Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Government Security

US and Russia Open Talks On Limits To Cyberwar 80

Posted by kdawson
from the you-put-down-yours-first dept.
andy1307 passes on this from the NY Times: "The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace. American and Russian officials have different interpretations of the talks so far, but the mere fact that the United States is participating represents a significant policy shift after years of rejecting Russia's overtures. Officials familiar with the talks said the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race ... While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains."
This discussion has been archived. No new comments can be posted.

US and Russia Open Talks On Limits To Cyberwar

Comments Filter:
  • by ScrewMaster (602015) * on Saturday December 12, 2009 @11:27PM (#30419904)
    Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.

    Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.
    • I would hope that military equipment contracts would be put to domestic businesses to keep it from being that easy.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.

      Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.

      Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.

      Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.

      Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.

      Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.

      I think we should blame ourselves for allowing them to have control over it. The factories might be crap and there might be poeple wishing to take advantage of it... If our pcps were build in our own region we wouldnt have this problem. But I dont think it depends on us?..

      • by icebike (68054)

        Given your quoting meltdown, I think its fairly certain you should blame yourself for lack of control.

        Either that or the Chinese have a wicked sense of humor....

      • by Sulphur (1548251)

        Are you having file system problems?

        It looked like the post was preceded and followed by the post.

    • by icebike (68054) on Sunday December 13, 2009 @12:48AM (#30420456)

      Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it.

      Citation needed.

      I don't doubt this is possible, but a network component manufacturer having product built in China is probably able to tell if the unit is not to spec.

      China uses commodity chips, (some of which is also manufactured in China) but the finished product has to run the home manufacturer's software.

      The assumption that the engineers that designed it couldn't tell if the the design has been altered and back doors inserted seems a bit of a hyperventilation to me.

      • Re: (Score:3, Insightful)

        by Jurily (900488)

        Besides, the whole idea is completely missing the point. Cyberwar cannot be limited the way nuclear arms can, because a civilian attack is not fundamentally different froma military one: unlike with nuclear weapons, the civilians have access to all the tools and knowledge the military does. Oh, and their motivations don't fundamentally alter the approach they take. It's like bankrobbers routinely nuking cities.

        If a 100k botnet attacks your site, how do you determine if they're the Russian military or a bore

        • Re: (Score:3, Funny)

          by easyTree (1042254)

          If a 100k botnet attacks your site, how do you determine if they're the Russian military or a bored teenager?

          var attacker = (benefitToForeignPolicyAgenda (russianMilitary) >= benefitToForeignPolicyAgenda (boredTeenager)) ? russianMilitary : boredTeenager;

      • Citation needed.

        Slashdot | Feds Seize $78M of Bogus Chinese Cisco Gear [slashdot.org]

        Slashdot | FBI Says Military Had Counterfeit Cisco Routers [slashdot.org]

        Modding "Disagree" is censorship. A rational rebuttal makes Slashdot better.

        Modding "Disagree" is not censorship. It's an important tool to safeguard other readers from thinking your post was anywhere near "Insightful." If you really thought the original post required citations, why not add them yourself? Or better yet, why not edit your post now that you have some. Maybe Slashdot should add a "Dangerously Ignorant" or "Falsely Claims that a Different Opinion Lack

        • by icebike (68054)

          Bogus does not mean back-doored.

          You not only attempted to change the meaning of the thread from a strategic subversion of embedded technology to simple economic piracy. Simple piracy is not cyberwarfare, its not even a precursor of cyberwarfare.

          If you are going to get on you high-horse and preach about the moderation system at least have the courage to keep the discussion focused. These drive by link dumps of non germane slashdot postings do not prove your point (if you had one) and do not prove the conte

          • If you think that gray market products are inherently trustworthy, and that it's safe for the FBI to buy product A and unknowingly use product B instead (even though it could turn out to be an exact duplicate of product A), then I don't have the time right now to explain how those link are relevant to the parent post.

            • by icebike (68054)

              I didn't say they were inherently trustworthy. Again stop putting your words in my mouth.

              I said counterfeit products are not cyber warfare. That is the topic of this story after all.

              If the FBI or the ARMY security relies on knowing who manufactured and item, then they are not doing their job.

    • by camcorder (759720)
      Do you mean whole 266 [cia.gov] (even you cut that into half) different country to build their own networking hardware? If not, why any under-developed country should trust a developed country, then? Especially if some of those countries have a bad record of bullying weaker ones for any imaginary reason.

      Sooner or later developed countries will realize this arrogance will backfire. If anyone is looking for a solution for a real security, it's hidden under understanding every human being living on this planet have t
      • by khallow (566160)

        If anyone is looking for a solution for a real security, it's hidden under understanding every human being living on this planet have the same rights as you have. Once you realize this fact, whoever produces these products will lose its meaning, and you won't waste your time to build machines that kill others.

        Nonsense. Every human being doesn't have the same rights that I do. Sure, it'd be nicer, if they did.

        • by camcorder (759720)
          That's the problem already. They don't have the rights you have now, (and you don't have the rights that some minority have). But what's your or their importance in the eternity which makes us different than each other? Can you name any single thing?
          • Re: (Score:2, Insightful)

            by Anonymous Coward

            Why do you think that is so? We are all the same, yet some countries are in such peril. It isn't because the people are stupid, or lack any qualities anyone else might have. There is only one thing that dominates these countries, and it's closer to home than you would think. International business, in bed with finance, with a stranglehold on government and "journalism". Who is to investigate, when all of the investigators are employees of the entity they are supposed to investigate?

            Fortunately the tradition

          • by easyTree (1042254)

            But what's your or their importance in the eternity which makes us different than each other? Can you name any single thing?

            Living in a country with more nukes than any other? Did I win?

    • by TubeSteak (669689)

      State Actors have the resources to cause chaos with or without hardware exploits.
      It'd be nice to not have backdoors into the routers, but when some guy in England can hack into
      classified databases over a 56K modem... there are much simpler problems that need addressing.

  • Ah, I just can't do it. Can somebody else say it?
  • ACTA (Score:3, Insightful)

    by wizardforce (1005805) on Saturday December 12, 2009 @11:38PM (#30419998) Journal

    the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains."

    Now we know why ACTA is a secret treaty...

  • Internet crime? (Score:2, Insightful)

    by iammani (1392285)
    Or do they actually mean internet 'pirates'?
    • You beat me to it. I like the internet being kind of like the old west, there is "feds", "sheriffs" and "fences" here and there but for quite a bit it is rather open fields were you can do what you like.
    • by Tibia1 (1615959)
      They mean crime as in malware and infectious software developers in the US. They believe that they are the only tools they need to build internet defenses.
  • by Darkness404 (1287218) on Saturday December 12, 2009 @11:46PM (#30420048)
    I really don't see the point in "cyber warfare" other than small-scale attacks on a certain site or ISP, a large scale plan could never fully work because any country could simply switch to basically a huge local network. Would it be hard? Yes. Is it able to be done? Yes.

    Plus, other than attacks on military infrastructure, the coming diversity of OSes, CPU platforms, and networks would make attacks on civilian devices nearly impossible. You might be able to write an iPhone worm, but you wouldn't be able to write an iPhone/Android/Java/BREW worm that attacks anyone on any cell network. That worm would also not work on a PC running Windows/OS X/Linux/BSD. And the diversity in browsers make exploit-based attacks even harder. It used to be you could attack the weak IE browser and get 90% of web surfers, now you would only get slightly more than half, and you would need to attack Firefox (both 3.0 and 3.5 along with perhaps older versions), Safari, Chrome, Opera and many smaller browsers.

    In short, cyber warfare is a possibility on infrastructure and is quickly approaching impossible on large amounts of devices.
    • >>You might be able to write an iPhone worm, but you wouldn't be able to write an iPhone/Android/Java/BREW worm that attacks anyone on any cell network. That worm would also not work on a PC running Windows/OS X/Linux/BSD.

      Dude it's called snowcrash.

      • Re: (Score:2, Insightful)

        by Lord Lemur (993283)

        I'm guessing he was born in the wrong decade to have read snowcrash. I'm also guessing he doesn't understand how cyberwarfare has already been used in warfare, both hot and cold, with quite positive effects.

        I remember when 6" of air made something safe. It's downright scary how much of what we use and rely on is internet facing. Maybe, soon enough, the securty decision will factor into the engineering decision.

    • Re: (Score:3, Insightful)

      by mcrbids (148650)

      I really don't see the point in "cyber warfare" other than small-scale attacks on a certain site or ISP, a large scale plan could never fully work because any country could simply switch to basically a huge local network. Would it be hard? Yes. Is it able to be done? Yes.

      I think your post betrays a surprising amount of naivete. The Internet is, by definition, international. The amount of foreign transacting that would be decimated by switching to "basically a huge local network" is unfathomable. The Interne

  • Corroboration? (Score:5, Insightful)

    by Anonymous Coward on Saturday December 12, 2009 @11:54PM (#30420116)

    How the heck are you going to limit military use? This isn't like nukes where there are facilities to visit. I can't help but think that language is just smokescreen for the public, and this is really about cooperation on policing the internet. (Cue more secret talks ala ACTA.)

  • Big mistake (Score:3, Informative)

    by WindBourne (631190) on Sunday December 13, 2009 @12:05AM (#30420174) Journal
    Negotiating with Russia on this, would be like America doing a treaty with UK to limit nukes; It is useless Without including China, Iran, Burma, and North Korea, then we will be missing a large part of this equation. China, Iran, and North Korea are in very active development of attack systems (as well as real systems such as new missiles, warheads, nuke subs, etc). Heck, a big part of that Chinese firewall, is not just to control their citizens, but it is also to control the outside world coming in.
    • Re: (Score:2, Interesting)

      by Wyatt Earp (1029)

      No, its not useless. The US and Russia are the big boys on the block militarily and Russia still has a load of technology. A treaty between the US and Russia on this establishes a "level playing field" for this arena, just like the US and Soviets had treaties about how close SSBMs could get to the coastlines and things like ABM.

    • by orange47 (1519059)
      hey, you forgot the Nigeria and its royalty..
    • by iritant (156271)

      Many many nations have signed the Council of Europe's Convention on Cybercrime. At least one study in Singapore showed that acceding to the treaty, or even implementing provisions without acceding to it, reduces cybercrime within borders. See http://weis09.infosecon.net/ [infosecon.net] for the paper.

    • Georgia, Ukraine, and one or more of the Baltic states have been attacked by Russia or from Russia. Are these talks going to lead to Russia promising not to do it again?
  • by Anonymous Coward

    No more exposing our Global Warming fraud or else we will get mad you Ruskies!

  • Support World Peace!

    CORRECTION: Support WWW Police!

  • by Angst Badger (8636) on Sunday December 13, 2009 @01:08AM (#30420580)

    Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains.

    How much do you want to bet that "Internet criminals" in this case are people pirating music and movies? While I'm glad to see that we're finally engaging the Russians, it'd be nice if our foreign policy wasn't being directed by the RIAA and the MPAA.

    • Pirates aren't engaging in cyberwar. While I wouldn't think for a minute that the copyright cartels would pass up sticking their noses in this, it's not the main issue here.
    • by cpghost (719344)

      How much do you want to bet that "Internet criminals" in this case are people pirating music and movies?

      Pirates use WMD (weapons of mass dissemination) too...

  • First,
    Start by actually patching your machines and implementing some very basic security stuff..

    You know, the kind of stuff that a script kiddie, with aspergers, searching for evidence of UFO's won't be able to get passed.

    Or if you can't even manage to do that, or find out which systems you need to do it to, then when he finally get's extrodited at your request, instead of humiliating yourself further by giving him a trial and locking him up for the rest of his life. Give him a computer, let him download a

    • by Rennt (582550)

      First, Start by actually patching your machines and implementing some very basic security stuff..

      You know, the kind of stuff that a script kiddie, with aspergers, searching for evidence of UFO's won't be able to get passed.

      So Windows is right out then?

  • When you start hearing about "cyber" anything it's time to worry. Misappropriated prefixes are never fun.
  • Poopst!

  • As long as the US in general relies heavily on Microsoft windows they better keep out of any real cyberwar.

  • Does anyone think anyone will REALLY honor these treaties? I am 100% convinced that they will say, "OK, we will stop cyber warfare work" and then they will get their geeks right back to work on it in their laboratories again.

    I would put ZERO confidence in any treaty of this sort.

  • Let's count down time to introduction of internet borders. You will have to have a internet passport to connect to site in foreign countries. It will stop cyberwars, terrorists and (you guessed it) child pornography.

Statistics are no substitute for judgement. -- Henry Clay

Working...