[ISN] Cyberwar Rhetoric Is Scarier Than Threat of Foreign Attack

From: InfoSec News <alerts_at_private>
Date: Tue, 30 Mar 2010 00:34:57 -0600 (CST)

By  Marcus Ranum
USNews.com March 29, 2010

Marcus Ranum is an expert on security system design and chief security 
officer for Tenable Network Security.

I've worked on information security for more than 20 years, and during 
that time, there hasn't been a year that has gone by without news like 
"hacker breaks into Department of Defense computer networks" or 
"industrial spies access high-tech plans." Suddenly, the steady drumbeat 
of computer/network security has been pushed to center stage, and now 
our government is talking about "cyberwar" and pointing a finger at 
China. Unless you've been asleep for a decade, you ought to be worried 
when our government starts using the rhetoric of warfare— especially 
vocabulary like "pre-emptive" and "deterrence." Why the sudden change?

Anyone involved in sales knows the "FUD sell"—based on fear, 
uncertainty, and doubt. Some of the talking heads who are declaring us 
to be in danger want to sell billions of dollars of solutions to the 
problem. They are often the same people who had "ownership" of the 
problem before they stepped through the revolving door into private- 
sector executive positions. Now they'll get it right? I'm skeptical.

Let's consider what they're saying. The notion of cyber war is that it 
would serve as a "force multiplier" for conventional operations. 
Preparatory to attacking a target, communications networks and command/ 
control systems would be disrupted, power systems might be temporarily 
crashed, navigation systems confused, etc. Proponents of cyberwar claim 
that it might save lives; I've even heard them claim it's more effective 
to recoverably crash a nation's power grid than to bomb it with 
precision airstrikes. The misdirection works, however. We're now down 
into the technical weeds and lose track of the main question: "What 

When some pundit says that we're losing a cyberwar to China, is he 
saying that China is preparing to crash our electronic infrastructure so 
that it can invade? The mind boggles. The last time I asked a cyberwar 
proponent that question, he quickly explained that, no, we were talking 
about potential economic warfare. But isn't there already an ongoing 
economic war we call "the global economy"? Assuming China would try to 
deliberately crash our economy presupposes that the Chinese are so 
stupid that they'd want to devalue the huge chunk of the U.S. economy 
that they already own, and crater their own economy while they were at 
it. I keep waiting for a spokesperson of the Chinese government to 
officially say, "Please stop assuming we're idiots." If China wanted to 
drop the hammer, it would start trading in euros instead of dollars. But 
who has the time and energy to invade, disrupt, or destroy? We're 
business partners, we're competitors, and there's money to be made!


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Mon Mar 29 2010 - 23:34:57 PDT

This archive was generated by hypermail 2.2.0 : Mon Mar 29 2010 - 23:49:59 PDT