Reply From: <anonymous>
>Cyberwars: Proper vigilance or paranoia?
>By Will Rodger, Inter@ctive Week Online
>
>The last war was on land, air and sea. The next one may be on your
>computer.
>
>-- Armed with reams of data showing dramatic increases in computer
>crime since 1995, a wide-ranging but little-noticed federal working
>group is moving swiftly to try to knit together a private and public
>partnership against armies of hackers, government spies and terrorist
>agents that could make cyberspace unsafe for democracy.
wooooo -- "armies of hackers?"
a big "hacker group" is much smaller than a platoon, a really big hacker
group would be about the same size as a platoon. hmmm, what is it that
the writer is trying to suggest? is this the traditional scare tactic
that comes out of the mouths of those who are afraid of what the "evil
internet" has wrought? afraid of change, are we? don't understand the
"meaning of life" at the turn of the millennium? (hackers, of course,
threaten all these things...)
one of the difficulties that people have in trying to apply the archaic
"world view" or "paradigm" to the new "digital world" order is that it
simply does not apply. analog and digital are different. one of the
major differences that distinguishes the "new world" from the archaic one
is the underlying principle of self-organization. in the decaying analog
world, interest groups (a simple analogy for "hacker groupings") did
organize, but they were subservient to a central organizing institution
-- the government. but this model is no longer relevant. power is being
pushed down to the people, and the internet is simply _one_ manifestation
of this.
the centralized model of risk assessment and threat defense may not be
the appropriate model for fending off the "evil" hackers of the new
world. hackers are not organized into military-like units, taking
centralized instructions on where to go or who to target. their targets
are more opportunistic or whimsical than intentional. targeting DoD or
nasa is simply too inviting, but defensive strategies should keep this in
mind: other kinds of "strategic assets" may not receive the kind of overt
attention that DoD or nasa does...
"could make cyberspace unsafe for democracy?"
i am truly at a loss for understanding how the connection between
cyberspace and democracy was arrived at. democracy is a pre-digital
concept (and ideal), one that has little to do with an evolving
communications medium. this is obviously a little bit of hyperbole, but
it is the kind of statement that is increasingly being made by
politicians and journalists. without addressing the ignorance that is
implied by such statements, let's examine the facts.
if anything, the presence of the internet should make political space
more, not less, democratic. the inclusion of more voices -- including
more anonymous voices -- is a good thing. how is it that "hackers" (or
terrorists) can threaten this development? hacking into a political web
site and leaving a political message only adds to the multitude of
voices. it probably does frustrate the owners of the site, but then,
they shouldn't leave their front (or back) door open, assuming that no
one will enter.
the real threat to democracy posed by the internet comes not from the
"evil" hackers who explore and test the security of numerous sites, but
the reigning institutions who use intellectual curiosity as a
justification for imposing more restrictive measures upon society. while
they are using hackers as an excuse for proposing oppressive laws and
regulations, _their_ real purpose is to perpetuate existing institutions
(governmental, corporate, etc) while attempting to configure the emerging
digital order using the old, archaic model of conduct, regulation and
centralization.
thus, the dilemma of the emergent internet in a democratic society is not
that _hackers_ "could make cyberspace unsafe for democracy" but that
existing institutions may decide that cyberspace is _incompatible_ with
democracy as they know it. while the internet may still be evolving,
governments have clearly decided that they do not wish to continue to
evolve; they like it where they are and _anything_ that threatens that
stasis threatens society *as they know it!*
>The fear: that no part of the industrialized world is safe from digital
>disaster. Successful attacks on power grids, hospitals, banks, farms,
>factories and railroad switches could plunge a target nation into chaos
>and dysfunction.
this is clearly possible, but...
a.) it is equally true that no part of the industrial world is safe from
nuclear disaster, whether of military or corporate origins. interesting
that this does not prompt the kind of response that so-called hacker/
terrorists do...
b.) do we really expect the military, as it is presently constituted, to
be able to defend "cyberspace" from the perceived threat?
c.) do we really think that such a "digital attack," when/if it comes,
will come in the form of a concerted "surprise" attack, or the "digital
equivalent of pearl harbor?" this premise relies on a dangerous
presumption, that there exists this great hoard of hackers out there,
ready, willing and able to conduct an attack on such a massive (and
concerted) scale...
d.) in the meantime, people overlook some of the more obvious threats
posed to the announced targets (power grids, hospitals, banks, farms,
factories and railroad switches): the general lack of (computer) security
in these "strategic" assets; the predominate threat posed by employees
and other insiders, who are far more likely to "attack" the computers of
these assets than are hackers; and the possibility -- nay, the
probability -- that real hackers would not shut-down these facilities but
merely alter their performance for other purposes...
>Administration officials say this is no joke, ticking off threats
>already encountered:
the threats that are repeatedly mentioned are minor compared to what is
possible, especially by those who have graduated beyond "script
kiddie"...
>At the center of the U.S.' attempts to create a cyberdefense structure
>is the Critical Infrastructure Coordination Group, an assembly of
>cabinet undersecretaries and other senior officials sworn to work with
>the FBI and American business to protect a society that now depends
>on a safe, free flow of bits and bytes.
this is exactly the wrong level to address the real threats that exist in
"cyberspace." people at this level are committed to maintaining the
existing power struct, and are generally oblivious to the "threat" that
the internet presents to that struct. people who could actually foresee
and defend against the real threats to cyberspace are more likely to be
invisible to that level of government/corporate official -- and unlikely
to be credible to it...
>'I don't think the government can any longer say we know what's good
>for you and we're going to take care of it.'
>-- James Adams, head of Infrastructure Defense Inc.
and yet there is no indication that this philosophy is actually being
adopted by the clinton administration or any other industrialized
government...
>But even as the defense structure emerges, civil libertarians, industry
>executives and even administration insiders worry about how well the
>Clinton administration or its successors can steer between protecting
>against all forms of disruption on one hand and creating a police
>state on the other.
>
>Fears that police agencies will use the threat to gain unprecedented
>power "reflect a misunderstanding of what we're all about and what the
>administration is all about," said Michael Vatis, director of the
>National Infrastructure Protection Center (NIPC) at the FBI.
well, let me clear up this "misunderstanding" by drawing upon personal
experience: existing central organizations want the tools of a police
state without acquiring the reputation of one. the nuance between the
two is something that i have, as yet, failed to comprehend...
>"We are structured as a real partnership [between government and
>free enterprise]. It's our own intention to bring people on board from
the
>private sector. We all say the same thing."
the threat posed by the democratizing potential of the internet is as
much a threat to the existing corporate structure as it is to the
government. it is in both their interests to reign in the current
explosive evolution of the net...
>But James Adams, former chief executive officer of United Press
>International and head of the newly formed Infrastructure Defense Inc.
>consultancy, said government must surrender more power first. "I
>don't think the government can any longer say we know what's good
>for you and we're going to take care of it. The government is becoming
>increasingly irrelevant.
yes, it is. and it is predictable that increasingly irrelevant
organizations will fight til the death to maintain not only their
relevance but also their power in the social structure...
>Either way, bitter, seemingly endless disputes between the
>administration and the people whose cooperation it needs already
>have tainted the process of developing a national approach to
>protecting critical information assets, both sides said. A five-year
battle
>over use and export of data-scrambling technologies crucial to data
>security, for instance, has alienated much of the computer industry.
why is it that an "increasingly irrelevant" institution retains the
"right" to keep secrets from us while it resists our right to keep
secrets from it? why is it that the clinton administration continues to
want to compartmentalize the people's right to privacy (which it calls
secrecy) into various levels, allowing corporate privacy in "strategic
sectors" (such as banking), and promoting the right of american
corporations to maintain their security from foreign "industrial spies"
but still refuses to allow private citizens the _right_ to digital
privacy (whether in the work place, in the home or over the net), or the
right of wired companies to export secure products using real encryption?
>FBI demands that telephone companies spend hundreds of millions of
>dollars to make wiretaps easier to perform, meanwhile, have led to
>charges of betrayal by phone companies that claim they were
>promised more compensation than they're getting, and civil libertarians
>who say the new proposals invite abuse by rogue police.
this needs to be said: the fbi is an institution unlikely to evolve
sufficiently to participate in the new digital world. whereas it might
have been useful in arresting and convicting the mobsters of olden days,
it is uniquely unprepared to face the real threats of the digital world.
the fbi remains alone in its inability to crack des, which shows how
unprepared it is to face the criminals of cyberspace...
>"Our members are scared to death of this whole program," a
>Washington association executive said, insisting on anonymity.
>"You've got the FBI and the National Security Agency pushing this
>thing. These guys are spies."
and they want to know _everything_ about you! the legacy of j. edgar
hoover is simply too obvious; the more they can learn about you, the more
that they can hold your secrets against you in order to gain your
cooperation, compliance or at least your obeisance. if nothing more,
this form of blackmail (yes, government-organized, federally-approved
blackmail) insures their continued funding...
>"Then there are these 'private sector' groups springing up to
>coordinate 'information sharing' about how different companies have
>these huge holes in their networks. Some of them are headed by
>ex-Defense Department people. The whole thing makes us paranoid."
the juxtaposition of the emergent digital order is such that even those
who have reason to agree on the preference for stasis cannot agree on how
this stasis should be maintained!
i have come to the conclusion that the internet cannot be all things to
all people. it is not a simple, benign structure that merely extends
existing communications, corporate and governmental entities. the net
does change the nature of society, communication and human interaction,
and this will force a change in economic and governmental institutions.
the argument is made that the federal government is somehow the mother of
the internet, responsible for its existence because it provided the
initial funding. but this overlooks all the time and expertise devoted
to the net's development by its users, who developed the resources that
the world so values today. both e-mail and the web were offshoots of the
"internet project," hacks performed to extend its usefulness and
significance -- not responses to federal funding. the backbone that the
government financed is no different than the interstate highway system
that it built in the 1950s -- and we do not value interstates so much as
the cars that use them. the same thing is true of the net!
the federal government's "ownership" of the net has been onerous at best.
where once hardware was important, the new digital world values code,
not hardware; yet, on the net, most of the code went (and continues to
go) out for free! if this code was actually quantified its value would
far exceed that invested by the federal government, and the real
investors, the real developers, of the net would be dully recognized.
the federal government gave us a playground -- one that it provided for
its own selfish purposes. we should be thankful for this playground, but
we should not be subservient to the federal government for it. we made
that playground useful, we made it fun and we made it important.
the presence of such strategic assets ("power grids, hospitals, banks,
farms, factories and railroad switches") is an afterthought on the net.
their presence represents an alien invasion that needs to be
accommodated, but should not necessarily change the nature of the net.
no one is thinking about this. rather, the government is attempting to
impose archaic values of centralized governance upon the net -- a place
where such values will surely fail!
perhaps more important, those institutions that seek to port themselves
over to the digital environment need to think out carefully what they are
doing -- and specifically, what they are getting themselves into. many
fortune 500 companies and many government agencies have extensive
security apparati to protect their physical assets, and yet they are
shocked, shocked i say, by the need for security measures on the net.
who are they kidding? why is it that they assume that the net is just
like the commercial environment in which they are accustomed in every way
except security? and why do they scream for "protection" from "evil"
hackers before they spend the time and money to close their wide-open
doors and windows? is this merely another attempt at securing corporate
welfare?
finally, i say again: who invited them here? these archaic institutions
invade the digital environment, seeking to port their values to it, and
then expect its colonizers to sit idly by? come on, who's conning who?
a very nouveau-political concept is that of stakeholders (union members
as stakeholders of corporations, etc). _we_ are the stakeholders of the
net, and we do not necessarily accept the attempt to port lame concepts
of commercialism and behavior to our environment. hackers are not
terrorists, they are explorers. we are far more interested in your code
than your database -- although that can be a fun place to play, too.
hackers tend to be less interested in taking advantage of security
weaknesses as in pointing them out -- and the more prominent the target
(ie, DoD, NASA, any microsoft product), the more prominent the
"announcement" that its security measures are obviously inadequate.
hackers are not the threat, but the solution to the threat. it is a
mistake to think otherwise...
-o-
Subscribe: mail majordomot_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:07:16 PDT