Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Security

There Is No Cyberwar 149

crowfeather notes an interview with cybersecurity czar Howard Schmidt that Wired's Threat Level conducted this week. "Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing. 'There is no cyberwar,' Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco. 'I think that is a terrible metaphor and I think that is a terrible concept,' Schmidt said. 'There are no winners in that environment.' Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage. His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it. ... There's been much ink spilled in recent years over the turf battles in D.C. over whether the NSA (representing the military) or DHS (on the civilian side) takes the lead role in cybersecurity. But... "I haven't seen that tension," Schmidt said. As for which will take the cybersecurity lead, Schmidt simply says it's a shared effort."
This discussion has been archived. No new comments can be posted.

There Is No Cyberwar

Comments Filter:
  • by sopssa ( 1498795 ) * <sopssa@email.com> on Friday March 05, 2010 @10:20AM (#31371270) Journal

    I have actually always wondered about this. I remember how we had to write a school subject about "chinese superhackers" newspaper article in the early 2000's. The Google thing was also showed off to be a work of amateurs, not some Chinese superhackers working for their government. For me it just starts to look like trying to put fear into people for whatever personal reason. "Chinese hackers working for their country to break into US systems" sure sounds cool and creates fear in people, but is there any actual truth behind it? As it is now it's almost like cold war carried over to new technological area. It also looks to be a common thing here on slashdot too - without actually even questioning if theres any truth behind it.

    • by Jurily ( 900488 ) <jurily AT gmail DOT com> on Friday March 05, 2010 @10:23AM (#31371310)

      Chinese hackers are indistinguishable from Chinese bored teenagers. Or American bored teenagers. Seriously, who cares where they come from?

      • by Krneki ( 1192201 )
        They do. Zee Internet Hackers are in your PC and in order to make you safe they need to monitor your connections. Of course providing them with your personal information will make the whole procedure way safer for you. They are going to ass rape you, without taking you to diner first.
      • The coined term "cyberwar" is an abstraction. Like all abstractions, it's an imperfect model of a much more complex reality. It would be foolish to believe that capable nation states would not conduct surveillance and reconnaissance, and when conditions are favorable, offensive operations, and therefore defensive as well, in cyber-space as one would in any other physical medium (not that cyber-space is not physical -- it is). The same is true for criminality, organized certainly, but not exclusively, by dem
        • Unfortunately War is being used as an euphemism for "hard fight against," "domination over" or "control of" rather than for the traditional meaning where one country attacks another to acquire its resources or a country forced to defend itself from an attack. War against crime, drugs, terrorism. It pleases those who are for it but also dilutes the meaning of war for those who have actually been in one.

          In my opinion, if used to create fear or for political gain, it is obviously bull-shit and should be seen a

          • "The solution to cyberwar/crime is very simple. Disconnect the US's from the rest of the world - just like Iran did. Some people probably think they might be better of this way."

            At least disconnect the strategic things, like the power grid, utilities of all sorts..etc.

            It seems like it should have in the past been, and currently be, just good sense to never have these types of critical systems in any shape, form or fashion connected to the public internet 'tubes'....

            Just taking critical systems off the p

    • by oodaloop ( 1229816 ) on Friday March 05, 2010 @10:35AM (#31371458)
      No, not much. Just a bunch of massive cyber attacks on the U.S. government's websites.

      http://en.wikipedia.org/wiki/Cyberwarfare#History_of_attacks

      Doesn't really matter if it's China behind any of it to call it a cyber war.
      • Re: (Score:3, Informative)

        by HungryHobo ( 1314109 )

        Ah a prime example:

        In 1991, it was reported by somebody in the air force that a computer virus named AF/91 was created and was installed on a printer chip and made its way to Iraq via Amman, Jordan.[24] Its job was to make the Iraqi anti-aircraft guns malfunction; however, according to the story, the central command center was bombed and the virus was destroyed.[25] The virus; however, was found to be a fake.

        of the others they mostly sound like boring old botnet activity or media sensationalism.

        Sorry. No real "cyberwar" here.

        • Re: (Score:3, Insightful)

          by oodaloop ( 1229816 )
          From the below article about the 2007 attack on the Pentagon: The Pentagon is exposed to "perhaps hundreds of attacks a day," and the department has back up systems in place, Gates said.

          http://www.pcworld.com/article/133301/pentagon_shuts_down_systems_after_cyberattack.html

          What would you call a regular series of attacks on our military headquarters using computers, hmmm? A compu-insurgency? Techno-terrorism? Cyberwarfare seems pretty apt to me.
          • Let's see ... (Score:5, Insightful)

            by khasim ( 1285 ) <brandioch.conner@gmail.com> on Friday March 05, 2010 @11:06AM (#31371866)

            What would you call a regular series of attacks on our military headquarters using computers, hmmm?

            I'd call it "the daily life of a firewall". Seriously, check your firewall logs. Mine are being "attacked" every hour of every day and I'm not a military installation.

            • Seconded. If you run something on it that tells a lot of people about your system, you will get ssh dictionary attacks, port scans, etc, 24/7. Even if it’s a small dyndns system.

          • My home router constantly has regular attacks on it. Have I ever thought I was on a cyber battlefield? No.

            • My home router constantly has regular attacks on it. Have I ever thought I was on a cyber battlefield? No.

              Pft. Damn hippie pacifist. I'll bet your router's covered in daisies!

          • by HungryHobo ( 1314109 ) on Friday March 05, 2010 @11:18AM (#31372012)

            seriously: have you ever been an admin for any internet facing server?
            Hundreds of attacks a day is nothing amazing.
            That's background noise.

            • No, I have not been an admin. And I had previously read it was closer to tens of thousands a day, though perhaps that too is within the range of normal.
              • If you're running a well know organisation? probably.
                It depends what you consider an attack.

                Is a portscan an attack?
                Is sending a single packet to a port an attack or are we looking for more than worms trying to buffer overflows?
                Is emailing one of the staff a virus an attack?
                Is emailing one of the staff with a link to a virus an attack?
                etc etc.

                depending on what you consider an attack you could easily hit tens of thousands.

                • I would say a portscan followed by attempts to login to various services with public interfaces without proper credentials not meant to be public could be considered an attack... I find my FTP server is attacked a couple hundred times a day, with various login attempts as accounts my FTP server software doesn't even have "Administrator" "root" etc... Though in that case, 3 failed attempts in 5 min, blocks the source IP for a day. It's still an attack, automated or not. There are similar efforts for any g
                  • IED
                  • I would say a portscan followed by attempts to login to various services with public interfaces without proper credentials not meant to be public could be considered an attack...

                    Is this an intentional cyberwarfare, or is a botnet simply doing what it's programed to do? In many of these cases, I doubt that the human controller behind the botnet cares about most of this activity. Your target isn't juicy enough, yet.

                    • I was mostly commenting on the severity. Of what is considered an attack vs. The gp imlying that something more typical or low kay not being an attack. A missile hitting a target being automated vs a person firing a rifle is still an attack even if automated, just differing severity/risk.
                    • I'd look at it almost more like breathing in a virus vs someone trying to stab you.

                      both are attacks.
                      both could kill you.

                      but one is a sort of generalized low level risk for everyone and the other is someone being out to hurt you specifically.

                • Cold war, nuclear war, chemical war, biological war, conventional war .... cyber war. If a foreign government is sponsoring a coordinated attack against our assets, isn't that a "war"?

                  Just because it's waged with scripts, bots and other digital means and not with guns and bombs doesn't mean it can't be CALLED a war. Perhaps a cyber cold war.

                  Do you think that our government ISN'T working on digital defensive and offensive efforts???

                  Perhaps the federal cyber czar would call it a war if someone actually
                  • Re: (Score:3, Insightful)

                    by HungryHobo ( 1314109 )

                    as it stands any cyberwar launched by a government would be missed in the noise due to insignificance next to the legions of botnets, script kiddies, hackers, crackers and miscellaneous.

              • Tens of thousands is nothing. The last time I worked on the frontlines, so to speak (now I support the tools that support the firewalls, rather than the firewalls themselves), at a medium-sized telecom company that shares a name with the OLPC laptop, we would get hit millions of times per day. And we'd shrug it off like it was nothing; because, well, it was nothing.

          • Re: (Score:3, Interesting)

            by bsDaemon ( 87307 )

            I would probably lump it in with signals intelligence, or perhaps counter-intelligence as well. While disabling infrastructure and/or command/control is definitely attractive, it may or may not even be advantageous to do so. These days, just for example, America and China are so co-dependent on each other economically that blowing up a factory or even disabling the electrical grid would actually end up doing reciprocal economic damage to the perpetrating party by taking out part of a market and closing off

          • 'hundreds of attacks a day'. What's an attack? is a port scan an attack? Is a botnet sending a virus payload in an email attachement an attack? How many of those 'attacks' are commercially driven, versus militarily driven? Likely we're dealing with standard internet 'crime' not 'attacks'. Wouldn't be surprised if 95% of what he called attacks involved the word V1AgArA.

          • by Kpau ( 621891 )
            I certainly wouldn't dignify it as 'warfare'. Checked YOUR own logs lately (or do you keep logs)? Every IP is routinely "attackedf" a few hundred times a day. This is misuse of the word "war" as the "War on Drugs".... "We've always been at war with Oceania". Kudos for Schmidt. This was simply another instance of the previous administration talking out of its ass to further erode domestic privacy and create bogeymen while the *real* problems just saunter about.
    • by Anonymous Coward

      You don't need religion. You don't need dogma. You don't need issues.
      They're all rooted in basic primal emotions..

      You just need to instill fear in people, and they will give you that much more power, status and sex.
      Best way to gain power and stop intelligent discussions is to start a war.

    • by jhoegl ( 638955 )
      The "For whatever reason" makes me think of the cold war and the rhetoric cast back and forth during that whole thing. It is something so established in our society that even saying "socialist" gets you all kinds of irrational emotional rage about something people know nothing about.
      So the reason? Because people in government positions want unlimited funds for fighting ghosts.
    • Re: (Score:1, Interesting)

      by Anonymous Coward

      I think it's naive to believe or suspect it's not happening. I also believe it's naive to think governments don't sponsor it. Espionage, particularly from China, has been rampant in the corporate sector for longer than most of us have been alive. Government is an even bigger target with bigger payoffs. Using the Internet to do so makes it very accessible and completely deniable. I'm not a conspiracy freak but it's foolish to think it's not going on, even if it wasn't right in your face via the news.

      A.C.

    • by ArsonSmith ( 13997 ) on Friday March 05, 2010 @11:03AM (#31371836) Journal

      There is a cyber war, but it's within our own government, and it's over who gets the budget dollars to fight it.

    • by gtall ( 79522 )

      Regardless of whether there is a war or not, the Chinese hackers concentrated on Chinese civil rights enthusiasts. I find it doubtful a group of Chinese teenagers would care about that lot.

  • by H0p313ss ( 811249 ) on Friday March 05, 2010 @10:22AM (#31371306)
    ... we have always been at war with Eurasia.
  • And he's right. (Score:3, Insightful)

    by ScrewMaster ( 602015 ) * on Friday March 05, 2010 @10:26AM (#31371338)
    It's not a war if only one side is putting up a fight.
  • This guy sounds out of touch, like he is more concerned with the politics of appeasing China than the job of securing our country. Can we somehow get this guy removed from office for incompetence?
    • by jimbolauski ( 882977 ) on Friday March 05, 2010 @10:33AM (#31371426) Journal
      Incompetence has never been a reason for dismissial in government why start now.
    • by Chris Burke ( 6130 ) on Friday March 05, 2010 @10:55AM (#31371716) Homepage

      I don't see how emailing your post to the white house could fail to do the job. I mean "sounds out of touch"? How can anyone read that and not know he's not suited for the job?

      Seriously, focusing on online crime and espionage without re-engineering the internet to eliminate anonymity, instead of focusing on a Cyber-War buzzword with all the "but we're at war!" excuses for doing whatever they want? That's no way to exercise executive power! You're so right; how incompetent can you get?!

      • The current administration is out of touch with the threat of cyberwar. When Russia invaded Georgia to control natural gas supplies Georgia's communications were shut down and mobilization efforts were hindered cyber war is an effictive tool and should not be dismissed so easily. The curent attacks on the US infrastructure are simply finding our many weaknesses and no matter of sticking our heads in the sand will stop it. The only way to stop it is to start taking a proactive approach, shoring up our wea
        • Re: (Score:3, Insightful)

          by Chris Burke ( 6130 )

          The curent attacks on the US infrastructure are simply finding our many weaknesses and no matter of sticking our heads in the sand will stop it. The only way to stop it is to start taking a proactive approach, shoring up our weaknesses, and start doing the same to our enemies.

          Huh, that sounds like a familiar sentiment. Where have I heard it? Oh yeah, TFA!

          "We can't sit there and be waiting for the next intrusion attempts to take place," Schmidt said. "We need to become stronger in what we are doing so we a

    • Sounds like you think you could do a better job?

      Maybe you could. Maybe I could too. But would you want to do that job? It's like you'd be the president of the internet.

      When some bureaucrat in washington gets a fake antivirus on their "secured" system, you'd get the blame.

      "That onyxruby guy just isn't doing a good job. I've got a virus. I thought he was the cybersecurity czar. What does he do all day? Why isn't he protecting my hard drive? How could this happen? I'm going to write a scathing lett
  • So, wait... (Score:5, Funny)

    by Androclese ( 627848 ) on Friday March 05, 2010 @10:28AM (#31371370)
    Are you telling me I planted my Cyber War Victory Garden and bought Cyber War Bonds for nothing?!
  • by bobcat7677 ( 561727 ) on Friday March 05, 2010 @10:30AM (#31371396) Homepage
    There is no Cyber-War ...and these are not the droids you are looking for.
    • by Itninja ( 937614 ) on Friday March 05, 2010 @11:13AM (#31371950) Homepage
      Don't waive your hand! You're going to need it someday!
    • by ArcherB ( 796902 )

      There is no Cyber-War ...and these are not the droids you are looking for.

      But those WERE [filippovitale.it] the droids you were looking for!

      ... and there certainly is a cyber war. However, it just falls under the espionage and sabotage categories. We have satellites and planes that specialize at electronic eavesdropping. We have *unknown* numbers of cyber spies constantly monitoring what emails and page traffic goes to and from what. Remember, ESCHELON is the one we in the public know about. How much is out there that we don't know about? How much of that is from other counties and p

    • Hand waive? Well, if you're not using yours I guess I could find "uses" for an extra two.

  • You can say there's no war because there's no structure. That's quaint. You're lying about it, if for no other reason that our own military's cyber 'forces'.

    The risks are real and the burden is being carried by civilians. Just like it was out on the last frontier. Eventually larger and larger organizations will come into conflict and some will aptly begin to label that as 'war'.

    • Aptly? (Score:4, Insightful)

      by ink ( 4325 ) on Friday March 05, 2010 @10:51AM (#31371670) Homepage

      If it's a war, then the Constitution requires Congress to declare it. We have wars on poverty, drugs, terrorism; why do we need to further dilute what it means to be at war? I find Schmidt's comments refreshing; perhaps we could have a rational discussion about security without needlessly ratcheting up the fear machine. Traditionally wars had beginnings and endings -- that is to say, they had structure (not to be quaint). When we're eternally at war with concepts, it numbs the sentiment.

      • by BobMcD ( 601576 )

        You mis-read my intent with your well-meant objection to war on concepts.

        I, too, agree with your disdain for those. I would likewise believe that China's government attacking a US corporate interest within our sovereignty would qualify as an act leading to a declaration of war.

        I'm not saying we're at war with the concept. I'm saying if and when we're attacked by specific sovereign bodies this should qualify as acts of war just as if they were using tanks or bombs to do it.

        I further assert that we know it

        • by ink ( 4325 )

          I don't think this rises to the level of an attack on our sovereignty any more than our use of sattelite imaging and other espionage would be a declaration of war on China. If Congress disagrees, then they should declare war on China for these attacks. I personally know at least four people in "cyber security" for our government. Trust me, they aren't just sitting around doing nothing; they are actively engaged in both defensive and offensive systems engineering. If war comes of all this, then so be it

      • I find Schmidt's comments refreshing; perhaps we could have a rational discussion about security without needlessly ratcheting up the fear machine. Traditionally wars had beginnings and endings -- that is to say, they had structure (not to be quaint). When we're eternally at war with concepts, it numbs the sentiment.

        I agree, but the fear machine has a short battery life. I was in the airport recently and saw that the terror threat level was orange. Ho hum, I thought. Orange should mean "more than usual." If

    • In this case given that nobody is actually getting shot civilians in the form of sys admins and programmers are far better equipped to fight this one.
      They're more numerous, they're just as skilled and they're on their home ground.

  • Meh (Score:4, Funny)

    by Dracophile ( 140936 ) on Friday March 05, 2010 @10:38AM (#31371486)
    There is no spoon.
  • Sounds familiar?
  • by GPLDAN ( 732269 ) on Friday March 05, 2010 @10:48AM (#31371626)
    The US owns the sea. the Chinese know this. Their sub technology is borrowed from the Soviets, and the Akula class is a barge underwater and it's all they got, and their Navy sucks.

    The US has shown it possess the technology to splice underwater fiber cables and tap them. Google it, they've already done it in the North Sea.

    And that is the trump card. China launches a major offensive against the world, they better have routes down through Korea, because every trans-pacific cable leading to the mainland will get cut in minutes.
  • by daveschroeder ( 516195 ) * on Friday March 05, 2010 @10:49AM (#31371638)

    FBI director warns of 'rapidly expanding' cyberterrorism threat [washingtonpost.com]

    This "there is no cyberwar" business plays right into Singel's agenda that anything related to cyber war is really a conspiracy to kill the open internet [wired.com].

    All the "cyberwar" stuff may be overplayed, and no, we're not in a "war", per se, at the moment, but we are most certainly unprepared, as are many open, information-dependent societies...

    • Comment removed based on user account deletion
    • by DJoffe ( 1747746 )
      If you ask me, most of the rhetoric one hears from government officials is more about money than anything else; warning of a 'rapidly expanding cyberterrorism threat' is mainly scaremongering that translates to 'give us a bigger budget than ever'. Not saying there aren't vulnerabilities; certainly there are, just look at all the Windows botnets and viruses (and nowadays PDF seems to be a primary attack vector). If there was a "cyberwar" already being waged, it would probably already have been lost. But giv
    • The internet is essentially a massive number of walled communities.
      There is nothing that any potential adversary could do which isn't already being done by the botnet herders and we seem to be doing fine despite them.

      In any case I see little or no way in which the government could do a better job than the current crop of sys admins.

  • I think all that China is doing is not employing bored script kiddies. From all accounts these hackers have no day jobs. Our biggest online security threats come from people trying to trick folks into clicking links about viagra and SEE BRITTANY SPEARS NUDE!
    • by gtall ( 79522 )

      While Brittany Spears nude is certainly dirty warfare, I think what concerns the U.S. military most is that the Chinese bureaucrats running the asylum will think they'll be seen as having bigger penises if they invade Taiwan. The U.S. has a treaty to defend Taiwan. If we ever got into a hot war, there won't be any question of whether cyberwar will be part of it if nothing else than for Chinese hackers to keep the U.S. too preoccupied to properly respond. They needn't even be working for the Chinese governme

  • This means we can fire Howard Schmidt since his position is not needed and we can put his salary towards the Fed. deficit.
  • War on X (Score:4, Funny)

    by S77IM ( 1371931 ) on Friday March 05, 2010 @10:56AM (#31371722)

    We had a War on Poverty, and poverty increased.
    We had a War on Drugs, and drugs increased.
    We had a War on Terror, and terror increased.

    So, yeah, let's have a War on Cyber, and maybe cyber will increase too. Cybernetics? Cyborgs? Cyberspace? Cybering? I guess you take the good with the bad.

      -- 77IM

    • by gtall ( 79522 )

      Ah, you Sir get the Internet Award for Gratuitous and Absurd Use of Induction.

    • by Ltap ( 1572175 )
      All we need now is a War on Sex. That's a cause we could ALL get behind, if these "War on X" trends continue!
    • Egad, then there must have been a secret War on Stupidity here in the US for the past 30 years.

      I say it's time for a War on Peace!

  • In a war both sides are fighting... but so far, only the bot(net)s are attacking, and what the "attacked" front does efficiently is giving them more drones. Is not war, is harvest.
  • Yeah, right (Score:3, Funny)

    by DoofusOfDeath ( 636671 ) on Friday March 05, 2010 @10:58AM (#31371748)

    The First Rule of Cyberwar is...

  • by FriendlyPrimate ( 461389 ) on Friday March 05, 2010 @11:26AM (#31372144)
    IBM has recently started directly laying off American developers and replacing them with Chinese developers working in the "CDL labs". They're doing this for code designed to run on System z mainframes, such as Rational HATS (half the team just moved to China in the past couple of weeks). The main reason why companies use System z at all is because it's supposed to be ultra-secure, and therefore it is used for the most sensitive of processes (like banks, etc...). How unrealistic would it be for a Chinese developer (either willingly, or coerced by the Chinese government) to plant security holes in IBM mainframe products? They did it with Google...isn't it logical that they'd also be trying to target IBM? It scares the heck out of me thinking how many Fortune 500 companies that use System z for their ultra-secure mainframes might be getting exposed to Chinese corporate espionage.
  • The problem with kneejerk cynicism and paranoia is that if (when) there is a real threat we might not be prepared to respond to it. We might choose to not respond. Maybe the boy shouldn't be crying wolf so often, but the village should at least think about what to do when the wolf comes calling.

    Let's take as a given that there is no cyberwar. Does that mean that China, Russia and anyone else with an interest in hurting the US isn't working on a plan to attack us? They might be able to keep a secret. The

  • ...he would re-release that same statement, with:
    s/cyber.?war/terrorism/i

    Then we would start to get somewhere... and maybe fix more important problems.

  • Peace in our time?

Someday somebody has got to decide whether the typewriter is the machine, or the person who operates it.

Working...