of this "may be flawed" is like saying my pet unicorn "may be flawed".

Ironic [wikipedia.org] Understatement [wikipedia.org] . [urbandictionary.com]

Excellent idea (1)

Nethemas the Great (909900) | more than 3 years ago | (#33901378)

Then maybe they'll start using nuclear silo systems to attack other of our interests. Two birds with one stone eh?

Re:Excellent idea (3, Funny)

c0mpliant (1516433) | more than 3 years ago | (#33901754)

Its such a great idea. The first cold war was so successful, lets have another...

Re:Excellent idea (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33902266)

It was, for the US. It was the US outspending the USSR in military buildup that led to their destabilization and collapse. Mission accomplished. Sad thing is that is what the current world situation is doing to the US now.

Re:Excellent idea (2, Insightful)

TheCarp (96830) | more than 3 years ago | (#33902892)

The other sad thing is that we still haven't paid for it.

There is no way it was successfull for the US, it was a stupid and unnecessary pissing match from day one. An embarassment for the country. I am still against having a standing army. We have no need to have forces outside of our borders. Its a shameful waste.

-Steve

Re:Excellent idea (2, Interesting)

Anonymous Coward | more than 3 years ago | (#33903992)

The worst part about a standing army is that it creates two functional classes of citizens that do not share the same fundamental need.

Those that have signed their right of refusal over to the government should not be permitted to vote or participate in political events or debates until the right of self-determination is legally returned to them.

During their period of service they must be treated as exactly what they signed up to be - fleshbots for whoever comes to power during their tour.

Re:Excellent idea (1)

aekafan (1690920) | more than 3 years ago | (#33904490)

"Pissing match" is the least of it. Go watch the documentary "Trinity and Beyond: the atomic bomb movie". It was a bunch of power mad and power drunk farktards gambling with our lives and, arguably, the entire planet.

Re:Excellent idea (1)

Zeek40 (1017978) | more than 3 years ago | (#33907386)

We were paying for it just fine until Reagan came along and convinced the voting populace that taxation is theft and that defect spending is the wave of the future. Reagan's tax cuts (which have hung around much longer than the Red threat) are what sent this country spiraling into debt we haven't recovered from, not the cold war.

Re:Excellent idea (1)

aekafan (1690920) | more than 3 years ago | (#33904480)

That is until you realize that the total economic collapse we are currently in the first stages of was started at the end of that war. Oh, and the fact that we "won" the war by simply becoming just like them. Hell, these days the DHS and the NSA could teach the NKVD a few things about the finer points of establishing a police state.

Re:Excellent idea (1)

c0lo (1497653) | more than 3 years ago | (#33903902)

Its such a great idea. The first cold war was so successful, lets have another...

Not only that, but now there are some other specific differences to make this a piss-poor idea:

  • the other party can spend much less in provoking a disproportionate response - it is so cheap that even private initiatve can manifest (i.e. doesn't take that much to be a Dr No... Mhwa-ha-ha)
  • the response in itself may have impact on the responding party - network congestion, etc.. It's not like you send in a missile in open skies, you'd be using the same tubes to respond

Re:Excellent idea (0)

Anonymous Coward | more than 3 years ago | (#33905254)


"just take punitive action against the platform being used to attack"
(Michael Chertoff, former US Homeland Security secretary)

Great: let's take MICROSOFT Windows down for a start.

Act against technologies? (5, Insightful)

Bill Dimm (463823) | more than 3 years ago | (#33901384)

...nation states should be able to act against technologies in countries being used as a platform for attack...

So, nuke Redmond?

Re:Act against technologies? (3, Insightful)

HungryHobo (1314109) | more than 3 years ago | (#33903408)

Nah, someone will just root some of the US militarise own shitty, poorly patched windows NT boxes and use them as a platform for attack.

The US military will then MAD it's own network into the ground to show them who's boss.

Or even better.

If I want to take down some website, I don't have to do the hard work any more.
Just find any insecure app or server in the same server farm and use it to launch some trivial attack against the US government.
The US government then does my attack for me, DDoSing or blackholeing the entire datacentre and my target.

I've heard enough silly ideas over the years for systems of actively attacking machines which attack a network, sometimes in an automated fashion.
Most automated ones are trivially subverted to use against third parties and the non-automated ones depend on the people in charge being able to find their arse with both hands... unfortunately it's the military.

Re:Act against technologies? (1)

mrogers (85392) | more than 3 years ago | (#33906076)

If I want to take down some government, I don't have to do the hard work any more.
Just find any insecure organisation in the same country and use it to launch some trivial attack against the US government.
The US government then does my attack for me, bombing the entire country and my target.

You have a bright future at the CIA. ;-)

Re:Act against technologies? (1)

Infernal Device (865066) | more than 3 years ago | (#33903558)

...nation states should be able to act against technologies in countries being used as a platform for attack...

So, nuke Redmond?

Don't let them escape beforehand, either.

I don't necessarily see a problem (2, Interesting)

drinkypoo (153816) | more than 3 years ago | (#33901440)

So long as they don't respond to a DDoS with one of their own, but with a targeted attack designed to silence the particular nodes in question, then it's probably a good thing. It's not like it's not possible to keep logs to see if these guys are operating outside their mandate.

As a former BOFH... (1)

FatSean (18753) | more than 3 years ago | (#33901540)

I say that anyone who's system is being used for DDoS attacks can't complain about such treatment. They should have secured their systems.

Re:As a former BOFH... (0)

Anonymous Coward | more than 3 years ago | (#33904134)

I say that anyone who's system is being used for DDoS attacks can't complain about such treatment. They should have secured their systems.

Anecdotal, I know, but here goes:

My s.o. recently had her bank account compromised. I gathered information about the issue which included a problem with the bank's website (she was redirected from a supposedly secure session at the bank site to the attack site) and sent the details along for her meeting with the bank rep.

She couldn't even get the bank rep to take the information to pass along up the chain. She kept being told that she was overreacting, that the rep eats and breathes fraud, it happens thousands of times a day, it is nothing to be upset about, and that a couple of small fraudulent charges weren't going to be enough for anyone to take up the chain.

Over the course of the next three days my lady had four phone conversations with fraud specialists and another trip to the branch finally to close her account because in all that time not one person would take her seriously despite the fact that she had information that could be verified by opening a browser and logging into the bank's site.

The kicker was that the last fraud specialist that she spoke with asked her to explain why all the previous people she had spoken with had not offered to place a watch on the account, and why the new account she had opened in an attempt the get the bulk of her money safe had been linked to the compromised card that was supposed to be deactivated. The answer was that she thought a watch had been put on the account and there was no way in hell the new account was supposed to be linked to a card that was being actively exploited.

The rep did suggest A.V. protection but the conversation died when my s.o. informed her she was using Linux.

There is no way in hell you can expect an average citizen to understand that they need to change their behavior when people in authority positions are telling them that everything is okay, it happens to everyone, install Norton.

Like it or not, hackers and missionaries are the only ones that have a chance of getting this point across to people. The powers that be won't care until they finally see their gravy train ending and that could still be a ways off.

Anyhow, the issue was anonymously reported through other channels and has hopefully been resolved.

Re:I don't necessarily see a problem (2, Interesting)

Nethemas the Great (909900) | more than 3 years ago | (#33901606)

The trouble is he's suggesting that they apply the MAD principle to this problem. That certainly doesn't sound like a simple kill the zombie node thing.

Re:I don't necessarily see a problem (2, Insightful)

postbigbang (761081) | more than 3 years ago | (#33902336)

You're right. An eye for an eye, a tooth for a tooth, and soon you need seeing-eye dogs and dentures.

With two million botted machines in the US alone (a conservative estimate), you could piss off a lot of homies, too. I don't think Chartoff realizes just how many pawns there are, ready to march, and give him a bad day. That we don't consider those pawns as attackers-in-waiting is a fool's blindness.

False flags abound (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33901510)

Soon even the smallest of countries can wield the destructive force of a superpower: Just make it look like your opponent attacked the USA and the USA will do your dirty work.

Re:False flags abound (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33901688)

And that'd be different from the current situation... how?

For once, this is a proposal from the security theater industry that isn't batshit insane. You DDOS us, we null-route the offending nodes, or we politely ask whoever supplies your country with connectivity to do it on our behalf. You DDOS an airline reservation system, stranding millions, and we null-route your country until its uncooperative ISPs learn to play nice. You DDOS an air traffic control system so hard that you actually start killing people, and we not only null-route the country until the dust settles, but we also reserve the right to shut down the offending data center with a LART, presumably in the form of an earth-penetrating mallet. (And we expect that you will do the same to us, if our roles are reversed.)

The present situation is that we run around like chickens with our heads cut off, make vague fearmongering sounds about "what if", and apply for increased funding. That'll happen too, but at least this way there'll be some ground rules as to what sort of retaliation is permissible. Go ahead and spy on us (if we catch you, we'll block you). Try to poke at us (but don't do much damage) and we'll get annoyed. Break our toys, and we'll break your toys. Do collateral damage, and the gloves come off.

Re:False flags abound (4, Interesting)

DarkOx (621550) | more than 3 years ago | (#33901972)

The problem is collateral damage. What is more likely the nation of Elbonia is attacking the United States by DOSing an airport reservation system? or a competing airline hired some crackers to harm the competition, and those crackers have rooted some machines at the national ISP of Elbonia, that they do it with?

So we respond by routing the entire nation via 127.0.0.1, which is great in that it solves the problem but it probably denies all sorts of services to innocent people, and I am not talking about Mohamed's Netflix subscription, what about that X-Ray the surgeons there wanted a consult on, and the nations telephone system which is IP based at least for international calls. Oh and hey the assembly plant GM is trying to operate there, etc etc. All this is going to do is make small problems big ones.

Re:False flags abound (3, Interesting)

Grave (8234) | more than 3 years ago | (#33903216)

Perhaps. The operating theory here, I think, is that at some point, a government will stop doing such idiotic things as cyber warfare because the costs are too high. Just like the threat of economic sanctions.

Part of the problem, however, is that for all the "control" we might have over the internet, it's a global network that by design can't just be turned off like that. Personally, I think that good old fashioned, "Oh, you shutdown our air traffic control system? Here, we'll shut down your airspace by destroying anything that gets more than five feet off the ground." is more effective. Excessive? You bet. That's the whole bloody point of MAD. Cyberwarfare cannot be part of a MAD policy unless you are prepared to destroy the physical connections.

Frankly, this proposal sounds like someone doesn't understand how this works. Countries like China really don't give a hoot if you block them from the internet - they'll find a way around whatever blocks you put in place, and crush (literally) anyone who internally dissents against their policies. Most of the general public has no idea this is happening. Perhaps a better solution would be raising a stink in a very public fashion at the UN, getting an international treaty in place, and *then* make it your official policy to react to cyber attacks with real, physical attacks. Otherwise, this is going to just keep happening with no real danger of reprisal that means anything to most of the countries engaged in this. Meanwhile, those nations that aren't actively trying to break things (merely spy, which is quite different) are going to get hit worse and worse with public sector damage.

Re:False flags abound (1)

russotto (537200) | more than 3 years ago | (#33904352)

Part of the problem, however, is that for all the "control" we might have over the internet, it's a global network that by design can't just be turned off like that. Personally, I think that good old fashioned, "Oh, you shutdown our air traffic control system? Here, we'll shut down your airspace by destroying anything that gets more than five feet off the ground." is more effective. Excessive? You bet. That's the whole bloody point of MAD. Cyberwarfare cannot be part of a MAD policy unless you are prepared to destroy the physical connections.

MAD isn't going to work with cyberwarfare, because it was mutual assured DESTRUCTION. Not "you shut down our air traffic control system and we shut down your airspace" but "You attack us and we turn you into radioactive dust, knowing full well you'll do the same to us". There's no cyberwarfare equivalent.

Aggressively taking down botnets, even if it means collateral damage to the compromised machines, is a good idea IMO. But it's not MAD.

Re:False flags abound (1)

IBBoard (1128019) | more than 3 years ago | (#33905474)

The operating theory here, I think, is that at some point, a government will stop doing such idiotic things as cyber warfare because the costs are too high.

Did I miss something? AFAIK the costs of nuclear MAD are in the "somewhat high" category, yet no-one has yet gone "you know what, we'll get rid of them all because it just isn't worth it - it'll all go wrong, no-one wins and it is an expense we just can't manage".

If you meant the financial cost of daily ops and overheads, who said it even needed to be official? Various nations have nationalist zealots who take the slightest hint from the government as an excuse to launch their own attack. The government has complete denial, as they didn't order it, but they still get their objectives. Even better if the attacks are launched from foreign third-party nations as it'll be them who gets 'cyber-nuked' in return.

It's much easier to launch cyber attacks through a third-party than it is to do it physically without people noticing.

Re:False flags abound (0)

Anonymous Coward | more than 3 years ago | (#33905736)

Governments are no longer the players in global politics. Powerful individuals wield far more power through manipulating business, government, and black market means and this is truer nowhere else than the internet. A system like this allows any script kiddie kid to shutdown nations, continents, the world (if its an automated system this is entirely possible), by botting computers in various countries. You penalize governments and innocent civilizans for the actions of nefarious individuals who are probably the only people who still have internet connections when all is said and done.

This system is absolutely absurd, you cannot go null-routing or DDoS'ing nations or even nodes, or you make yourself prone to far more dangerous attacks than the ones you intended to prevent. The only people who wont be penalized by this exploit are the very people you are trying to prevent. Here is my attempt at a metaphor:

You are the king of Sparta. A man rides up and waves a bunch of skulls at you, you realize this man is Numidian, you kick this man down a well - and immediately load all the Spartans onto a boat - sail across the med - hike across Egypt - and rape Numidia. Meanwhile Xerxes conquers an undefended Greece. You lose. Numidia is very dead and confused. The only person who benefits is Xerxes, the person who actually threatened you in the first place.

Re:False flags abound (0)

Anonymous Coward | more than 3 years ago | (#33904414)

It will make them big problems with solutions much easier to implement.

Re:False flags abound (1)

Jesus_666 (702802) | more than 3 years ago | (#33903040)

In other terms all I need to do to block all data traffic between the United States and any country I wish is to have a botnet in that country and have it DDOS a high-profile US site? Yeah, that sounds awesome.

Unless of course all ISPs in that country will submit to whatever the American government says based on the promise that American ISPs will cater to every whim of every foreign government. Well, every whim that involves shutting down arbitrary network nodes.

...Why do I get the feeling that no sane government would ever keep that kind of promise?

Re:False flags abound (0)

Anonymous Coward | more than 3 years ago | (#33903502)

As in statecraft and statecraft by other means (the army), a country has gotta do what a country has gotta do.............

Re:False flags abound (1)

Rik Rohl (1399705) | more than 3 years ago | (#33903724)

You sign on to ACTA or we'll say you DDOSed an airline reservation system and null-route your entire country until you do.

Re:False flags abound (1)

c0lo (1497653) | more than 3 years ago | (#33904132)

And that'd be different from the current situation... how?

For once, this is a proposal from the security theater industry that isn't batshit insane. You DDOS us, we null-route the offending nodes, or we politely ask whoever supplies your country with connectivity to do it on our behalf. ....

Dr Julius No here: I'm about to set up a botnet. Once I'm done I'll send a command to all the zombies in US to DDoS and I'll shut down my command center. Good luck, America, in null-routing in your own network and/or sending LART-s on your own soil (crazy laugh).

Re:False flags abound (1)

sempir (1916194) | more than 3 years ago | (#33905266)

So...do you think I should get all my porn watching done now while I can? I'm 70 years old so have to get my priorities right.

Stupid, stupid, stupid. (1, Insightful)

Darkness404 (1287218) | more than 3 years ago | (#33901520)

This is all incredibly stupid. First off, we should never have a "cyber cold war" because we shouldn't put our fucking important infrastructure on the internet! If it could harm human lives if it goes down and there isn't a non-networked backup that can be used at a millisecond's notice, it shouldn't be on the internet.

If you've spent 2.3 billion to construct another power plant and you are too lazy to actually staff it, something tells me an extra $150,000 to run dedicated lines from it to your main office is just a drop in the bucket.

If we can lay a direct telephone line between Washington DC and Moscow to prevent a nuclear war, something tells me we can afford to lay some cable 10 miles to prevent some "cyber cold war"

Re:Stupid, stupid, stupid. (1)

deapbluesea (1842210) | more than 3 years ago | (#33903052)

If we can lay a direct telephone line between Washington DC and Moscow to prevent a nuclear war, something tells me we can afford to lay some cable 10 miles to prevent some "cyber cold war"

The /. "air gap" theory is crap. I don't think you appreciate the complexity of the problem. Critical systems aren't just SCADA systems. What about financial transactions? Should we have a separate banker's internet that contains all redundant equipment? How about DoD unclassified? For that matter, what about systems that are secured, but utilize existing routers, lines, etc because it would cost millions to build an entirely separate transcontinental backbone just to keep the infrastructure separate?

You can't build hundreds of copies of the internet to protect infrastructure that has to be connected. Think about how many "air gapped" networks would be needed: air traffic control, electric grid, train routing systems, defense, government, medical, financial. Each of these is critical infrastructure that requires communication with nodes hundreds or thousands of miles apart. If we put all of it on its own separate network, you'll have so many points of access that you're still vulnerable. You could utilize VPNs to create secure point to point comms, but that leaves you vulnerable to routing attacks, DDoS (inasmuch as the traffic alone will grind your VPN to a halt), and of course all of these examples are multipoint to multipoint topologies.

I don't know of a grand solution yet, but I can promise you that building many copies of the internet infrastructure is too costly and simply won't happen.

not hundreds, just one (0)

Anonymous Coward | more than 3 years ago | (#33903190)

While a dedicated, 'securer', privacy free parallel internet would not be invulnerable, it might reach a balance between security and cost. A police state parallel internet would be a good thing for the more secure stuff that needs to communicate.

Re:Stupid, stupid, stupid. (0)

Anonymous Coward | more than 3 years ago | (#33904328)

For larger banks, financial transactions absolutely DO use dedicated lines. And the other examples such as air traffic control etc should be directly controlled by a human on-site. There's absolutely no need whatsoever to have public infrastructure connected to the internet short, of saving a small amount of money on maintenance. And similarly, any sensitive government data should be retrieved and released by a human, as opposed to leaving a sensitive database directly connected to the internet. Life existed before the internet, and we don't need every single piece of national infrastructure hooked up to a 10-year-old internet-connected windows box running IE6.

Re:Stupid, stupid, stupid. (1)

deapbluesea (1842210) | more than 3 years ago | (#33905036)

For larger banks, financial transactions absolutely DO use dedicated lines.

But not for all transactions. Also not true for many stock brokers, traders, etc.

air traffic control etc should be directly controlled by a human on-site.

ATC consists of a nationwide network of radar sites that share data across the network. Controllers are responsible for a large region [wikipedia.org] , and flights have to be handed off from one region to another. It used to be that all of this was done via proprietary radio and terrestial links, but the FAA found out it was much cheaper to use existing internet connectivity.

There's absolutely no need whatsoever to have public infrastructure connected to the internet short, of saving a small amount of money on maintenance.

I don't have the numbers available for this, but long-haul network maintenance is anything but small potatoes.

And similarly, any sensitive government data should be retrieved and released by a human, as opposed to leaving a sensitive database directly connected to the internet.

There are varying levels of "sensitive". Classified information most certainly is not accessible from the internet. For Official Use Only information is on a network that is connected to the internet, but is not directly accessible without credentials. Either way though, if you're going to have a human going through the database and retrieving items as needed, you may as well go back to card catalogues and microfiche. Currently business operations require multiple systems to have access to data from another system in near real-time. If you get rid of that, you go back to the days of WWII where requisitions took weeks, orders were hand carried, and battles were planned and carried out in very small regions of control. It would not be possible to carry on your typical modern day warfare without these automated systems, and yes, many of them use TCP/IP equipment to route information. To move to a separate network would entail on the order of $100M+ easily, and would probably go into the B numbers.

Life existed before the internet, and we don't need every single piece of national infrastructure hooked up to a 10-year-old internet-connected windows box running IE6

I'll give you the MS bash, and agree that things need to be updated, but life before the internet was slower, less reliable, and more expensive to do less than we do now. So the choice is either figure out how to harden against attack on the existing infrastructure, build an entirely new infrastructure at enormous cost, or reverse direction by about 20 years. I for one opt for dealing with the problems we have without incurring massive new expense

Re:Stupid, stupid, stupid. (1)

tehcyder (746570) | more than 3 years ago | (#33905918)

I seriously doubt that things like nuclear power stations are connected to the public internet.

shooting the messenger (4, Insightful)

Speare (84249) | more than 3 years ago | (#33901530)

Just take punitive action against the platform being used to attack, says Chertoff.

Just like we took punitive action against Logan Airport and United Airlines for 9/11? Oh, right.

When "our adversary" uses the likes of Google or Akamai or British Telecom against us in a cyberattack, we're going to return fire on those platforms?

Hey, I'm putting a scheme together about the RIAA...

Re:shooting the messenger (1)

DarkOx (621550) | more than 3 years ago | (#33901824)

Given the D- and F grades our government usually gets for security its more likely the platform used to attack will have a .gov or .mil extension; and hey the terrorists might figure gee if we look to rooting those boxes we might get some collateral damage from friendly fire.

Seriously I thought this whole retaliatory stuff got dropped by the computer security professions years ago once they realized that to be effective the systems would mostly need to be automatic because whatever you do is time critical, and if we have automated systems attacking each other the feedback is going to almost always just make the trouble worse.

When it comes to traditional killing people and breaking things; I am can be a believer in the old "the best defense is a good offense" arguments. We are talking about IT systems here though, if things get really bad although it might be inconvenient and expensive it should be possible to just turn them off or pull the network cable. If its not possible because that box controls the Reactor well that is a problem, and the problem is it should not have been "online" in the first place.

If they do this all that is going to happen amplification.

A is attacked by B, who has been unknowingly rooted, B sees the counter attack for A as and attack and retaliates against A with a second attack; or worse A decides to be cleaver and counter attack B via C, who now thinks they need to attack B. So rather than one small corner of the Internet A down we have potentially B,C down as well. Where B and C might even be our political allies; only adding to the panic, and cost.

Re:shooting the messenger (1)

Lord Ender (156273) | more than 3 years ago | (#33902328)

Well, we certainly considered taking action against the specific airliners being used by the attackers. If a certain IP is being used by an attacker, why not null-route it where possible, or DoS it where not possible? It sounds like an easier decision than shooting down a hijacked passenger plane.

One would hope that there are some checks and balances in the process to reduce the chances of abuse by authorities, of course.

"Cyber" (4, Insightful)

Dystopian Rebel (714995) | more than 3 years ago | (#33901578)

"Cyber" is the vague sort of word that Government Management uses in an attempt to sound technologically astute. As soon as you hear a phrase such as "cyber war", you know you are dealing with a management automaton paddling beyond its depth.

It's interesting to note that this term is a back-formation made from "cybernetics":
"From Greek kubernts, governor, from kubernn, to govern."

Makes it sound as though this is another war that being invented by the government to spend the people's money to take the people's freedom away.

Of course it is. (4, Insightful)

Anonymous Coward | more than 3 years ago | (#33902010)

Terrorism is only scary to people who shouldn't have been let past the third grade. Even irrational people understand their risk of death by terrorism is pretty much nil, compared to say their risk of horrible death involving decapitation and other hilarious ends while driving.

"Cybersecurity", though?

Computers are strange, wondrous magic boxes for the vast majority of the population. Even for the supposed tech whiz 'next generation'. Oh, sure, kids these days understand Twitter. They sure as hell don't understand TCP/IP. What better platform, then, to force Americans to do what we do best? Wet our pants in baseless fear and beg our government to strip us of our freedom.

OH NOES OSAMA IS WHISTLIN' INTO A PHONE AND LAUNCHING NOOKS FROM SATELLITES! :O SAVE ME, GOVERNMENT!

*sigh*

Re:Of course it is. (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33906388)

I've met perfectly well-educated people who think that the new rules for liquids on airliners are a great enhancement of their safety. There are lots of brilliant people who can't do arithmetic.

Re:"Cyber" (1)

sharkbiter (266775) | more than 3 years ago | (#33904746)

Pardon my humor:

General "Buck" Turgidson: Mr. President, we must not allow a mineshaft gap!

Replace "mineshaft" with "cyber". Violla! A new cold war with lots of funding! Such a deal!

Re:"Cyber" (1)

mrogers (85392) | more than 3 years ago | (#33906150)

"Cyber" has had an interesting history [slideshare.net] - from military research in 1948 (Norbert Weiner coined "cybernetics" while working on anti-aircraft guns), to 1980s science fiction, to 1990s business buzzword, to military strategy [slashdot.org] in 2010. Which raises the question, can military planners only understand their own technology through the lens of science fiction?

DHS will save us from cyber terrorists! (2, Interesting)

BadAnalogyGuy (945258) | more than 3 years ago | (#33901588)

Maybe we should all take our shoes off for inspection before we get online. Or make us wait in an unguarded corral area for half an hour before we can enter the secured area. Or randomly pull users aside for full system scans. Or force users to their own drink breast milk before logging in.

I sure as hell don't want them "attacking" computers online.

Re:DHS will save us from cyber terrorists! (1)

ushering05401 (1086795) | more than 3 years ago | (#33904188)

I always take my shoes off when I get online - penny loafers look funny when you aren't wearing any pants.

Now where is that post anonymously button... Hold on, should be on the submit page.

corepirate nazi freemasons destroy everything (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33901602)

& ask no questions, because they believe they already know all the answers, which always results in destruction of other folks' property, which is what they claim to be preventing. they reek of fear/loathing for any life/thought other than their own. their open fear/hatred of gay people is definitive as to how they think about most of US (monkeys).

the corepirate nazi holycost (life, liberty etc...) is increasing by the minute.

you call this 'weather'?

continue to add immeasurable amounts of MISinformation, rhetoric & fluff, & there you have IT? that's US? thou shalt not... oh forget it. fake weather (censored?), fake money, fake god(s), what's next? seeing as we (have been told that) came from monkeys, the only possible clue we would have to anything being out of order, we would get from the weather. that, & all the other monkeys tipping over/exploding around US.
the search continues;
google.com/search?hl=en&source=hp&q=weather+manipulation

google.com/search?hl=en&source=hp&q=bush+cheney+wolfowitz+rumsfeld+wmd+oil+freemason+blair+obama+weather+authors

meanwhile (as it may take a while longer to finish wrecking this place); the corepirate nazi illuminati (remember, (we have been told) we came from monkeys, & 'they' believe they DIDN'T), continues to demand that we learn to live on less/nothing while they continue to consume/waste/destroy immeasurable amounts of stuff/life, & feast on nubile virgins while worshipping themselves (& evile in general (baal to be exact)). they're always hunting that patch of red on almost everyones' neck. if they cannot find yours (greed, fear ego etc...) then you can go starve. that's their (slippery/slimy) 'platform' now. see also: http://en.wikipedia.org/wiki/Antisocial_personality_disorder

never a better time to consult with/trust in our creators. the lights are coming up rapidly all over now. see you there?

greed, fear & ego (in any order) are unprecedented evile's primary weapons. those, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' life0cidal hired goons' agenda. most of our dwindling resources are being squandered on the 'wars', & continuation of the billionerrors stock markup FraUD/pyramid schemes. nobody ever mentions the real long term costs of those debacles in both life & any notion of prosperity for us, or our children. not to mention the abuse of the consciences of those of us who still have one, & the terminal damage to our atmosphere/planet (see also: manufactured 'weather', hot etc...). see you on the other side of it? the lights are coming up all over now. the fairytail is winding down now. let your conscience be your guide. you can be more helpful than you might have imagined. we now have some choices. meanwhile; don't forget to get a little more oxygen on your brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

"The current rate of extinction is around 10 to 100 times the usual background level, and has been elevated above the background level since the Pleistocene. The current extinction rate is more rapid than in any other extinction event in earth history, and 50% of species could be extinct by the end of this century. While the role of humans is unclear in the longer-term extinction pattern, it is clear that factors such as deforestation, habitat destruction, hunting, the introduction of non-native species, pollution and climate change have reduced biodiversity profoundly.' (wiki)

"I think the bottom line is, what kind of a world do you want to leave for your children," Andrew Smith, a professor in the Arizona State University School of Life Sciences, said in a telephone interview. "How impoverished we would be if we lost 25 percent of the world's mammals," said Smith, one of more than 100 co-authors of the report. "Within our lifetime hundreds of species could be lost as a result of our own actions, a frightening sign of what is happening to the ecosystems where they live," added Julia Marton-Lefevre, IUCN director general. "We must now set clear targets for the future to reverse this trend to ensure that our enduring legacy is not to wipe out many of our closest relatives."--

"The wealth of the universe is for me. Every thing is explicable and practical for me .... I am defeated all the time; yet to victory I am born." --emerson

no need to confuse 'religion' with being a spiritual being. our soul purpose here is to care for one another. failing that, we're simply passing through (excess baggage) being distracted/consumed by the guaranteed to fail illusionary trappings of man'kind'. & recently (about 10,000 years ago) it was determined that hoarding & excess by a few, resulted in negative consequences for all.

consult with/trust in your creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

all the manuals say we're not to kill each other, & we're mandated to care for/about one another, before any other notion will succeed. one does not need to agree whois 'in charge' to grasp the possibility that there may be some assistance available to us, including from each other. there's also the question of frequent extreme 'distractions' preventing us from following the simple 'directions' we were given, along with everything we needed to accomplish our task. see you there?
boeing, boeing, gone.

monkeys deny being related to man'kind' (0)

Anonymous Coward | more than 3 years ago | (#33901752)

the monkeys indicated that any relatives of theirs would never behave (inhumanely) the way that we (?humans?) do.

Re:corepirate nazi freemasons destroy everything (0)

Anonymous Coward | more than 3 years ago | (#33901878)

Wow. Is this the timecube guy?

who is jack spine? (1)

MichaelKristopeit 86 (1921174) | more than 3 years ago | (#33901662)

jack spine writes; the US and allied countries should....

jack spine should realize he is NOTHING

Re:who is jack spine? (1)

sempir (1916194) | more than 3 years ago | (#33905294)

Jack Spine is Mrs Spines big boy!!! How come he's nothing?

Internet don't work like that. (2, Insightful)

Tei (520358) | more than 3 years ago | (#33901670)

Anyone can fake the origin of a attack, so the basic rule about this is: never attack the attackers. If you do this, you can be used as a means to attack others!.. like your cpu power be used as part of a DDoS against a third party.

Internet just don't work like that.

Re:Internet don't work like that. (2, Informative)

Xtifr (1323) | more than 3 years ago | (#33902498)

Indeed, it's like he's never heard the term Joe Job [wikipedia.org] .

Re:Internet don't work like that. (0)

Anonymous Coward | more than 3 years ago | (#33904324)

I went doodeelitydoodeelydoodoo and he don't like that!

Ahahahah! Fools! (5, Insightful)

gweihir (88907) | more than 3 years ago | (#33901718)

Seems to me these people still do not understand the threat. This is not warfare. It is vandalism, petty theft, corporate espionage and maybe some extortion. You cannot fight crime of this sort with a cold-war strategy. Several reasons:

  • It is hard to identify the enemy, and when you do it will often be single individuals and very small organizations
  • The enemy is not afraid of counterattacks, since it does not have a similar infrastructure
  • The enemy is often hiding behind stolen identities (for example hacked servers), so the risk of hitting the wrong target is very, very high
  • This conflict is hugely asymmetrical in that the attacker has very low costs and the counterattacker has very high cost
  • Different from the cold war, it is not two huge organizations against each other, but large organizations against a huge number of individuals

This strikes me as basically an over-aggressive, "bully"-type strategy by people that like to employ violence, but are not very bright. It is doomed to fail from the onset. The situation is a bit similar to the "war on terror", but more like a "war on (petty) Internet crime". Fighting crime with military means has never worked and will never work. The way to fight crime is by I) better securing your property (but especially the government and military seems to be hugely incompetent in that area) and II) standard police work. The added complication is that this is an international problem, something the US is notoriously bad at tackling, since they do not understand the rest of the world at all. But bombing shoplifters is not something that is going to work, ever, and even not very bright people should be able to understand that.

Re:Ahahahah! Fools! (death by irony?) (1)

Paul Fernhout (109597) | more than 3 years ago | (#33901918)

Not only is it doomed to fail, it is ironic, too: http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html [pdfernhout.net]

As I wrote on that page: "There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all. So, while in the past, we had "nothing to fear but fear itself", the thing to fear these days is ironcially ... irony. :-) "

Re:Ahahahah! Fools! (3, Interesting)

cheesybagel (670288) | more than 3 years ago | (#33901994)

Just like vandalism, one way to deter it is to make it easier to reverse the damage, than to cause it in the first place. These are computers we are talking about here. If the problem is software based, filter the attacker, use versioned filesystems and revert the changes.

Re:Ahahahah! Fools! (0)

Anonymous Coward | more than 3 years ago | (#33903968)

Not just similar to vandalism - all five points apply equally to fighting terrorism. Interesting problem.

Re:Ahahahah! Fools! (0)

Anonymous Coward | more than 3 years ago | (#33904760)

Okay... I'm seeing a hell of a lot of good points being brought up here. As a person who uses Linux thanks to the grace of untold forum posts, I don't really feel I'm in a position to comment to 'leadership' regarding the futility of such a strategy. What I've read so far, parent included, tells me there's some knowledgable folks here with the mental agility to make the words look nice. Perhaps some sort of 'write your elected morons' campaign with some knowledgable people spearheading it.
The folks in office making these apparently uninformed descisions are probably all in the same boat as far as expertise and this idea seems to make sense until I think about it. We should just let 'em know what's up, and help them make a better descision.
-J.M.-

Reassuring (0)

Anonymous Coward | more than 3 years ago | (#33901740)

I'm just thankful that our DHS chief is so self-confident he feels comfortable publicising his ignorance/incompetence at his position. Yes: let's use economic sanctions/diplomatic saber rattling against random third world countries based on the originating IP address of whatever botnet is currently being used to pester our computer networks. THAT won't be abused. I'm sure China won't start concentrating their DDoS attacks exclusively from infected terminals with a Tibet IP block.

Yep, that'll work (1)

Haedrian (1676506) | more than 3 years ago | (#33901742)

Deterrent through force of arms never worked.

That was the solution to the balance of power pre-WW1 if anyone remembers a bit of history. We all saw how that ended up.

Meh, basing the entire future of the internet on "Go on, do it, I dare you" will not end well for anyone. I can already see an RIAA/MPAA sponsored 'attack' taking down most of the internet (and them meddlin` filesharers!) for a few weeks.

Re:Yep, that'll work (0, Troll)

sexconker (1179573) | more than 3 years ago | (#33902036)

Deterrent through force of arms never worked.

That was the solution to the balance of power pre-WW1 if anyone remembers a bit of history. We all saw how that ended up.

Meh, basing the entire future of the internet on "Go on, do it, I dare you" will not end well for anyone. I can already see an RIAA/MPAA sponsored 'attack' taking down most of the internet (and them meddlin` filesharers!) for a few weeks.

I like how you ignore the 60+ years after WWII.
MAD absolutely does work. There have been dozens of near world-ending situations where fingers were literally on the actual buttons to send nuclear weapons at other countries.

It doesn't matter what got us into those situations (political turmoil, technical glitches), it was MAD that prevented us from pushing the button.

Re:Yep, that'll work (1)

tenco (773732) | more than 3 years ago | (#33903444)

I like how you ignore the 60+ years after WWII. MAD absolutely does work. There have been dozens of near world-ending situations where fingers were literally on the actual buttons to send nuclear weapons at other countries.

It doesn't matter what got us into those situations (political turmoil, technical glitches), it was MAD that prevented us from pushing the button.

Oh, really? [wikipedia.org]

Re:Yep, that'll work (1)

Haedrian (1676506) | more than 3 years ago | (#33905976)

It was also MAD that resulted in quite a few near-misses which almost resulted in the end of the world.

This is a declaration of war (1)

moxsam (917470) | more than 3 years ago | (#33901800)

against us.

Frame somebody!!! (1)

Jaime2 (824950) | more than 3 years ago | (#33901802)

The newest terrorist tactic will be to simply compromise one system at a sensitive US installation and use it to attack DHS. It saves a step. Before this, you'd not only have to get access to the device, but you'd also have to know how to break it. Now step 2 is automated. You can also escalate the attack. If you have only unpriveledged access, but can send outgoing packets, you can now take it out.

why the US uses smart bombs instead of nukes (3, Insightful)

khallow (566160) | more than 3 years ago | (#33901810)

While I'm sympathetic to Chertoff's views, the problem remains that the tools he suggests are both too blunt for the purpose and may actually reveal important, low risk information for the adversary. As the title suggests, the US has a many decades history, since the Second World War, of using progressively more selected and targeted means of killing people. There are two reasons for this. A more focused weapon inflicts more damage on the intended recipients and less damage on third parties. However, to be used effectively, you need to have intelligence on your foes and sufficient control of the weapon so that it hits what you want it to hit.

For example, in the absence of any intelligence, other than that "bad guy" insurgents are hiding in a certain city, then a nuclear bomb would be more effective than a smart bomb for causing harm to the enemy. The drawbacks of such a brutal and lazy strategy are pretty obvious, from huge loss of innocent life to the possibility that most of the bad guys survive the nuclear attack (maybe they're in a bunker or spread out so that a nuclear burst takes out only a few at a time). A smart bomb would be useless, a bad guy is more likely to die from traffic accidents.

OTOH, intelligence on where exactly the "bad guys" are leads to the smart bomb being much more effective. A smart bomb delivered right to the basement is more effective than a nuclear bomb blindly lofted a dozen miles away.

That sums up what I see as the first problem with Chertoff's proposals. Since the force is not focused nor based on decent intelligence, it doesn't harm the foe and harms innocents instead.

Second, unfocused harm has the tendency to warn the enemy that you know something before you get a chance to significant damage to them. A worst case here would be a rigid retaliation procedure that a foe could use to map out the sensitivity of your defenses and deliberately trigger unpopular retaliation attacks on innocent targets.

As it stands, there apparently is a large scale, systematic looting of US (and developed world) knowledge by unknown parties (often thought to be the Chinese government or Russian underworld). There should be a price paid for trying to steal millions or billions of dollars of information. I think that Chertoff's suggested approach is a losing strategy that doesn't help the US mitigate the loss from such activities.

Re:why the US uses smart bombs instead of nukes (1)

sempir (1916194) | more than 3 years ago | (#33905338)

If you know where the "bad guys" are then Smart Traffic Accidents are the answer, no tail backs to follow eg: jeezuz ...where did that come from?

not necessarily uneducated (0)

Anonymous Coward | more than 3 years ago | (#33901822)

Although wannabe gangsta advice from career pencil pushers usually end up getting you beat up much like they themselves were back in highschool.

Bad joke ... (1)

LoudMusic (199347) | more than 3 years ago | (#33901836)

Anyone with the name "shirt off" doesn't need to be commenting on the use of the internet.

Re:Bad joke ... (0)

Anonymous Coward | more than 3 years ago | (#33902858)

The surname translates from Russian as "from EVIL" literally.

Why not just unplug the router? (1)

thegarbz (1787294) | more than 3 years ago | (#33901854)

Nuclear deterrence actually makes sense in the world of war where there is no physical possibility of being 100% certain to prevent an enemy from entering a state armed to the teeth, or sending in a nuke of their own. However, the internet has very few clear access points for any given institution. You're air-traffic control tower is suffering a cyber attack? Pull the plug on the router. The air-traffic control tower is suffering repeated cyber attacks? Time to fire your IT staff because they are idiots who don't know how to properly secure / segregate critical control infrastructure.

No reason, no logic, just blabbering (1)

siddesu (698447) | more than 3 years ago | (#33901872)

The person in the TFA goes on some random blabbering about "attacks on infrastructure" and "thousands at risk", proposes "cold-war, nuclear deterrence"-like strategy, then contradicts itself by saying "then ... incapacitating the platform used to attack is something that you have to do", then goes again to talk about "overwhelming force" and what not.

There's no logic in that, and, if anything, it is the opposite of MAD, the dominating war strategy of the Cold war.

The premises of MAD were clear -- a few powers with nukes, nuclear attack's originator cannot be hidden, each party has enough nukes to flatten the other even if it is hit first. These obviously don't hold for the kind of threats TFA is discussing.

Also, MAD didn't work quite well, if at all, and it became ill and died a quiet death in the late 80s.

Ironically, precisely the perceived ability to "incapacitate the platform of attack" is what killed it, because, as ballistic missile accuracy rose, the military went into fantasies a "surgical" strike combined with a "shield" platform to take out the MAD capability.

The death of MAD became obvious and official in the nineties - US gave up first, Russia following, as it became clear that nuclear proliferation is very likely unstoppable, and that MAD doesn't work very well against rogue states and terrorists. Currently both the Russian and the US military doctrines envision tactical nuke usage scenarios.

Trying to resurrect this rhetoric against a class of threats that doesn't resemble the premises of the original MAD doctrine at all is only hype, marketing and justification for subsequent funding requests.

It will work just as well as the effort for closing the mineshaft gap did.

Gov always receives power to use against 'them', (0)

Anonymous Coward | more than 3 years ago | (#33901884)

but then ends up using it against 'us'.

Terrorism charges are common for all sorts of reasons. RICO, ditto. The military is being moved to deal with problems inside the US. ...

Our gov has far too much power, which is the reason everything is going to shit.

Attacking the platform is... (0)

Anonymous Coward | more than 3 years ago | (#33901980)

... like attacking free speech when people say things you don't like, or blaming socialism for the effects of globalization. My point is this, the platform is not at fault.

Full Circle (0)

Anonymous Coward | more than 3 years ago | (#33902074)

It looks like the internet has come full circle. It started as a military project, became a public utility, and now the government wants to militarize it again.

Maybe he was misquoted. (1)

MarkvW (1037596) | more than 3 years ago | (#33902222)

Maybe he said "nuclear due process" and the interviewer mistakenly wrote down "nuclear deterrence." He'd certainly never advocate destroying a US Citizen's computer without any due process! That would be just wrong! Chertoff's a former Assistant U.S. Attorney! I'm sure he respects the Constitution and would never advocate something so awful.

Let's have zero tolerance for zero tolerance! (2, Insightful)

krisamico (452786) | more than 3 years ago | (#33902230)

Destroying the countries where attacks originate is a broken doctrine, IMO. Use of force should always be measured, and focused, lest history revile us. The ease of false flag operations in "cyberspace" make the nature of our responses to attacks even more important. I would dismiss Chertoff out of hand were it not for the possibility that, rather than harmless BS, talk like this may encourage a doctrine that will allow our government to start wars and engage in various intrigues, to evil ends. Chertoff co-birthed the anti-Christ fetus disingenuously called the "USA PATRIOT" act, so we should tell him to take his "overwhelming force" and sell crazy some place else. We seem to be stocked up already.

The enemy of my friend is my friend (0)

Anonymous Coward | more than 3 years ago | (#33902318)

This is great news for our foreign adversaries. Now all they have to do is compromise one server in a country that they want to target, and then use that as a proxy to launch a cyber attack on the US. In fact, they don't even really have to compromise one. They just find an open proxy server. For bonus points, find an open proxy server that belongs to a hospital or whatever.

If they are very lazy, they could just launch a distributed denial of service attack and spoof the source address of their target country.

Now, excuse me while I go disassemble my car so I can get the tracking device and put iton my victim^h^h^h^h^h^hfriend's car...

My Proposal (5, Funny)

Hoi Polloi (522990) | more than 3 years ago | (#33902638)

I propose ignoring Chertoff.

Re:My Proposal (0)

Anonymous Coward | more than 3 years ago | (#33903344)

Good idea. He's just trying to remain relevant.

Re:My Proposal (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33906010)

I second that. Chertoff was the idiot that claimed in the days afterward that the devastation Katrina caused to New Orleans was unexpected. Which is a load of crap given that people had been warning for decades that a major hurricane rolling over New Orleans would indeed be a complete disaster, the preparations for the possibility were inadequate, and there were several close calls that made it obvious (e.g., hurricane Ivan in 2004). What kind of head of the "Department of Homeland Security" wouldn't know about the top one or two potential natural disasters in the USA? It's like being surprised if a major, devastating earthquake happens in California, the other top one or two -- DUH! You may not know when it's going to happen, but, no, it's not a "surprise" when it does. It's a rarity, but inevitable. That's why you make big investments in preparations and you act decisively if you have a few days of warning.

The part I can't figure out is why Chertoff didn't lose his job like all the other incompetent people at the top that were involved in that fiasco, because he was just as clueless and ineffective.

Based on past performance, the chances he's got things right on the risk of "cyber warfare" are pretty slim. So, yeah, ignore him.

Unjustified unilateral action here we come (0)

Anonymous Coward | more than 3 years ago | (#33902974)

"If you have a persistent series of attacks on critical national infrastructure, then you could make the argument that incapacitating the platform used to attack is something that you have to do"

So just as an example .. if a foreign government was to take down say, a nuclear power plant, using a large network of bots built on a group of zero day flaws in Windows.. it would be justified for the government to retaliate by destroying that network of bot infested computers. Something like corrupting all of the hard disks so that the operating systems weren't able to support the bot net any longer?

Good thing it's Michael... (1)

macraig (621737) | more than 3 years ago | (#33903542)

... because when I saw TF title I wondered why the hell Melanie Chertoff would even have an opinion on the subject.

We got ya covered! (0)

Anonymous Coward | more than 3 years ago | (#33904788)

" just take punitive action against the platform being used to attack, says Chertoff."

So, he's now advocating that the military should actively target Windows systems? 2011, The Year of the Linux Desktop! Who'd a thunk it?

Shocking! (1)

jayegirl (26328) | more than 3 years ago | (#33905278)

In other shock news today the American military-industrial complex suggested that the world become more paranoid and adversarial.

when in doubt, just start shooting everywhere (0)

Anonymous Coward | more than 3 years ago | (#33906068)

as it's good for 'business'. then, as always, demand more applause/adulation/fear from the woundead, innocent bystanders, & the rest of US (hurrying up to be your) hostages, i mean supporters.

easier than cleaning up one's own mess? (0)

Anonymous Coward | more than 3 years ago | (#33906118)

get ready to meet baal. 1000 channels, only one 'program' (the hate/fear/selfishness primer) on 24/7/365.

billygates in charge of national IT/security (0)

Anonymous Coward | more than 3 years ago | (#33906178)

his (rand(r)oidian) position is; the bugwear works just fine, kill off the other crooks, & i'll be ok again. here's some more money. did you see our new phone? you can listen in on/track anybody we can coerce into using one. talk about cool, innovative, foolproof. just sign here (again).

Contrary advice from the UK (1)

mrogers (85392) | more than 3 years ago | (#33906198)

In his first ever public speech a few days ago, the head of GCHQ, Britain's equivalent of the NSA, explicity stated [infowar-monitor.net] that nuclear deterrence was not a suitable model for cyber defence "because small-scale but significant cyber attacks happen every day".

It's unusual to see open disagreement between such statements, which are usually carefully orchestrated; I wonder whether it reflects an underlying conflict between DHS and the new Cyber Command, with GCHQ siding with Cyber Command?

Chertoff is an idiot (2, Interesting)

grandpa-geek (981017) | more than 3 years ago | (#33906582)

Chertoff was behind the preposterous program on CNN where a collection of lawyers sat around trying to play techies on TV. Most of them were probably technology challenged, and they focused on legal nonsense to deal with a weird technical scenario (a malicious cell phone app goes wild and shuts down the power grid).

His crazy ideas led to the proposal to shut down the Internet in the event of national emergency.

When he was in office he was behind a stunt where a cybersecurity attack was assumed and a piece of equipment was misused and rigged to tear itself apart -- on TV -- by doing something that has been known for decades to be a no-no.

The only value of Chertoff's nonsense is publicity for the issue. Everything beyond that is idiocy.

Cybersecurity is clearly a serious concern and work needs to be done to improve it for critical infrastructure. But off-the-wall ideas coming from Chertoff are not the way to move forward. Instead, we should have people who know what they are doing lead the effort.

Terrible Idea (1)

chemicaldave (1776600) | more than 3 years ago | (#33906740)

Michael Chertoff needs a good lesson in the Internet or some hacker somewhere is going to cream his (or her) pants if this gets implemented.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>