http://www.usnews.com/opinion/articles/2010/03/29/cyberwar-rhetoric-is-scarier-than-threat-of-foreign-attack.html By Marcus Ranum Opinion USNews.com March 29, 2010 Marcus Ranum is an expert on security system design and chief security officer for Tenable Network Security. I've worked on information security for more than 20 years, and during that time, there hasn't been a year that has gone by without news like "hacker breaks into Department of Defense computer networks" or "industrial spies access high-tech plans." Suddenly, the steady drumbeat of computer/network security has been pushed to center stage, and now our government is talking about "cyberwar" and pointing a finger at China. Unless you've been asleep for a decade, you ought to be worried when our government starts using the rhetoric of warfare— especially vocabulary like "pre-emptive" and "deterrence." Why the sudden change? Anyone involved in sales knows the "FUD sell"—based on fear, uncertainty, and doubt. Some of the talking heads who are declaring us to be in danger want to sell billions of dollars of solutions to the problem. They are often the same people who had "ownership" of the problem before they stepped through the revolving door into private- sector executive positions. Now they'll get it right? I'm skeptical. Let's consider what they're saying. The notion of cyber war is that it would serve as a "force multiplier" for conventional operations. Preparatory to attacking a target, communications networks and command/ control systems would be disrupted, power systems might be temporarily crashed, navigation systems confused, etc. Proponents of cyberwar claim that it might save lives; I've even heard them claim it's more effective to recoverably crash a nation's power grid than to bomb it with precision airstrikes. The misdirection works, however. We're now down into the technical weeds and lose track of the main question: "What war?" When some pundit says that we're losing a cyberwar to China, is he saying that China is preparing to crash our electronic infrastructure so that it can invade? The mind boggles. The last time I asked a cyberwar proponent that question, he quickly explained that, no, we were talking about potential economic warfare. But isn't there already an ongoing economic war we call "the global economy"? Assuming China would try to deliberately crash our economy presupposes that the Chinese are so stupid that they'd want to devalue the huge chunk of the U.S. economy that they already own, and crater their own economy while they were at it. I keep waiting for a spokesperson of the Chinese government to officially say, "Please stop assuming we're idiots." If China wanted to drop the hammer, it would start trading in euros instead of dollars. But who has the time and energy to invade, disrupt, or destroy? We're business partners, we're competitors, and there's money to be made! [...] ___________________________________________________________ Register now for HITBSecConf2010 - Dubai, the premier deep-knowledge network security event in the GCC, featuring keynote speakers John Viega and Matt Watchinski! http://conference.hitb.org/hitbsecconf2010dxb/Received on Mon Mar 29 2010 - 23:34:57 PDT
This archive was generated by hypermail 2.2.0 : Mon Mar 29 2010 - 23:49:59 PDT