AWESOME!!
This link has been bookmarked by 1 people . It was first bookmarked on 04 Jun 2009, by TransTracker.
-
04 Jun 09
-
We see, for example, that Estonia’s computer emergency response team responded to the junk packets with technical aplomb and coolheaded professionalism, while Estonia’s leadership … well, didn’t. Faced with DDoS and nationalistic, cross-border hacktivism — nuisances that have plagued the rest of the wired world for the better part of a decade — Estonia’s leaders lost perspective.
Here’s the best quote, from the speaker of the Estonian parliament, Ene Ergma: "When I look at a nuclear explosion, and the explosion that happened in our country in May, I see the same thing."
-
Cyberwars were supposed to target critical infrastructures beyond the internet, like the SCADA systems that control elements of the power grid; air traffic control networks; nuclear power plant safety systems. In other words, real cyberwarriors aren’t interested in clogging the public internet like spammers; they use the internet as a path to sensitive, private networks where sabotage has some hope of causing physical, real-world mayhem that outlasts the attack. (DDoS barely rated a walk-on role in DHS’s comprehensive Cyber Storm exercise last year.)
-
I’m skeptical that real cyberwar, or cyberterrorism, will ever take place. But what is certain is that the Estonia DDoS does nothing to illuminate our risk of it. No new attack techniques surfaced; the level of traffic was not surprising; the mitigation tactics were tried and true and, of course, successful. That Estonia’s public internet is small and easily overrun doesn’t change anything for the U.S.
-
While cyberhawks fancy themselves Cassandras preaching to an oblivious world, dire predictions of a Red cyberdawn were widely accepted in the halls of power for years. Condaleeza Rice voiced concerns in March 2001; six months later, September 11 provided a grim reminder that America’s enemies prefer shedding blood over bytes.
-
Add Sticky Note

-
-
Add Sticky Note
If we cast computer attacks in military terms, we invite military thinking where defensive technical solutions are needed. You can see the outline of where this is headed in the magazine. Peters, a former Army intelligence officer, writes not a word in support of the many serious efforts to close vulnerabilities in civilian and military networks. But he laments that in an age of cyberwar, America is burdened by "our own insistence of confining all forms of warfare within antiquated laws."
We see it in Estonia too. While cooler heads were combating the first wave of Estonia’s DDoS attacks with packet filters, we learn, the country’s defense minister was contemplating invoking NATO Article 5, which considers an "armed attack" against any NATO country to be an attack against all. That might have obliged the U.S. and other signatories to go to war with Russia, if anyone was silly enough to take it seriously.
-
Exactly! Framing "cyberwar" as "war" makes it a military issue, leading to military ways of thinking and military forms of response. This, in turn, increases the risk of needless conflict escalation. Hawks like Peters (and many, many others) seek to define cyberwar as entirely new, with all existing laws governing the use of force as "antiquated." The risk of escalation is real because hawks are working hard to toss existing laws and norms in an attempt to define acts that would not traditionally be considered "use of force" or "acts of war" as precisely that, thus providing justification for launching physical military responses to DDoS attacks.
-
-
Public Stiky Notes
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.