http://www.bostonreview.net/BR34.4/morozov.php By Evgeny Morozov Boston Review July/August 2009 The age of cyber-warfare has arrived. That, at any rate, is the message we are now hearing from a broad range of journalists, policy analysts, and government officials. Introducing a comprehensive White House report on cyber-security released at the end of May, President Obama called cyber-security “one of the most serious economic and national security challenges we face as a nation.” His words echo a flurry of gloomy think-tank reports. The Defense Science Board, a federal advisory group, recently warned that “cyber-warfare is here to stay,” and that it will “encompass not only military attacks but also civilian commercial systems.” And “Securing Cyberspace for the 44th President,” prepared by the Center for Strategic and International Studies, suggests that cyber-security is as great a concern as “weapons of mass destruction or global jihad.” Unfortunately, these reports are usually richer in vivid metaphor—with fears of “digital Pearl Harbors” and “cyber-Katrinas”—than in factual foundation. Consider a frequently quoted CIA claim about using the Internet to cause widespread power outages. It derives from a public presentation by a senior CIA cyber-security analyst in early 2008. Here is what he said: We have information, from multiple regions outside the United States, of cyber-intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber-attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet. So “there is information” that cyber-attacks “have been used.” When? Why? By whom? And have the attacks caused any power outages? The CIA may have some classified information, but very little that is unclassified suggests that such cyber-intrusions have occurred. Or consider an April 2009 Wall Street Journal article entitled “Electricity Grid in U.S. Penetrated By Spies.” The article quotes no attributable sources for its starkest claims about cyber-spying, names no utility companies as victims of intrusions, and mentions just one real cyber-attack, which occurred in Australia in 2000 and was conducted by a disgruntled employee rather than an external hacker. [...] _____________________________________________ Visit the InfoSec News security bookstore! http://www.shopinfosecnews.orgReceived on Thu Jun 25 2009 - 00:47:40 PDT
This archive was generated by hypermail 2.2.0 : Thu Jun 25 2009 - 01:11:31 PDT