Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor'

Soulskill posted about 2 years ago | from the inspiring-such-confidence dept.

Government 190

SpzToid writes "U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government.' Countries such as Iran, China, and Russia are claimed to be motivated to conduct such attacks (though in at least Iran's case, it could be retaliation). Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress. I think the following message from Richard Bejtlich is more wise and current: 'We would be much better served if we accepted that prevention eventually fails, so we need detection, response, and containment for the incidents that will occur.' Times do changes, even in the technology sector. Currently Congress is preoccupied with the failure of U.S. security threats in Benghazi, while maybe Leon isn't getting the press his recent message deserves?"

Sorry! There are no comments related to the filter you selected.

translation (4, Insightful)

Anonymous Coward | about 2 years ago | (#41641301)

Haliburton now has a kompootar division that needs money.

Another Translation: (4, Interesting)

Futurepower(R) (558542) | about 2 years ago | (#41642007)

I'm guessing: The U.S. Secretary of Defense has no knowledge of computer technology whatsoever, except what he learned from his children. But he wants to be cool, seem knowledgeable, get his name in the news, and get government contracts for associates, so he put his name on a scary memo written by his staff, who also have such associates.

That's a guess, but it seems a likely guess given the fact that technically knowledgeable people use different language and recommend examination of code for security problems and sloppiness.

Some of those who want government corruption want continuous war because government "defense" contracts provide easy profits, and it is easy to keep corruption secret.

If they get easy money, the corrupters don't care who is killed, what lives and property are destroyed, or how much money is wasted. For example, the book Funding the Enemy: How U.S. Taxpayers Bankroll the Taliban [amazon.com] provides a huge amount of detail about a small part of the corruption.

Divide the cost to the U.S. taxpayer of just the war in Afghanistan ($574,624,781,538) [costofwar.com] by the population of Afghanistan (35,320,445) [google.com] . The U.S. taxpayer has already paid 16,268 hard-earned dollars for every man, woman, and child in Afghanistan. The results: Mostly, things are worse.

If those who want corruption can't get the taxpayers to pay for killing other people, they want "cyber war". See, for example, Obama Order Sped Up Wave of Cyberattacks Against Iran [slashdot.org] .

The U.S. government has invaded or bombed 27 countries since the end of the 2nd world war.

Constant war makes us poor.

you mean they could have spent less money spying.. (5, Insightful)

davydagger (2566757) | about 2 years ago | (#41641319)

You mean, the US could spent less money on fearmongering, sting operations to trick poor and socially outcast citizens into conducting fake terrorist attacks for TV. Far flung surviallence systems, which don't work.

Instead of this crazy cloak and dagger shit, they could have invested in systems that were secure by default, and well coded that would resist cyber assault. In fact with the money spent, I'm sure they could simply paid many many many programers to do nothing but check and re-double check code, fuzz, and re-fuzz a bunch of apps until cyber breakins were not feasaible.

I am sure they could have done the same with all routers, and in the case of a massive foriegn DDoS, simply firewalled it.

Re:you mean they could have spent less money spyin (-1)

Anonymous Coward | about 2 years ago | (#41641447)

Fuck you.

Badum-tish!

Re:you mean they could have spent less money spyin (1)

Anonymous Coward | about 2 years ago | (#41641979)

There is no such thing as secure by default (except maybe for a brick), and no theoretical possibility of such a thing. There is more likelihood of a million monkeys randomly typing for a million years to create one of Shakespeare's plays than for creating a truly secure OS in the manner described. And even coming close could not be done before whatever product is completely, totally irrelevant from obsolescence.

Re:you mean they could have spent less money spyin (0)

Anonymous Coward | about 2 years ago | (#41642451)

All they have to do is to re-purpose the surveillance systems for the good instead of evil. That would be increasingly better use of the budget for such things as the probability of cyber attacks against the infrastructure increases and such attacks attain higher levels of risk compared 9/11 scenarios. Also, it would be helpful to make a good'ole Constitutional exception for creation of the National Infrastructure ADministration with the powers to regulate the collaborations across state borders, the agencies and companies. And the oversight committee, of course, for that comic relief. Constitutional exception, is there such a thing in the US? It really doesn't seem so.

What a shocking declaration! (4, Funny)

mekkab (133181) | about 2 years ago | (#41641323)

Honestly... does this come as any surprise to anyone on /.? When I heard about Flame and Stuxnet it was as if every cyberfiction story I read in the 80's had finally come true. Mentally, I'm already prepared.

Bring on the onslaught of Jihadist Erectile Dysfunction Spam!

Re:What a shocking declaration! (5, Funny)

maxwell demon (590494) | about 2 years ago | (#41641367)

Yeah, erectile dysfunction is especially bad for jihadists. Imagine you get your 72 virgins, and then you can't get it up.

Re:What a shocking declaration! (4, Funny)

K. S. Kyosuke (729550) | about 2 years ago | (#41641501)

Actually, that's the Muslim version of hell. Both groups get sent to the same place (which reduces maintenance costs, mind you!) and the ones with erectile dysfunction are simply forced to watch the unafflicted ones.

Re:What a shocking declaration! (0)

Anonymous Coward | about 2 years ago | (#41641781)

So that is why there is some confusion to the actual amount of virgins? it depends on how many are in heaven and how many are in hell?

Re:What a shocking declaration! (1)

Shoten (260439) | about 2 years ago | (#41642129)

I thought the Muslim version of hell was that they get their 72 virgins...and they're all ugly overweight male otaku.

Re:What a shocking declaration! (1)

couchslug (175151) | about 2 years ago | (#41642041)

"Imagine you get your 72 virgins, and then you can't get it up."

They might be MALE virgins, and you won't need to get yours up.

Re:What a shocking declaration! (3, Funny)

NotQuiteReal (608241) | about 2 years ago | (#41642255)

If they are MALE virgins, you need to be worried about getting it up yours.

FTFY

Re:What a shocking declaration! (0)

Anonymous Coward | about 2 years ago | (#41642285)

Yeah, erectile dysfunction is especially bad for jihadists. Imagine you get your 72 virgins, and then you can't get it up.

Or worse yet, erectile dysfunction of the other sort and you get a 7'2" Persian and an eternal erection.

Re:What a shocking declaration! (0)

Anonymous Coward | about 2 years ago | (#41642545)

So now I know where /. virgins go when they die. Looks like the last laugh is on you.

Re:What a shocking declaration! (5, Insightful)

BeanThere (28381) | about 2 years ago | (#41641617)

I've been reading these overblown scare stories with regularity since I've been reading /. ... it just means it's budget allocation time again for the 'cybersecurity divisions' and these types of reports are just a way of trying to justify oversized budgets for ever-larger 'departments' to push paper around while pretending to protect you from something.

Re:What a shocking declaration! (0)

Anonymous Coward | about 2 years ago | (#41642249)

It is not overblown. The threat is very real. It is just that, as anonymous said above, "There is no such thing as secure by default (except maybe for a brick), and no theoretical possibility of such a thing.". On the other hand, we should at least have some sort of idea what we can and cannot do in such a scenario. That takes funding.

Re:What a shocking declaration! (1)

Anonymous Coward | about 2 years ago | (#41642475)

The risk is idiots making everything be run by computers. An off by one programming error poses just as much risk as a "cyber attack". Heck, how much did the iPhone's alarm bugs cost economies, thousands of people going into work an hour late (or not at all). None of this is even remotely as dangerous as the huge number of people running around with a set of irrational views they hold on the basis of the fact that an authority figure told them they were true. I live in hope that one day my karma will run over your dogma though.

Translation: We need more Money! (0)

Anonymous Coward | about 2 years ago | (#41641327)

And of course, they convince us that we need to be protected and kept secure. They'll always have something to worry about, and something to make us fear, just so they can make us more money.

Of course they never mention their own operatives, because well, that's clearly not part of their agenda.

Not that actual security is either, they'd just prefer sinecures for the technology sector.

Re:Translation: We need more Money! (0)

Anonymous Coward | about 2 years ago | (#41641449)

Oh no... I'm sure that there are bills waiting ready to be put out in congress by the makers of SOPA/PIPA/COICA/ACTA just in case of a "cyber 9-11".

And they will have fuck-all to do with actual security like requiring businesses to actually spend some capital on keeping their flies zipped.

Will be effective against offshore attacks? Nope.

What they will target is the same drumbeat we have been dealing with for years. More DRM, more enforced DRM, more control by a third party who wants their voice to be heard and not yours.

In the closed environment of most devices, it would be trivial to mandate an Internet wide NAC system, where if something doesn't have a valid DRM stack, the upstream router won't allow it to connect. This stack would also disallow proxying, allow remote root access (and we know how secure those backdoors will be), and all and all, allow offshore hackers even MORE reign.

Remember the old Counterstrike guy who yelled "terrorists win"? Same thing. bin Laden scored a victory on the US that no general since the Brits ever have done, completely depriving a country of its rights and turning a democracy into a police state. A cyber-9/11 would do the same thing, except our computers would be turned into terminals and instead of actual security, the only measures made laws would be DRM, DRM, and more DRM.

Easy solution (5, Funny)

maxwell demon (590494) | about 2 years ago | (#41641341)

They just have to make all U.S. routers drop packets with the Evil bit set. Problem solved.

Re:Easy solution (-1)

BeanThere (28381) | about 2 years ago | (#41641635)

Wow, I've never heard that joke before!

Re:Easy solution (1)

Anonymous Coward | about 2 years ago | (#41641881)

Wow, I've never heard that joke before!

You must be delightful at parties.

Re:Easy solution (0)

Anonymous Coward | about 2 years ago | (#41642311)

They just have to make all U.S. routers drop packets with the Evil bit set. Problem solved.

But we can't check the evil bit if there's a Do-Not-Track. Check, and Mate.

And just how easy can this be .... (1)

3seas (184403) | about 2 years ago | (#41641343)

... fabricated by the same people making the claim?

Re:And just how easy can this be .... (2, Insightful)

Samantha Wright (1324923) | about 2 years ago | (#41641413)

Given that the general public won't even know the difference between a genuine attack and just turning off the power grid? Pretty damn easily! (But, of course, for extra convincingness points, they can always use the years of detailed forensic work done by security analysts on viruses like Stuxnet to fabricate the fingerprint of their attacking nation of choice.)

Re:And just how easy can this be .... (1)

Forty Two Tenfold (1134125) | about 2 years ago | (#41641727)

Biology question: how do I throw a zinger about "consporacy theories" at a biologist? Possibly rich in references to natural selection &c. I couldn't come up with anything...

But in honesty I agree and like where you're going with that.

Re:And just how easy can this be .... (2)

tqk (413719) | about 2 years ago | (#41642117)

Biology question: how do I throw a zinger about "consporacy theories" at a biologist?

Ahhh, you're not trying hard enough. One word: Anthrax!

You don't even need the real thing. A bit of flour in an envelope stuffed into random screen door mail slots in residential neighbourhoods overnight, and you can shut an entire city down for days, maybe weeks. You can even bribe homeless winos with a bottle to do it early in the morning (tell them it's a promotional campaign for a contest and give 'em a cheap bottle of ripple to do it).

Worked on Congress.

Re:And just how easy can this be .... (1)

Samantha Wright (1324923) | about 2 years ago | (#41642137)

Consporacy theories? Sorry, I don't know much about fungi.

I've heard a few good ideas about the evolution of creationism, but none of the resultant jokes were designed very intelligently.

Is that so? :p (-1)

Type44Q (1233630) | about 2 years ago | (#41641347)

cyber-Pearl Harbor

Peo...*cough* Leon, to an informed person, your choice of words present an added layer that mean more than you might want them to, you know... kind of like a "cyber U.S.S. Maine" or a "cyber Gulf of Tonkin..."

*conspiratorial whisper* So, anyway, whatcha guys got planned? *wink, nudge*

Re:Is that so? :p (5, Insightful)

K. S. Kyosuke (729550) | about 2 years ago | (#41641513)

I vote to call it Perl Harbor. You know, hackers and stuff...

Re:Is that so? :p (3, Funny)

maxwell demon (590494) | about 2 years ago | (#41641555)

So it would be a line noise attack?

Re:Is that so? :p (2, Informative)

couchslug (175151) | about 2 years ago | (#41642141)

Mod parent up.

Pearl Harbor was bait. Major "oops" that the Japs used shallow-running torpedoes thus making a bigger mess, but hubris is a bitch. The British figured out how to plink ships in shallow harbors:

http://suite101.com/article/the-battle-of-taranto---inspiration-for-pearl-harbour-a307392 [suite101.com]

Re:Is that so? :p (1)

Type44Q (1233630) | about 2 years ago | (#41642339)

Mod parent up.

It'd be a waste of mod points; shills in their cubicles at Fort Meade are actually earning their salaries today! :p

Really?! (1)

cfkboyz (1129423) | about 2 years ago | (#41641361)

What the hell do they expect? They place critical computer systems online and they expect them to be safe? Why not leave them on an intranet and not worry about it.. Stop giving crackers a way to access the systems and nothing can happen... If the systems are so sensitive it seems logical right?

Re:Really?! (1)

maxwell demon (590494) | about 2 years ago | (#41641411)

What the hell do they expect? They place critical computer systems online and they expect them to be safe?

Sure. Just like the best way to keep a secret is to tell it on TV. :-)

Re:Really?! (0)

Anonymous Coward | about 2 years ago | (#41641421)

You mean we shouldn't put the nuclear plant Self-Destruct button right next to the Facebook Like button? But it's so aesthetically pleasing.

Re:Really?! (4, Insightful)

ByteSlicer (735276) | about 2 years ago | (#41641565)

Why not leave them on an intranet

No! Never connect critical computer systems to an intranet (assuming you mean a general purpose internal network).
It's just too easy for a worm infection to create a bridge with the internet, or some person connecting his laptop to his phone to read slashdot and thereby creating a bridge.
These systems should be on their own network, and all communication should be encrypted using public-private key pairs (secure tunnels, so systems can only communicate with other systems when they're allowed to). Managing the keys/tunnels would be a hassle (making sure an authorized human is in the loop), but good security always has its costs.

Re:Really?! (1)

bobstreo (1320787) | about 2 years ago | (#41642003)

First,
Change the default passwords on the systems.

Then

Set them up on a restricted access internal DMZ with a firewall in front of them

Then

Setup tunnels for encrypted access.

Then

Set authentication (token based are ok) for any access to the systems)

Re:Really?! (0)

Anonymous Coward | about 2 years ago | (#41641615)

Because power plant operators are too lazy to actually get up and drive to work, so they want to sit at home and operate the SCADA systems on their Windows ME boxes while watching porn videos. People who say "that's just the way such plants are operated" fail to recall that power plants operated just fine for decades before the Internet. If these energy companies were serious about security, they would revert to the old air-gaped methods even if it is more expensive to their bottom line to do so. But since it would be more expensive, don't expect them to do it.

Reason #2: It gives all the military contractors fat contracts to "fix" a problem that is easily fixed with the solution above. Most of the former DHS and NSA people work for private security contractors now (Chertoff is one example), so they want to line their pockets by coming up with "solutions." It's like NSA whistleblower Thomas Drake says: we came up with solutions internally at NSA for a few million dollars, but the NSA brass wanted to give their buddies in the private contractor sector billions to come up with a solution that didn't work as well.

It's basically all about waste, fraud and abuse by keeping military contractors happy. You know, what the government is infamous for.

the power grid needs to be able to link (1)

Joe_Dragon (2206452) | about 2 years ago | (#41642091)

the power grid needs to be able to link the sub stations , power plants, control centers to each other.

Don't connect stuff to the net (1)

Anonymous Coward | about 2 years ago | (#41641363)

I think the tech's have pointed this out, again and again. Quit connecting critical systems to open networks, even indirectly. There's just no need to send control data across a public network, and no need for an engineer to be able to control a power station and read dilbert from the same computer. So there's no need to have that system accessible, even via a firewall, by Iran etc.

Problem solved.

I'm more shocked by this:
http://www.youtube.com/watch?v=pKaXqoC4DjE&feature=related

I'm shocker, firstly by the blatant voting fraud of it, but more shocked that nobody reported it and the first I found out about it was some comment in Slashdot. Not even an article, a single comment. If you haven't watched it, watch it, it's an eye opener.

We need IT unions to make so cut cutting (2)

Joe_Dragon (2206452) | about 2 years ago | (#41642115)

We need IT unions to make so cut cutting does not end up being useing outsourcing as well as real hands on training and not just book based theory leaning.

Well, that explains it (4, Interesting)

Hentes (2461350) | about 2 years ago | (#41641365)

I could never understood why America doesn't improve its cybersecurity, but if the plan is the same as with Pearl Harbor that would explain it. The US leaves their systems open and lures China to attack them to get a convincing casus belli for their counterattack, just like they did in WW2.

Re:Well, that explains it (2)

DNS-and-BIND (461968) | about 2 years ago | (#41641503)

On its final exam each year, beginning in 1931, the Japanese Naval Academy asked its students, âoeHow would you carry out a surprise attack on Pearl Harbor?â

Re:Well, that explains it (1)

phantomfive (622387) | about 2 years ago | (#41641711)

lol you think the US 'lured' Japan into attacking Hawaii? Seriously?

Re:Well, that explains it (4, Informative)

bill_mcgonigle (4333) | about 2 years ago | (#41641855)

lol you think the US 'lured' Japan into attacking Hawaii? Seriously?

Hrm, the gp said 'lured'. The oil embargo created the conditions where Japan wanted to seize the oil fields of the Dutch East Indies. Roosevelt said this himself. Then he moved the only fleet that could stop them from San Diego to Honolulu. They had radio intel on Japanese movements and kept some of that info from the Navy by Presidential order. (see some good comments here [amazon.com] or buy the books)

Roosevelt wanted war and had big trouble selling it (both matters of fact) and these conditions got him an attack which got him what he wanted.

But that doesn't mean the Japanese had to maintain their empire or that the People had to accept a Japanese attack on Hawaii as a reason to go to war in Europe. Plenty of blame to spread around, but one can't cast Roosevelt as completely surprised or ignorant of the conditions in the region.

Re:Well, that explains it (1)

phantomfive (622387) | about 2 years ago | (#41641953)

ok, how about this,, next time you lure someone into attacking, make sure you are prepared with a good defense. Is that too much to ask?

Re:Well, that explains it (0)

Anonymous Coward | about 2 years ago | (#41642157)

ok, how about this,, next time you lure someone into attacking, make sure you are prepared with a good defense. Is that too much to ask?

That was the problem. We had the entire fleet at the one spot they could attack. There was little more that could be added. The Japanese first assault capability was underestimated.

Lesson: When luring someone into attacking, give them a soft, disposable target that looks somewhat strong.

Re:Well, that explains it (0)

Anonymous Coward | about 2 years ago | (#41642489)

ok, how about this,, next time you lure someone into attacking, make sure you are prepared with a good defense. Is that too much to ask?

That was the problem. We had the entire fleet at the one spot they could attack. There was little more that could be added. The Japanese first assault capability was underestimated.

Lesson: When luring someone into attacking, give them a soft, disposable target that looks somewhat strong.

It wouldn't have been enough. And I might add, that no you are wrong when you say "we had the entire fleet at the one spot they could attack" - one would note that they had every aircraft carrier out of Pearl Harbor, including various support ships for them - what they left was battleships, which for the most part were already headed for obsolescence with the advent of more modern warfare.

Re:Well, that explains it (1)

tqk (413719) | about 2 years ago | (#41642469)

lol you think the US 'lured' Japan into attacking Hawaii? Seriously?

"Let's line up all the planes on the ground close right beside each other, uh, to deter saboteurs and looters, yeah."

Meanwhile, strangle Japan's oil supply and bitch, bitch, bitch about what they're doing to the poor Chinese.

Yeah, utterly implausible. I wonder why the carriers weren't in Pearl that day. Oh, and Midway, that was just pure great work and execution on the US' part. Uh huh.

Re:Well, that explains it (1)

phantomfive (622387) | about 2 years ago | (#41642527)

So what, you think Roosevelt ordered the Japanese attack?

Just an excuse to lock down the Internet (0)

Anonymous Coward | about 2 years ago | (#41641387)

It's all part of a conspiracy to get Americans to lock down the Internet. Governments talk about freedom, but none of them actually want it.

Americans and their fear of everything (0)

Anonymous Coward | about 2 years ago | (#41641395)

A nation of cowards!

gee what month is it? (0)

Anonymous Coward | about 2 years ago | (#41641401)

Why it is National Cyber Security Awareness Month~!

Now? (0)

Anonymous Coward | about 2 years ago | (#41641407)

Maybe a dumb question, but what organization would be interested in shutting down the US power grid now?

If it's a country, it'd be like declaring war against the US.

If it's an organization, well good luck against the whole US who will be after you.

Re:Now? (2)

maxwell demon (590494) | about 2 years ago | (#41641475)

Of course the idea is to do it in a way that it cannot be traced back. Or even, so that it looks as if someone else did it. For example, hack into an Iranian computer, and attack the U.S. power grid from there. The CIA will find out that the attack came from Iran, and won't look further.

Trojan Horses (0)

Anonymous Coward | about 2 years ago | (#41641419)

warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers

The only was I could see this happening is if the United States is dependent on foreign factories to build computer equipment and now the US has identified trojan horses. The other way to knock out the infrastructure is with a EMP to wipe out all the electronics but that is not a "cyber" attack.

Why Is the Power Grid on the Internet? (5, Insightful)

edibobb (113989) | about 2 years ago | (#41641443)

If control to the nation's power grid is accessible over the internet, then we have problems far more serious than hackers. It's almost like the head of Homeland Security doesn't even know how to use email [nationaljournal.com] .

Re:Why Is the Power Grid on the Internet? (1)

Anonymous Coward | about 2 years ago | (#41641709)

The phrase "the nation's power grid" is entirely misleading. This is not one control system, but many thousands of control systems. Parts of the grid aren't even synchronous. While a hacker can do some damage, it would take much more than obtaining control over one or a few control systems to do anything significant.

The 2003 power outage demonstrated that generator and electrical protection systems can cause a cascading fault in a large area. That's about the order of magnitude any set of hackers could achieve. While aggravating and locally dangerous, it's more FUD from our military and intelligence community than actual "cyber-Pearl Harbor" or whatever BS they want to call it.

There are many systems such as historians connected into corporate LANs or available over VPN. They are firewalled already, but still potential attacks can develop. But then most control systems I've encountered are fairly hardened or inaccessible directly. No the US power grid is so decentralized in many ways that an attack of any magnitude would probably have to have inside help, and knowing power operators and engineers that I've worked with, they are very conservative and not prone to knowingly helping Chinese, Korean, Iranian, or other hackers. Again it's not impossible, just highly improbable.

Re:Why Is the Power Grid on the Internet? (1)

colinrichardday (768814) | about 2 years ago | (#41641879)

Wasn't Stuxnet installed locally via USB?

Re: Stuxnet (0)

Anonymous Coward | about 2 years ago | (#41641975)

If the Stuxnet guys had smashed the controller they had access to, they'd have done a far better job. Those Siemens controllers were irreplaceable, since Iran could no longer get them. Likewise if an insider wanted to attack a critical pump , they'd just go attack the critical pump, they would, install a virus that users an exploit to attack a control system that changes a setting that makes the pump wear out a bit quicker.

That would be a silly McGyver plot. See "DHS issues false cyber pump attack"
http://www.wired.com/threatlevel/2012/10/dhs-false-water-pump-hack/

It's not a cyber attack, if its not a remote network attack, and those come from connection stuff to public networks that your enemies are also attached to. So QUIT DOING IT!

If you haven't watched this yet, then do.
http://www.youtube.com/watch?v=pKaXqoC4DjE&feature=related
Or this:
http://www.youtube.com/watch?v=B39W91O-rUg&feature=related

Re: Stuxnet (1)

colinrichardday (768814) | about 2 years ago | (#41642161)

If the Stuxnet guys had smashed the controller they had access to, they'd have done a far better job. Those Siemens controllers were irreplaceable, since Iran could no longer get them. Likewise if an insider wanted to attack a critical pump , they'd just go attack the critical pump, they would, install a virus that users an exploit to attack a control system that changes a setting that makes the pump wear out a bit quicker.

Yeah, because smashing a centrifuge is so less likely to be detected than planting malware.

From http://en.wikipedia.org/wiki/Stuxnet#Windows_infection [wikipedia.org] :

Stuxnet attacked Windows systems using an unprecedented four zero-day attacks (plus the CPLINK vulnerability and a vulnerability used by the Conficker worm[33]). It is initially spread using infected removable drives such as USB flash drives,[8][34] and then uses other exploits and techniques such as peer-to-peer RPC to infect and update other computers inside private networks that are not directly connected to the Internet.

Hey U$A, (-1)

Anonymous Coward | about 2 years ago | (#41641455)

go f**k your$elf... terror, terror, pew pew, 'merica... f*****g U$tArds...

Future (0)

louzer (1006689) | about 2 years ago | (#41641469)

Great Britain and Rome did not go away because other countries attacked it. Great Britain and Rome weren't gone in a day.
The only thing the USA needs to fear is civil war this century after people around the world stop USD. After that California will lead the secession from the union because it is the 8th largest economy in the world. It cannot afford to pay for the rest of the USA.
Currently the world uses USD and suffers its devaluation because the world wishes to outsource war to the USA. This is the reason why QE(n) doesn't cause hyperinflation.

Not scared (1)

OldSport (2677879) | about 2 years ago | (#41641507)

What's the chance of a person in the U.S. being killed or harmed by any sort of terrorist attack? I don't remember exactly, but I know I'm far more likely to die or get hurt every time I hop into my car, so I hope Uncle Sam will forgive me for not jumping up and shitting my pants in fear this very second.

Re:Not scared (1)

flyingfsck (986395) | about 2 years ago | (#41642271)

You are more likely to get killed or injured by hopping into bed, than by a terrorist attack.

More like... (0)

Anonymous Coward | about 2 years ago | (#41641509)

We're not prepared for Coronal Mass Ejections even though we knew this was possible for a long long time so lets blame hackers.

Similar event would be blaming hackers for controlling levys and dams for the majority of damage done by Katrina.

Precedence... (2)

Zemran (3101) | about 2 years ago | (#41641517)

Given that the US is the main protagonist in this field they should be careful what precedent they set...

That comparison was almost as offensive as (0)

Anonymous Coward | about 2 years ago | (#41641531)

the movie with Ben Affleck [amazon.com]

Pearl harbor was a national tragedy where a lot of good men and women died, some very nice ships sank, and we officially entered WWII. Let's not forget how many died in our response bombing of Nagasaki and Hiroshima.

I get that a "Cyber-Pearl-Harbor" is meant to imply we'll get caught with our pants down, but then why not just say that instead of a comparison that effectively equates the deaths of the good citizens and soldiers of Pearl Harbor to a hard drive crash.

Find a better analogy. Preferably something without the word "cyber".

Anyone interested in an eleven year old's perspective of the real bombing of Pearl Harbor might care to read "I Survived #4: I Survived the Bombing of Pearl Harbor, 1941 [amazon.com] ". When you're done reading it go ahead and imagine him saying "Dad the hard drive crashed because I opened an email attachment from an unknown sender".

Re:That comparison was almost as offensive as (1)

maxwell demon (590494) | about 2 years ago | (#41641657)

So you think you could not kill people this way? Note that the target of the attack would not be some private computers. Are you sure you cannot intentionally steer a nuclear power plant into a disaster? What about chemical factories? What about hydropower dams? I guess you could kill quite a few people by just opening the water gates.

a 'cyber' pearl harbor? what's this guy on? (2)

hamburger lady (218108) | about 2 years ago | (#41641535)

persian1234: hey baby, wanna cyber?

panetta_l: sure

persian1234: aight, i put on my flight suit and helmet

What a surprise! (1)

mikein08 (1722754) | about 2 years ago | (#41641543)

Leave systems wide open to outside, then act surprised when said systems are attacked and scream to congress for new legislation to try to "fix" the problem. Hell, the solution is simple: close critical systems to outside access. However, this might mean that it would be necessary to spend extra money because access is now more difficult. And we surely wouldn't want any corporate or governmental entity to have to spend extra money, now would we?

Ah! another government false flag huh? (1)

gabrieltss (64078) | about 2 years ago | (#41641585)

Gee it is now common knowledge that the U.S. LET Pearl Harbor happen... Thank you Dusko Popov for exposing that in your book "Spy Counter Spy". And more and more proof is coming out about how 9/11 was also a false flag, just like the Gulf of Tolkien, lets not forget Oklahoma City, just like the nasty things outlined in "Operation Northwoods" - no tinfoil hat needed here - the facts are all out in the open and available for all to read. If this happens - we will know the government did it... Heck remember when they said "what we need is another pearl harbor event..." - hmmm what happened - OH YEAH 9/11! Now they are saying it again - keep your eyes open - they are about to do something really nasty to you - AGAIN!

Re:Ah! another government false flag huh? (2, Funny)

Anonymous Coward | about 2 years ago | (#41641687)

a false flag, just like the Gulf of Tolkien

Those middle-earth bastards sucked us in!

cyber-Pearl Harbor (1)

eexaa (1252378) | about 2 years ago | (#41641613)

....does include cyber-Kate Beckinsale, doesn't it?

What about the Cloud? (0)

Anonymous Coward | about 2 years ago | (#41641619)

If the national power grid could be successfully targeted by cyber-spies, does this mean they could turn the Cloud to vapor?

You'd think every techie on the web would be moved to tears by this threat, so much so that Romney, with his erudite grasping at all things dangerous and evil for the American public, would become the darling of silly-con valley.

"Quick Paul, to the Mitt Pole!!," says our super-hero, as he dons his tights and scoops millions from his off-shore bank accounts and races to the aid of high-speed traders everywhere. "We must save the grid from the evil clutches of the Sino-cyberians! Call T-Boone, The Donald and the Buchaananites! We have work to do preserving the national intrastructure!"

Who better to protect "The Grid" from evil than the man who champions Free Markets, Zygotic Rights, smaller government, bigger Defense and the Bushie Tax Cuts for all?

Ask a cranky 'ol guy (John Dvorak) (4, Interesting)

rbrander (73222) | about 2 years ago | (#41641633)

http://www.pcmag.com/article2/0,2817,2410931,00.asp [pcmag.com]

He's still good for entertainment some days. And he's got this one nailed: "Cyber War? Bring It On! : The so-called imminent threat of cyber-attack by U.S. enemies is another in a long line of fear-mongering propaganda lines."

Re:Ask a cranky 'ol guy (John Dvorak) (1)

russotto (537200) | about 2 years ago | (#41641927)

He'd be a lot more credible if he didn't bring up the old "Y2K wasn't a problem" saw. Yeah, Y2K wasn't a disaster. That's because not only did we see it coming in time, but a lot of effort was spent fixing the problems before it was too late. I realize that it is so rare that a problem is actually anticipated and fixed before disaster happens that this seems unbelievable, but it's true.

The physical-world equivalent is claiming that there was no problem with the Citicorp Center [duke.edu] because it's stood up to every windstorm which has hit it since it was fixed.

Isolate the networks as best you can (2)

davidwr (791652) | about 2 years ago | (#41641639)

Why do we expose ourseles to such risks in the first place? Because we are willing to trade efficiency and lower cost now for certain vulnerabilities, that's why.

Nothing says we HAVE to have the power grid and other essential utilties on a non-isolated network. We do so because it's convenient and saves money in the short run.

If it's not practical to physically isolate the electrical grid's control systems from the rest of the world, at the very least put each one in a "bubble" and make sure all traffic into that "bubble" is authenticated. Virtual private networks go a long way towards making this possible. Having said that, physically isolating the electrical grid's command and control from the "outside world" and doing the same for other key infrastructures would be ideal if cost was not a factor.

Heck, if you even run a building or campus with things like HVAC that can be controlled by telephone or Internet, make darn sure that any request that could do actual harm (e.g. raising or lowering the temperature outside of reasonable levels, turning off power to an area without raising an alarm, disabling alarms, etc.) is authenticated, or better yet, don't allow such requests from outside of trusted physical locations, such as certain authorized computers that are on the same RELATIVELY SMALL physical network or sub-network as your HVAC's control computer, locked/secured control panels, etc. You do NOT want some guy in China turning off the heat at 2AM on a sub-freezing night, and if you can't stop them from doing it, you don't want them to turn off the alarms that will go off when the temperature of the water pipes drops close to freezing.

well what about triggering fail safe shutdowns? (1)

Joe_Dragon (2206452) | about 2 years ago | (#41642163)

well what about triggering fail safe shutdowns? Hacks can just try to triggering one or trigger the alarms and you better hope someone is on site to handle that alarm.

It's cybersecurity awareness month (0)

Anonymous Coward | about 2 years ago | (#41641661)

Thats why all this ridiculous stuff is being put out.

so that would be (1)

nimbius (983462) | about 2 years ago | (#41641663)

us declaring some kind of cyber oil and cyber food embargo against a country, and them retaliating somehow for our absurd decision to stick our cyber dicks into someone elses cyber...shesh. cant we just paraphrase the good secretary and say, "I think we need to spend more time bashing china and drumming up war with iran, while at the same time blowing through the rest of this years defence budget through government contracts to multi billion dollar corporations"

So (0)

Anonymous Coward | about 2 years ago | (#41641669)

Who is Cyber-Pearl ? (s)he sounds suspicious to me

A Diversionary Tactic (0)

Anonymous Coward | about 2 years ago | (#41641723)

Leon E. Panetta and the hordes of the Un-Elected are the clear and present danger to the U.S.A. and all peoples of Earth.

A Gallows waits for Mr. Panetta and Ms. Clintion and their 'brethren' and Masters.

Need to get rid of fake caller-id too (1)

davidwr (791652) | about 2 years ago | (#41641779)

This reminds me about a recent news story about our telephone networks' vulnerabilities.

In addition to fixing the security vulnerabilities in the network, it's time to fix the vunerabilities to end users:

It's high time to stop completely falsified caller-ID. I'm fed up with calls from "U. S. Pharmacy" or "Canadian pharmacy" from numbers that are either non-existant or that belong to someone else.

If the caller-ID information can't be authenticated by the sending caller's phone company OR the sending caller's phone company isn't trusted by the receiving caller's phone company to provide authenticated caller-id information, the called-party's phone should just show "unavailable" for the number or possibly "UNVERIFIED" followed by the alleged phone number.

Timing (1)

scosco62 (864264) | about 2 years ago | (#41641787)

Is suspiciously suspicious. It's almost like.....it's election time, or something...

So just what legislation does he want . . . ? (1)

PolygamousRanchKid (1290638) | about 2 years ago | (#41641809)

FTFA:

It would require new standards at critical private-sector infrastructure facilities — like power plants, water treatment facilities and gas pipelines — where a computer breach could cause significant casualties or economic damage.

In August, a cybersecurity bill that had been one of the administration’s national security priorities was blocked by a group of Republicans, led by Senator John McCain of Arizona, who took the side of the U.S. Chamber of Commerce and said it would be too burdensome for corporations.

So a new bureaucracy to create standards of questionable usefulness, and then to enforce their compliance.

. . . then he adds:

“We’re not interested in looking at e-mail, we’re not interested in looking at information in computers, I’m not interested in violating rights or liberties of people,” Mr. Panetta told editors and reporters at The New York Times earlier on Thursday. “But if there is a code, if there’s a worm that’s being inserted, we need to know when that’s happening.”

Please elaborate on what exactly you are talking about there, Mr. Panetta . . . ? It sounds to me like that means more snooping . . .

They've been whining about this for over a decade (1)

runeghost (2509522) | about 2 years ago | (#41641815)

Like most stuff that comes out of Washington, it's pure shadow-theater. Or maybe just a bad clown show.

Warnings of a possible "Analogy-Pearl Harbor"... (1)

Arancaytar (966377) | about 2 years ago | (#41641833)

... in which a gullible public is suddenly dive-bombed - without a formal declaration of war - by inadequate but impressive-sounding metaphors comparing present-day dangers with historical military engagements.

1982 Brittle Power by Amory & Hunter Lovins (1)

Paul Fernhout (109597) | about 2 years ago | (#41641895)

http://en.wikipedia.org/wiki/Brittle_Power [wikipedia.org]
"Brittle Power: Energy Strategy for National Security is a 1982 book by Amory B. Lovins and L. Hunter Lovins, prepared originally as a Pentagon study, and re-released in 2001 following the September 11 attacks. The book argues that U.S. domestic energy infrastructure is very vulnerable to disruption, by accident or malice, often even more so than imported oil. According to the authors, a resilient energy system is feasible, costs less, works better, is favoured in the market, but is rejected by U.S. policy. In the preface to the 2001 edition, Lovins explains that these themes are still very current."

We in the USA need a security strategy the emphasizes intrinsic security and mutual security over extrinsic security and unilateral security. More on that here:
http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html [pdfernhout.net]

China? Unlikely in the near term. (1)

Tweezak (871255) | about 2 years ago | (#41641911)

China depends too heavily on our economy. If they bring it crashing down they are crippling their biggest consumer and they will be facing huge internal problems as a result. If we get on our feet economically in the future then it's more likely.

Iran is much more of a loose cannon. It's hard to say, though, if they have the skillz required.

cyber-Pearl Harbor (1)

fox171171 (1425329) | about 2 years ago | (#41641931)

the country is 'facing the possibility of a "cyber-Pearl Harbor"

Hawaii is going to lose their internet connection and won't be able to play Ubisoft games.

Smart Grid / Super Grid & New Business Model (0)

Anonymous Coward | about 2 years ago | (#41642029)

If the USA is really serious about terrorism at the Federal Level then all those Federal Departments would put in a strategic plan for Super Grid & Smart Grid with a new Business Model. Every roof-top should have Solar Panels & Coastal States should have Wind Turbines with ship/airplane sensors 1 mile from the coast. *The Utility companies would be able to purchase Solar Panels on roof-tops at whole sale price and resell the electricity at retail price.
  If there is a super storm that costs city/town Billions of Dollars because of lack of electricity, Super Grids/Smart(Solar Panels) Grids would save the towns from Super Storms and prevent Billions of Dollars of damage.
*Senor(s) feature attached to the Wind Turbines would be able to detect people swimming to the coastal state(s).
If laws was created so that every town has a start-up business for a basic fee to monitor & maintain solar panels with a maximum of 200,000 customers @ $15/month per customer => $15 x 200,000 = $3,000,000.00 Million Dollars profitability for each start-up company(if every roof-top has solar panels).
The oil industry says that they create Billions of dollars for the city, most cities don't even get a penny from the oil industry.
* If we do a basic conservative calculation of 50 states and 7 cities per state:
    $3,000,000(each company basic charge of $15 up to 200,000 customers) x50 States x 7 cities (I know that there is more than 7 cities in each state) =
  = $1,050,000,000 Billions of Dollars Profitability for 350 small start-up business that charges a basic monthly fee of $15 dollars to maintain and monitor solar panels on roof-tops.

There's a reason why they call it that... (0)

Anonymous Coward | about 2 years ago | (#41642121)

When a bunch of people lose a bunch of money and time but no one is actually physically hurt, they call it a "Cyber 'Pearl Harbor'" referring, not to 1941, but to the Michael Bay movie.

cyber what? (1)

ruir (2709173) | about 2 years ago | (#41642147)

Ho, flame is not enough, they need budget for the next virus...

Big problems: power, pipelines, financial (2)

Animats (122034) | about 2 years ago | (#41642361)

There are three areas that need attention - electric power distribution, pipelines, and financial systems - because the impacts are high and restoration times are long.

Power systems have Internet connections because, in the US, they are now market systems, and the bidding process between the various parties is conducted over the Internet. The seven US power grids worry a lot about this, but it's not clear if they worry enough. What needs to be done there is to insure that restoration after a failure in the high voltage network is faster. Worst case downtimes should be brought down from days (as in 2003) to hours. All plants bigger than 250MW or so should be required to have cold start capability, so they can start up and idle even if the grid is down.

Pipelines I don't know enough about, so I won't say much about that.

The financial system is a real worry. If the US had a week-long disruption of New York based trading, the center of the financial world would move elsewhere. In 2001, the non-US exchanges weren't big enough to take over. That's no longer the case. Of the top 5 stock exchanges, only one, the NASDAQ, is entirely in the US. London, Tokyo, Shanghai, and Hong Kong could take over.

laws (1)

Tom (822) | about 2 years ago | (#41642365)

Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress.

I hope by that she means laws funding more and better security (actual security, not security theatre) and not laws making it illegal for foreign powers to attack US networks.

If you need that explained, shoot yourself.

"Cyberwarfare" indeed. (0)

Anonymous Coward | about 2 years ago | (#41642507)

So in a few years the USA will drop the cyber-atom-bomb? I don't like where this is headed...

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?