TransTracker 's Network

In Shift, U.S. Talks to Russia on Internet Security

Shared by TransTracker , like and 1 save total

Burying Nitze: Calling for an end to cold-war analogs for info-war situations

Shared by TransTracker , TransTracker added annotation, like and 1 save total

Rather than spend countless hours and billions of dollars trying to shoe-horn Vint Cerf thinking into a Paul Nitze world, how about looking around for more appropriate metaphors - or considering something original - for the security problems of the actual physical and digital worlds in which we operate?
Secrecy
4 more annotations...
- Tradecraft online is computer science, not cloak and dagger, and the dark arts in that domain are public knowledge (more on that train of thought in a bit).
- Effective Responses.
- not a lot of heavy thinking need be applied going forward. After all, what facet of warfare are we not dominant in? What eight-digit grid coordinate can we not turn into a smoking hole in the ground? The only thing our adversaries need to know is that one way or another we're going to get them.
- except for the delivery mechanisms and yield, a nuke is a nuke: cyberspace today is nothing like ARPANET, and in ten years it'll look nothing like it is today.
  
  So to move forward in this area I think it would be useful if we drew from different historical analogs, or simply made our own history.

"Digital Pearl Harbor?" How About the War We're Actually In?

Shared by TransTracker , TransTracker added annotation, like and 1 save total

War, real war, requires that an adversary do much, much more than turn off the lights or cause tertiary deaths. I don't think for a second that our status as a world power, or our integrity as a nation, is endangered by a digital attack; unless of course we're the sort that just rolls over when our nose is bloodied.

Towards a Cyber Deterrent

Shared by TransTracker , like and 1 save total

A Cyber Pearl Harbor Day

Shared by TransTracker , like and 1 save total

Last week the question of an electronic Pearl Harbor was asked over and over again. Is it possible? The answer is yes. Is it probable? That is where the debate comes in.
For nearly two decades now cyber warfare capabilities have been recognized as a strategic power and many believe this power is on par with weapons of mass destruction.
- TransTracker on 2009-12-08
  
  Uhhh....no they aren't. A cyber attack has yet to and likely will not lead to the instantaneous death of thousands, or even millions, of people. The analogy to WMD is even more offensive than the Pearl Harbor, 9/11, or Katrina analogies.
2 more annotations...
- While there is movement, the bottom line is an electronic Pearl Harbor might be what happens before appropriate level of action is taken.
- Kevin Coleman
  - TransTracker on 2009-12-08
    
    Of course, it must be remembered that Mr. Coleman has a stake and a history in this game. Convincing us that cyberwar is a big deal is in his interest because he stands to make a lot of money via is "Technolytics" cybersecurity consulting firm. Second, Mr. Coleman has a history. He is the one who testified to the extreme danger supposed posed by the Chinese development of the Kylin operating system. His claims about Kylin have been toroughly debunked by many other experts and nonexperts alike. Bootom line: He has a poor track record with the facts and a financial stake in spreading fear.

Is a 'digital Pearl Harbor' in our future?

Shared by TransTracker , TransTracker added annotation, like and 1 save total

Dec. 7 is the anniversary of the Japanese attack against Pearl Harbor that crippled the U.S. Pacific fleet and brought this country into World War II.
The threat in our age is less to ships and aircraft than to the technology that controls so many aspects of our lives. Many observers have warned that our defenses are not adequate to protect our nation’s critical infrastructure, and the phrase Electronic or Digital Pearl Harbor has been commonly used to describe a surprise cyber attack that could cripple our military and commercial capabilities. Dire as these warnings are, we should take them with a grain of salt.

Although cyber threats are real, the chances of a Digital Pearl Harbor remain small. This is due not so much to the success of our cyber defenses, which in many places remain inadequate, but to the realities of warfare and networking. Blowing a fleet out of the water is not easy, but taking down a network—-I mean really taking it down, to the point where it is gone for good—-is even harder.
2 more annotations...
- Networks are even more complex than a fleet. Being able to exploit a vulnerability does not mean being able to exploit all vulnerabilities, or every instance of the same vulnerability. And even if networks are interconnected, they are not a homogenous whole. If network administrators have difficulty managing their own large networks because they are too large, flexible and changeable to accurately inventory and map, imagine the difficulty for a malicious outsider in bringing one down.
  
  Of course, elements of it can be interfered with, damaged or even destroyed. But networks are typically too fragmented and redundant to stand or fall as one. Our networks have never been reliable enough to depend upon completely, so they are full of backups, workarounds and overrides that ensure that much of the work gets done even when the parts fail.
- What good would it do for an attacker to take down vital U.S. networks? While the damage to this country could be great, the benefit to an attacker would be nil if it could not be followed up. The real threat of cyber warfare is not in stand-alone attacks, but in attacks coordinated with military action. At this point, there are very few parties out there with both the ability and inclination to take on the United States militarily, whether our networks are up or down. Terrorists could score points with a devastating cyber attack, of course, but without the ability to follow it up militarily, it would not rise to the level of a Pearl Harbor.

I Was Wrong: There Probably Will Be an Electronic Pearl Harbor

Shared by TransTracker , TransTracker added annotation, like and 1 save total

For 15 years now, I have been publicly lambasting all of those people who have made their careers, or at least made fleeting news headlines, based on their declaration of an imminent Electronic Pearl Harbor.
However, I now see things developing to the point where there can be a strategic attack on computer infrastructures. The key word is Strategic.
5 more annotations...
- Specifically, strategy implies long term impacts, generally at least 3-6 months.
- So the question becomes, what can make a computer attack strategic?
- I wasn't convinced that there could be a true strategic attack.
- However, the smart grid changes all of that.
- There is a perfect storm brewing where the skills and resources required to launch a significant attack is being drastically lower. Depending upon the effects of a possible worm on the smart grid boxes, and the vulnerability of the generators, there can be a combined attack that does have strategic impact.

No Digital Pearl Harbor

Shared by TransTracker , TransTracker added annotation, like and 1 save total

The resonance of the 68th anniversary of Pearl Harbor has sparked a series of articles debating the likelihood of a cyber/digital/electronic version of 1941’s Japanese attack on US territory. Mike Tanji has weighed in with a forceful rebuttal of such a speculative event
War, real war, requires that an adversary do much, much more than turn off the lights or cause tertiary deaths. I don’t think for a second that our status as a world power, or our integrity as a nation, is endangered by a digital attack; unless of course we’re the sort that just rolls over when our nose is bloodied.
- TransTracker on 2009-12-08
  
  Not to get too theoretical or academic, but while I agree with this assessment, it should also be noted that it relies upon an assumption about security--i.e. what is the referrent object of security, what is being secured. In this case, it is assumed that the highest objects of security are the integrity of the nation state, both as a physical entity but also as a political entity able to act on its own initiative. Increasingly, however, security discourse has focused on what some call "biopower" and risk, which means that increasingly the object of security is protecting the everyday existence of citizens from the risk of harm, not necessarily actual, manifest threats. Though I think that this shift is enormously problematic, nonetheless, it is important to note the shift, as well as the more traditional assumptions on which Tanji's analysis is based.
2 more annotations...
- Would the effects of an attack really force a state with the resources and allies of the US or the UK to submit to the political demands of another party? Whether commentators choose to refer to cyber versions of 9/11, Pearl Harbor, or even Hurricane Katrina, none of their historical namesakes resulted in the US being reduced to the status of supplicant at an international negotiating table; if anything, they resulted in a strengthening of American military and civil resolve.
- I don’t know if there’s any focused work on this particular example of rhetoric but I’d be interested to hear about it if there is.