Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Obama's Portrait of Cyberwar Isn't Complete Hyperbole

Soulskill posted about 2 years ago | from the just-mostly dept.

Security 240

pigrabbitbear writes "It's hard to imagine what cyberwarfare actually looks like. Is it like regular warfare, where two sides armed with arsenals of deadly weapons open fire on each other and hope for total destruction? What do they fire instead of bullets? Packets of information? Do people die? Or is it not violent at all — just a bunch of geeks in uniforms playing tricks on each other with sneaky code? Barack Obama would like to clear up this question, thank you very much. In an op-ed published in the Wall Street Journal the president voiced his support for the Cybersecurity Act of 2012 now being considered by the Senate with the help of a truly frightening hypothetical: 'Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud,' Obama wrote, describing a nightmare scenario of a cyber attack. 'Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.' All because of hackers!"

cancel ×

240 comments

Obama does of good job of faciliting thinking... (4, Insightful)

acidfast7 (551610) | about 2 years ago | (#40715263)

...and I can't say that about his predecessor.

Re:Obama does of good job of faciliting thinking.. (0)

Anonymous Coward | about 2 years ago | (#40715473)

Oh come on... If Obama's predecessor said these same "hypotheticals" things people would be talking about how it was nothing more than evil Republican right-wing fear mongering.

Re:Obama does of good job of faciliting thinking.. (1)

Anonymous Coward | about 2 years ago | (#40715505)

you mispelled "Rethuglican"

Really, know your audience.

Re:Obama does of good job of faciliting thinking.. (1, Funny)

Anonymous Coward | about 2 years ago | (#40715675)

You forgot to whine a few words: "Know your lib'rul, socialist audience!"

Re:Obama does of good job of faciliting thinking.. (1)

Anonymous Coward | about 2 years ago | (#40715513)

That's because it likely would be. When you don't cry wolf very often, people take you much more seriously when you do.

Re:Obama does of good job of faciliting thinking.. (5, Insightful)

Anonymous Coward | about 2 years ago | (#40715557)

"Obama does a good job of facilitating thinking..."

And I can't say that. At all. I'd be lying.

This is nothing but fear-mongering to sucker people into increasing the power of the federal gov't. "Oh but it won't be used in that way"... since when has that EVER been true?

Re:Obama does of good job of faciliting thinking.. (3, Funny)

sl4shd0rk (755837) | about 2 years ago | (#40715587)

and I can't say that about his predecessor.

His predecessor invoked much thinking as well however much of it prefixed, or suffixed with, "wtf?", "lol" and "lmao"

Re:Obama does of good job of faciliting thinking.. (0)

Anonymous Coward | about 2 years ago | (#40715625)

But his predecessor had an AWESOME partying time!

Re:Obama does of good job of faciliting thinking.. (4, Insightful)

acidfast7 (551610) | about 2 years ago | (#40715637)

I can't say that I agree with his content, but Obama does get Joe SixPack to realize that power plants and trains switches can be inadvertently connected to the internet (and to wonder what else it connected.) Hyperbole it is, but it's useful for the non-specialist.

Re:Obama does of good job of faciliting thinking.. (1)

operagost (62405) | about 2 years ago | (#40715745)

Hyperbole like this facilitates thinking that everyone who knows how to defrag a hard disk is a dangerous black hat and potential terrorist.

Re:Obama does of good job of faciliting thinking.. (1)

geekoid (135745) | about 2 years ago | (#40715905)

It's not Hyperbole. Those events can happen, and there have been SCADA compromises.

Re:Obama does of good job of faciliting thinking.. (1)

Anonymous Coward | about 2 years ago | (#40715981)

Did it ever occur to you that maybe security is so bad than anyone who knows how to defrag a hard drive has the technical skills necessary to be a potential terrorist?

Re:Obama does of good job of faciliting thinking.. (5, Informative)

cpu6502 (1960974) | about 2 years ago | (#40715863)

Obama does a good job of scaring the shit out of people and saying, "Let the government be the solution. Let us spy on your web habits via your ISP, and your cellphone via tracking. And oh yeah, we've decided to expand the TSA's mission to busstops, train stations, along highways, and at pulic facilties like malls and hotels."

In that respect he's a hell-of-lot-smarter than George "duh" Bush but ultimately it's the same fucked-up destination. Let both the (D) and (R) president burn in hell.

Re:Obama does of good job of faciliting thinking.. (-1)

geekoid (135745) | about 2 years ago | (#40715943)

Strawman. Stop using them.

Of course that would require you to actually think and evaluate things in a rational manner, and ultimately cause you to slaughter sacred cows.

Re:Obama does of good job of faciliting thinking.. (5, Informative)

cpu6502 (1960974) | about 2 years ago | (#40716013)

>>>Strawman. Stop using them.

There's no strawman. Obama really has expanded the TSA to busstops, train depots, post offices, et cetera. It's not my fault you don't keep-up with the news and remain unaware of that fact.

Re:Obama does of good job of faciliting thinking.. (3, Insightful)

pixelpusher220 (529617) | about 2 years ago | (#40715959)

It does make you think. If Bush and the GOP think that Dems are government solution crazy....why in the hell did they start the massive gov't surveillance programs in the first place. Did they not think the Dems would 'improve' upon them?

I fully believe if Bush hadn't started this dive into moral failure the Dems wouldn't have done it on their own, if only because the GOP would have, rightly, decried the invasions of privacy. But because of 'terrerism' somehow it was ok...

Bush's fault for starting it, Dems and Obama's for continuing.

Re:Obama does of good job of faciliting thinking.. (1, Insightful)

cpu6502 (1960974) | about 2 years ago | (#40716085)

>>>If Bush and the GOP think that Dems are government solution crazy....why in the hell did they start the massive gov't surveillance programs in the first place.

Exactly.
I'm happy to say I never voted for Warmonger Bush.
Nor Obama the insurance megacorps' best friend.
Or Romney the corporate prostitute AND warmonger.
(We just keep getting one lousy president after another.)

Re:Obama does of good job of faciliting thinking.. (0)

Anonymous Coward | about 2 years ago | (#40715913)

The problem here is that cyber war is primarily the act of commerical firms who idiotically disregarded the need to lock down the access to their products. It is roughly the equivalent of leaving your door wide open and a welcome mat out.

I sat down with the heads of 3 public utilities in the USA including TVA and flat up asked them what security they had on their system controls. They said, "None". They had so old protocols that was their only defense.

I have spoken with the head of a major Vehicle Data Bus reader system and said to them that they needed to get heavy encryption and strong access controls and they argued it was not important until I reminded them people could get killed if their systems get hacked.

The true reality is that we tend to disregard security until it is broken.

Who cleans up (5, Insightful)

codepigeon (1202896) | about 2 years ago | (#40715281)

I keep wondering who will be responsible for cleaning up the thousands or millions of pc's that get infected (or re-infected) years after a "cyber" war is over. I have never heard an answer to that.

I have an answer!!!1 (5, Funny)

Anonymous Coward | about 2 years ago | (#40715369)

I have an answer . . . MyCleanPC!!!1! I just installed it on my PC and I'm re++--_#*$NO CARRIER

Re:I have an answer!!!1 (3, Funny)

game kid (805301) | about 2 years ago | (#40715667)

Sadly, merely blocking that Voldemortian name from Slashdot won't help anymore--I saw fairly slick commercials for it on the Science Channel.

The demon breeds!

Re:Who cleans up (1)

ethanms (319039) | about 2 years ago | (#40715521)

I wonder who will be responsible for cleaning up the physical damage after some of these incidents? Halliburton, or other major contractors? Perhaps they'd be happy to have these things happen...

Re:Who cleans up (5, Funny)

pr0t0 (216378) | about 2 years ago | (#40715685)

That will fall to people like you and me. Do you have what it takes? Remember, service guarantees citizenship.

Re:Who cleans up (4, Funny)

jo42 (227475) | about 2 years ago | (#40715851)

Send clean up bill to:

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-7329
USA

Re:Who cleans up (2)

tool462 (677306) | about 2 years ago | (#40715973)

I'm going to start a company called Hackerburton and position myself to pick up all those juicy post-cyberwar reconstruction contracts. I'll hire another contractor called Blackhatter to be in charge of my team members' security.

Complete, as in 100% Complete? (5, Insightful)

rot26 (240034) | about 2 years ago | (#40715323)

Obama's Portrait of Cyberwar Isn't Complete Hyperbole

No, it's only 99.8% hyperbole. Someone has calculated the half-life of the current set of "crises", and decided that we need another urgent problem to address.

Re:Complete, as in 100% Complete? (1, Funny)

Moheeheeko (1682914) | about 2 years ago | (#40715381)

I think its more along the lines of he watched the movie Hackers and thought you could actually do ANYTHING they do in that movie.

Re:Complete, as in 100% Complete? (3, Interesting)

oh_my_080980980 (773867) | about 2 years ago | (#40715533)

Re:Complete, as in 100% Complete? (1)

Moheeheeko (1682914) | about 2 years ago | (#40715763)

I never said things dont get hacked, but what really happens is data gets stolen, not changing the show on the tv station you are watching or sinking an oil tanker (thats the shit they do in the movie).

Re:Complete, as in 100% Complete? (1)

zlives (2009072) | about 2 years ago | (#40715865)

but... but... they do that in "leverage" all the time... it must be true, just like House can fix any medical issue and ......

Re:Complete, as in 100% Complete? (5, Insightful)

MozeeToby (1163751) | about 2 years ago | (#40715773)

Oh for crying out loud. Stuxnet managed to damage equipment and all but shut down a nuclear weapons research program, and that was attacking secured PCs that were on a closed network. Do you have any idea how poor security is at your communities local infrastructure? If a single virus, by all accounts written by no more than a half dozen people over the course of a year, can do significant damage to a secured computer network, why is it ridiculous to imagine that a foreign nation could shut down water treatment plants at dozens of places in the US? Please explain, what exactly is the difference between programming a centrifuge to spin at a rate outside it's safety margin and programming a rail switching station to reroute trains randomly?

Re:Complete, as in 100% Complete? (1)

zlives (2009072) | about 2 years ago | (#40715967)

"secured PCs that were on a closed network"
stuxnet was propagated by usb keys which fail the closed network test.

"security is at your communities local infrastructure"
probably pretty low, however a closed network would be designed to not allow outside connection via the net or physical media. Even then for physical media it becomes a physical sabotage scenario rather than cyberwarfare.

Re:Complete, as in 100% Complete? (2)

oh_my_080980980 (773867) | about 2 years ago | (#40715421)

Richard Clarke would disagree with you.

Re:Complete, as in 100% Complete? (1)

Cornwallis (1188489) | about 2 years ago | (#40715795)

Agreed. If the Power-that-Be were truly worried about infrastructure they would spend the tens of millions (that's with an M) to harden the electrical grid. They won't because it isn't sexy - or scary like cyberwarfare.

This is simply another power grab... scaring the people.

Re:Complete, as in 100% Complete? (1)

geekoid (135745) | about 2 years ago | (#40715987)

SCADA systems all over the country are constantly being probed and attacked. Avery day.
IT's not hyperbole at all. This isn't physical warfare. A small team of people could attack everything he mentions at the same time.
It would be a cheap attack, it would be an effective attack, and probably very successful.

Re:Complete, as in 100% Complete? (1)

thomasw_lrd (1203850) | about 2 years ago | (#40716097)

I saw this movie. Luckily, Bruce Willis was able to drop a suburban on Lucy Liu and save the country.

So it is complete hyperbole, then (2)

medcalf (68293) | about 2 years ago | (#40715329)

I think it would be an excellent idea to harden our infrastructure and make our social and political systems for responding to change more resilient. That does not mean that spinning tales of disaster that can only be averted through legislation is anything other than hyperbole, though. I have yet to see anything about this cybersecurity bill that does not involve centralization (reducing resilience) or regulation (reducing diversity and thus making attacks more effective because more widespread), and so far nothing that really looks like it would actually harden our information infrastructure in any meaningful way.

Re:So it is complete hyperbole, then (1)

oh_my_080980980 (773867) | about 2 years ago | (#40715441)

Because corporate america doesn't want to spend money on security.

Re:So it is complete hyperbole, then (0)

Anonymous Coward | about 2 years ago | (#40715595)

Amen. It seems to me just more fear mongering. Like so much before it, it also fails to ask the bigger questions. You have a computer system that controls something potentially dangerous and that is off-limits to all but a select few. Why would you put that on the Internet?

Re:So it is complete hyperbole, then (1)

pixelpusher220 (529617) | about 2 years ago | (#40716113)

Exactly. Didn't see anything in the Op-Ed about reducing threats, only responding to them.

Re:So it is complete hyperbole, then (4, Insightful)

Calibax (151875) | about 2 years ago | (#40715875)

It's not likely that anything will be done to harden the US infrastructure without legislation. The necessary work requires money to be spent and neither public nor private organizations will do that unless there is some sort of legal requirement that they do so.

People who think the president was "over the top" have little imagination - I'm quite certain there are some very bright people in various countries working to create a series of Stuxnet type products to attack the infrastructure of Western nations. Be in no doubt, no nation has a monopoly on brains or computer technology. Access to details of of Western infrastructure is either openly available or have already been stolen. Figuring out the weak spots and how to attack them probably isn't that hard.

However, it's not obvious exactly how to solve the problem. It's not obvious that the current cybersecurity bill will help. The sad fact is that it's been written by lawyers and politicians who have no idea about the technological challenges and how to resolve them, so they are doing what they know - add bureaucracy. Until computer scientists and engineers are taking the lead nothing worthwhile will be done.

Re:So it is complete hyperbole, then (2)

pixelpusher220 (529617) | about 2 years ago | (#40716137)

Critical infrastructure is very likely 'regulated' infrastructure. We already have all the enforcement mechanisms we need.

Re:So it is complete hyperbole, then (1)

betterunixthanunix (980855) | about 2 years ago | (#40715999)

regulation (reducing diversity and thus making attacks more effective because more widespread),

Regulation does not necessarily lead to this. Suppose, for example, that infrastructure services were required to use systems that have been rated EAL4+ (essentially the highest level that typical commercial products receive), and that they were required to develop RBAC or MLS/MCS policies to secure their systems -- this is not a substantial loss of diversity, and it would go a long way toward security. Similarly, minimum key sizes for common crypto algorithms, and the use of cryptography could be mandated for certain things (authentication, control messages for infrastructure machines, etc.).

The real issue is that nobody is willing to commit the money needed to engage in such an effort. It would probably require enormous amounts of money to upgrade legacy systems, hire people who know how to configure security systems, get audited, train staff, etc., etc., etc. Why spend the money, when we could just buy insurance policies instead?

Re:So it is complete hyperbole, then (1)

thomasw_lrd (1203850) | about 2 years ago | (#40716131)

Does it even matter when all of the programming would be outsourced?

No matter how secure the system is, if a third party has the keys, someone else will have the money to buy the keys.

Again I ask (1)

Anonymous Coward | about 2 years ago | (#40715363)

Why is this sort of crap connected to the public internet?

Re:Again I ask (0)

Githaron (2462596) | about 2 years ago | (#40715561)

That is what I was thinking.

Re:Again I ask (1)

Nkwe (604125) | about 2 years ago | (#40715955)

Why is this sort of crap connected to the public internet?

It is not so much that critical systems are sitting on web pages that anyone on the Internet can directly get to (although it has probably happened), it is more the case that control networks share connections to machines and devices that also have connections to the Internet. If these shared machines get compromised, then there is a path from the Internet to the critical systems.

Ask yourself this question: Can I get to anything "critical" at work when I am at home? or more generally: Can I work remote? If you can, the your "critical" system at work is indirectly connected to the Internet. (Assuming that your remote connection is via your ISP and not some direct dial up or dedicated line to your company.)

"Critical" for your work might only be a financial system, but if you work for a utility company "critical" might be the power grid, the water treatment controls, gas distribution, etc. People who work for utilities and other critical infrastructure like to have remote access as well (convenience, reduced staff, lower costs, etc.) These are the kinds of systems that are the biggest risk (via indirect paths to the Internet).

Re:Again I ask (1)

zlives (2009072) | about 2 years ago | (#40716017)

its not... at least its not supposed to be. however I have seen one such instance of water treatment plant using segregated vlans (shared switch) even though the RFP (based of regs) called for separate physical network... people try to save money or don't consider the design scenario in its entirety.

Live Free... (0)

Anonymous Coward | about 2 years ago | (#40715383)

or Die Hard!
Or consider putting utilities on their own private networks and increasing physical security.
Oh yeah... that costs money....

Re:Live Free... (1)

zlives (2009072) | about 2 years ago | (#40716055)

even more savings when you can outsource the management of such systems to remote support via public net. all kinds of savings can be had rather than have a physical presence.

What it really means (1, Flamebait)

gmuslera (3436) | about 2 years ago | (#40715391)

you don't understand the current important cyberthreats, and we don't care about them neither, but lets paint an improbable/impractical scenario with big explosions and use that excuse steal even more privacy/control from all of you to benefit our sponsors.

Re:What it really means (1)

gweihir (88907) | about 2 years ago | (#40715575)

Indeed. Unfortunately, that is exactly what is going on.

wow (1)

phantomfive (622387) | about 2 years ago | (#40715417)

'Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud,' Obama wrote, describing a nightmare scenario of a cyber attack. 'Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.' All because of hackers!"

That's like a hacker's day-dream from the 80s.

Re:wow (4, Informative)

oh_my_080980980 (773867) | about 2 years ago | (#40715469)

In the '80s the United States sent oil pipeline controls with a trojan in it to the Soviet Union....it's not far fetched.

Re:wow (0)

Teresita (982888) | about 2 years ago | (#40715503)

Yeah, look what a disaster that Y2K thing turned out to be.

Re:wow (3, Insightful)

Black Parrot (19622) | about 2 years ago | (#40715701)

Yeah, look what a disaster that Y2K thing turned out to be.

How much effort went into preventing it?

I wrote a memo in the early 90s telling management that they should develop a policy of fixing YY code any time a program came up for a bug fix.

Of course they didn't listen. Thank all the gods, I was gone before the panic set in.

Re:wow (2, Interesting)

Chris Mattern (191822) | about 2 years ago | (#40715785)

Y2K wasn't a disaster because a lot of people put in a lot of effort to prevent from being one. I put in hundreds of hours on it, and I was just one average systems guy in one IT department.

Re:wow (3, Insightful)

MozeeToby (1163751) | about 2 years ago | (#40715801)

Yep, lets ignore the millions of dollars spent on prevention and just focus on the fact that nothing bad happened. That's like if they upgraded the levies 2 months before Katrina and then flooding didn't happen and everyone said "what a waste of money those levies were!".

Re:wow (4, Insightful)

daem0n1x (748565) | about 2 years ago | (#40715927)

Maybe you were scratching yourself at that time, but I spent many hours fixing applications because of the Y2K bug. If it wasn't for the effort of thousands of geeks all around the world, instead of a few systems failing here and there we could have had a huge problem worldwide.

What are you doing in a nerds website? Comments like yours usually come from laypeople who have no idea what had to be done because of Y2K.

If the world's IT systems have had a meltdown, every body would be blaming the geeks for not having done anything. Because the geeks made a great job, guess what, nothing happened. Then people blamed the geeks for having been alarmist, instead of thanking them.

That's a big problem with us, geeks. When you do a great job, nobody notices it because things go smooth. If you fuck up, everybody notices you.

Re:wow (4, Informative)

Jah-Wren Ryel (80510) | about 2 years ago | (#40716071)

In the '80s the United States sent oil pipeline controls with a trojan in it to the Soviet Union....it's not far fetched.

Subtle but important difference - the story is that the russians were known to be stealing control software [wikipedia.org] so the CIA arranged for the copy that they stole to contain sabotaged code.

Re:wow (3, Insightful)

UnknowingFool (672806) | about 2 years ago | (#40715659)

Stuxnet is one example of what is possible. Stuxnet however was designed to be highly targeted and controlled. Most security experts believe it was designed against Iran's nuclear program. It also was designed to delete itself after a while. Yet this highly focused attack was able to damage an estimated 1100 centrifuges. Image what an indiscriminate attack would do.

Re:wow (1)

phantomfive (622387) | about 2 years ago | (#40715791)

An indiscriminate attack would not be able to do anything.

Have you looked at Stuxnet at all? It required tailoring for the setup of the Iranians, if you'd wanted to attack their train system, you'd have needed to create a separate attack for that. You can't just make a hack and hope it will destroy everything it comes across, these are specialized controllers.

Bankers are worse than hackers. (4, Insightful)

Hatta (162192) | about 2 years ago | (#40715435)

Bankers have already pulled off a caper far worse than the unlikely scenario described here. Obama can direct his justice department to hold these bankers responsible under laws that already exist. How serious can he be about protecting America when he refuses to prosecute criminals who have damaged our national security so thoroughly?

Re:Bankers are worse than hackers. (1, Funny)

oh_my_080980980 (773867) | about 2 years ago | (#40715495)

Somewhere in there there's a coherent thought...you just need to work on it a little.

Re:Bankers are worse than hackers. (4, Interesting)

Hatta (162192) | about 2 years ago | (#40715607)

Obama wants new laws to protect us against a hypothetical threat. But he has failed to use the laws he already has against those who have already damaged this country more than a foreign enemy could hope to. The only explanation is that Obama is not concerned about protecting America at all.

Re:Bankers are worse than hackers. (0, Troll)

oh_my_080980980 (773867) | about 2 years ago | (#40715709)

Let's see he took out Osama Bin Ladin who is responsible for deaths of 2,996 Americans.

There is no political will to take on the Financial Services Industry. It's not simply the President, it's Congress as well.

You're conflating national security with corporate malfeasance. The two are not the same.

Re:Bankers are worse than hackers. (0)

Anonymous Coward | about 2 years ago | (#40715805)

You're conflating national security with corporate malfeasance. The two are not the same.

One impacts the other as the state of a country's economy is closely linked to that country's ability to spend resources on the military and other security measures. The different sizes of the economies of Irak and the US is why the US could invade Irak in just a few days while Irak would never have the resources necessary to invade the US.

Re:Bankers are worse than hackers. (0)

Anonymous Coward | about 2 years ago | (#40715733)

You were completely coherent the first time and right on the money. The idiot who replied to you is an Obamabot or a shill for the financial industry.

Re:Bankers are worse than hackers. (1)

game kid (805301) | about 2 years ago | (#40715739)

Right back atcha. His comment was sensible with a side of correct.

Re:Bankers are worse than hackers. (1)

miknix (1047580) | about 2 years ago | (#40715619)

THIS!

The scenario was much worse because it didn't touch only America but also the rest of the world.

Re:Bankers are worse than hackers. (1)

operagost (62405) | about 2 years ago | (#40715777)

This scenario wasn't as bad because no one died.

There is more than one way to kill. (1)

Anonymous Coward | about 2 years ago | (#40716025)

With the cost of healthcare and the number of retirees that lost most or all of their savings, I doubt it.

Re:Bankers are worse than hackers. (2, Informative)

Hatta (162192) | about 2 years ago | (#40716033)

Recessions kill. How many people lost their jobs and homes due to no fault of their own in the recession? How many were so demoralized they turned to suicide? How many turned to crime themselves? We may never know, but it's certain that this is no mere property crime.

Re:Bankers are worse than hackers. (1)

spagthorpe (111133) | about 2 years ago | (#40715885)

True, but hackers aren't giving campaign money to politicians.

Invalid premise (0)

Anonymous Coward | about 2 years ago | (#40715455)

Is [cyber-warfare] like regular warfare, where two sides armed with arsenals of deadly weapons open fire on each other and hope for total destruction?

No, because "regular" warfare isn't like that either.

There is nothing cyber over it... (1)

zugedneb (601299) | about 2 years ago | (#40715481)

some guys in USA with aspergers write some bad C code, the entire world buys or pirates the crap... some other guys wherever dissassemble the code, find the flaws, does some shit, and we make a big deal of it...

this is just globalozation gone wrong, with a couple of dominant actors with trained monkeys :D

Caused by a government mandate (0)

Anonymous Coward | about 2 years ago | (#40715519)

It was a government mandate to attach all utilities to the internet and add "security" that has led to them now being accessable. Before that they were clunky old systems best connected by calling the guy on the phone who pushes the buttons and levers. Each utility should be off the internet grid until such time as a node can be developed that is reasonably secure from intrusion, which does not seem likely soon since most internet equipment is built with back doors for one security agency or another.

Also,

To quote H.L. Mencken, 'The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary.' (or as we now see in our lives, intentionally created by the government itself)

JJ

http://www.kema.com/services/ges/smart-grid/ai/security-standards.aspx

Mind control (1)

cyberspittle (519754) | about 2 years ago | (#40715529)

I'm more worried about subliminal (hidden) messages flashing on my monitor telling me what to buy, eat, etc.

Re:Mind control (1)

Fatch Racall (2330110) | about 2 years ago | (#40715653)

buy a terrible LCD, that way the ghosting will be so bad you won't even see the subliminal messages.

Live by the CLI, die by the CLI (1)

percy69 (733325) | about 2 years ago | (#40715539)

To wit: Stuxnet

Live Free or Die Hard (0)

Anonymous Coward | about 2 years ago | (#40715541)

We're looking at the Senate to combat cyberwarfare? Are you kidding me... when we could easily unleash Bruce Willis and the Mac wunderkind (Justin Long)?

http://www.imdb.com/title/tt0337978/

"not completely" = "pretty much is" (1)

gweihir (88907) | about 2 years ago | (#40715553)

These scenarios are pure fantasy as related to "cyberwar". The "cyberwar" term is only used to create fear and get more money. Sure, if IT security in critical infrastructure is really on an utterly pathetic level (and some is), somebody could cause a lot of damage. But that is more an individual, like a disgruntled ex-employee, not any kind of military term on the other side.

The fix is not to have another dysfunctional military buildup, the fix is to make those responsible for critical infrastructure, dangerous plants, etc. at least minimally responsible to have good IT security. As in operating a dangerous chemical facility without reasonable IT security does actually get notices, causes the plant to be shut down, causes the ones responsible to go to jail for a long time and causes any and all profits gained form the lousy security to be taken away, including triple damages. Maybe then IT security would finally get better. All this "cyberwar" nonsense is not going to accomplish anything except wasting huge amounts of money better spent elsewhere.

Re:"not completely" = "pretty much is" (1)

oh_my_080980980 (773867) | about 2 years ago | (#40715649)

Because the United States does so well at punishing corporations....."0.0025 percent of corporate revenue on average is spent on information-technology security"

We have a problem. It's not hyperbole. It's something that needs to be taken seriously. Agreed we don't need to exponentially increase the defense budget in the name of cyber security but we do need to make it a priority and we do need to get corporations that control our infrastructure to invest in security.

Re:"not completely" = "pretty much is" (1)

gweihir (88907) | about 2 years ago | (#40715835)

Just what I am saying. However, calling it "cyberwar" is counterproductive, as with this term all the money will go to the military and none of it will actually improve IT security anywhere.

Re:"not completely" = "pretty much is" (0)

Anonymous Coward | about 2 years ago | (#40715661)

From TFA: "Cybersecurity standards would be developed in partnership between government and industry. For the majority of critical infrastructure companies already meeting these standards, nothing more would be expected. Companies needing to upgrade their security would have the flexibility to decide how best to do so using the wide range of innovative products and services available in the marketplace. Moreover, our approach protects the privacy and civil liberties of the American people. Indeed, I will veto any bill that lacks strong privacy and civil-liberties protections."

Re:"not completely" = "pretty much is" (0)

Anonymous Coward | about 2 years ago | (#40715671)

You have to wonder how good our IT security can be if the hardware is intrinsically compromised. We're already hearing about comm gear manufactured in China being compromised, how can we prove that CPU and other chips aren't too?

It's time to strengthen our defenses (2)

Nkwe (604125) | about 2 years ago | (#40715581)

"It's time to strengthen our defenses against this growing danger" is how the op-ed ends. I agree. I would assume that most would also agree as well.

The challenge of course is agreeing in what does "strengthen our defenses" mean. To me it means disconnecting critical systems from the Internet. Yes, that means that it will take more people to operate those systems and it means less centralization. These things will make it cost more; but security has always (and will always) have a cost in terms of money / resources and convenience. In the case of critical infrastructure, these costs are worth it.

Who watches the watchdogs? (2)

ethanms (319039) | about 2 years ago | (#40715657)

A straight-forward set of solutions to some of these potential problems:

- A human being with a brain is left still ultimately responsible for the operation of trains, planes, etc... "the computer gone haywire" scenario becomes one of inconvenience and slow-downs vs. disaster and death

- Double checking of automated processes... the treatment plant is not a "set and forget" operation, humans should be monitoring the quality of the drinking water and the output of the treatment plants using manual devices--these are double checks for any automatic monitoring

- Disconnect critical systems from public (and sometime even private) networks. There is no reason to allow remote operation of many of these plants and facilities, so that's first and foremost (if it doesn't NEED to be remote controlled, then don't allow it). Second, for many of these systems simply making sure that they are connected only to secure and private networks would do wonders for preventing outside hacking, and while you're at it eliminate gateways between public and private networks.

At the end of the day it comes down to the human factor. Keep human's located at the equipment, and properly trained in it's operation (and recognition of malfunction) and these disasters will be easily averted.

It's just like regular warfare :) (1)

davidwr (791652) | about 2 years ago | (#40715705)

only with tubes.

A series of them.

Re:It's just like regular warfare :) (1)

Antipater (2053064) | about 2 years ago | (#40715961)

The internet is a Nebelwurfer?

On thing's for sure (1)

Black Parrot (19622) | about 2 years ago | (#40715729)

Any substantial cyberwar will turn into a substantial shooting war within a matter of days.

Put that in your policy think tank and smoke it.

How about we all (1)

phorm (591458) | about 2 years ago | (#40715753)

Stop being cheap/lazy about critical infrastructure?
There are rules and frameworks for the medical industry (HIPAA etc). Ditto for the construction industry.
Perhaps they need something similar for critical IT infrastructure, especially regarding firewalls, air-gaps, passwords, encryption, patching, and upgrading.

How about we start with:
* Control of any critical system that does not need to be online shall not be accessible online (air-gap)
* Information that is needed in a read-only capacity should be configured through a non-writable medium

If you want reports from your water treatment plant, then have something send data through a one-way medium. Remote access is great and all, but if what's standing between you and a possible hack harming thousands or millions is a few on-site personnel rather than remote access... stop being cheap about it and put people on-site.

Hackers? (0)

Anonymous Coward | about 2 years ago | (#40715761)

All because of shoddy engineering I would suggest.

Take The EASY Solution (0)

Anonymous Coward | about 2 years ago | (#40715789)

Cyberwarfare?? Why.... just take the fracking industrial controllers off of the dang internet. Ewww problem solved. Geez. It AIN'T rocket science.

Re:Take The EASY Solution (2)

Kadagan AU (638260) | about 2 years ago | (#40715899)

I work for a company that does networking for many railroads, and on every project that we've done the entire train control network is isolated from the rest of the world. That's one of our basic rules, it should never touch the internet. I can't speak for our competitors, but it seems like they would do the same.

Re:Take The EASY Solution (2)

Kadagan AU (638260) | about 2 years ago | (#40715917)

On the other hand, if someone malicious were to get physical access to the network, it may be a different situation.

Pretty scenario, but how high is the actually risk (1)

Anonymous Coward | about 2 years ago | (#40715831)

How high is the actually risk of that nightmare scenario? nightmare scenarios are easy to make in regards to anything. What about a nightmare scenario where someone buys a load of heavy metal and dump it a lake near a large city, overload any water filters the city have. Do that mean we have a heavy metal war that is important to take care of?

It's an easy problem to solve (2)

MikeRT (947531) | about 2 years ago | (#40715877)

1. Give them 2 years to hire or retain by contract people who can repair or do maintenance on site.
2. Make it a class six felony to knowingly connect an industrial system to the public internet for any reason other than an exigent circumstance for which a reasonable practitioner would not regard the on-site staff as capable of handling or for which there is insufficient time to fly out a practitioner capable of performing the work.
3. In the event of loss to limb or property, make trebble damages built-in to the civil site.
4. In the even of loss of life, make elevation to felony murder mandatory with execution mandatory for all parties involved in the event that the death toll goes beyond a few people.

That's how you wake them up and institute change post haste.

Not Possible: Across the country trains derailed. (1)

Anonymous Coward | about 2 years ago | (#40715925)

I wrote software which manages trains and the railway network and I can tell you that it would be IMPOSSIBLE to derail a train or cause an accident with a "cyber attack". I might believe Water treatment plants because of their use of SCADA but not railroads.

War is a racket. (2)

Johann Lau (1040920) | about 2 years ago | (#40716087)

Is it like regular warfare, where two sides armed with arsenals of deadly weapons open fire on each other and hope for total destruction?

Not even regular is like that. Regular was is two or several sides having people who are armed and those who get to pay and suffer.

Let's say for example, China and America had an all out war: in that case the common American citizen and the common Chinese citizen have a LOT more in common than the common American or Chinese citizen have in common with their leaders.

The whole thing of equating the policy of war profiteers with the people in a country is fascist bullshit. It's usually, and certainly often when America is involved, not "country A fighting country B", it's "group X (elites in countries A and B) fighting group Y (the people in countries A and B)".

Seriously, pay some fucking attention already.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...