US and Russia Open Talks On Limits To Cyberwar 80
andy1307 passes on this from the NY Times: "The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace. American and Russian officials have different interpretations of the talks so far, but the mere fact that the United States is participating represents a significant policy shift after years of rejecting Russia's overtures. Officials familiar with the talks said the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race ... While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains."
Here's a good first step ... (Score:5, Insightful)
Now, some of you may think that I'm picking on Chinese vendors
ACTA (Score:3, Insightful)
Now we know why ACTA is a secret treaty...
Internet crime? (Score:2, Insightful)
Reliable infrastructure.... (Score:3, Insightful)
Plus, other than attacks on military infrastructure, the coming diversity of OSes, CPU platforms, and networks would make attacks on civilian devices nearly impossible. You might be able to write an iPhone worm, but you wouldn't be able to write an iPhone/Android/Java/BREW worm that attacks anyone on any cell network. That worm would also not work on a PC running Windows/OS X/Linux/BSD. And the diversity in browsers make exploit-based attacks even harder. It used to be you could attack the weak IE browser and get 90% of web surfers, now you would only get slightly more than half, and you would need to attack Firefox (both 3.0 and 3.5 along with perhaps older versions), Safari, Chrome, Opera and many smaller browsers.
In short, cyber warfare is a possibility on infrastructure and is quickly approaching impossible on large amounts of devices.
Corroboration? (Score:5, Insightful)
How the heck are you going to limit military use? This isn't like nukes where there are facilities to visit. I can't help but think that language is just smokescreen for the public, and this is really about cooperation on policing the internet. (Cue more secret talks ala ACTA.)
Re:Here's a good first step ... (Score:4, Insightful)
Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it.
Citation needed.
I don't doubt this is possible, but a network component manufacturer having product built in China is probably able to tell if the unit is not to spec.
China uses commodity chips, (some of which is also manufactured in China) but the finished product has to run the home manufacturer's software.
The assumption that the engineers that designed it couldn't tell if the the design has been altered and back doors inserted seems a bit of a hyperventilation to me.
Re:Reliable infrastructure.... (Score:2, Insightful)
I'm guessing he was born in the wrong decade to have read snowcrash. I'm also guessing he doesn't understand how cyberwarfare has already been used in warfare, both hot and cold, with quite positive effects.
I remember when 6" of air made something safe. It's downright scary how much of what we use and rely on is internet facing. Maybe, soon enough, the securty decision will factor into the engineering decision.
Pirates == terrorists? (Score:3, Insightful)
Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains.
How much do you want to bet that "Internet criminals" in this case are people pirating music and movies? While I'm glad to see that we're finally engaging the Russians, it'd be nice if our foreign policy wasn't being directed by the RIAA and the MPAA.
Re:Here's a good first step ... (Score:2, Insightful)
Why do you think that is so? We are all the same, yet some countries are in such peril. It isn't because the people are stupid, or lack any qualities anyone else might have. There is only one thing that dominates these countries, and it's closer to home than you would think. International business, in bed with finance, with a stranglehold on government and "journalism". Who is to investigate, when all of the investigators are employees of the entity they are supposed to investigate?
Fortunately the traditional (not lately) form of government the USA was founded on, as written, is the finest example of liberty, sans all out anarchy that the world has seen. The issue, is that a country like China is very attractive to a rich socialite with monopoly on his mind who would love to reduce the threat of his competition, and to increase the legal wiggle room so he can squeeze a little more profit from the exhausted phallis of the "public good". To increase efficiency, bringing that system back home, to make domestic operations less problematic and more profitable, might also be attractive.
So given that motive, said CEOs and Foundation/Bank Chairmen, might have every reason to have interest in engaging in treason for their own fortunes. China is a giant factory for the companies that financed it's "hostile takeover". European and American Corporations ARE China. When the world is your marketplace, how much is standardization accross countries of policy in favor of your operations, with protections against legal prosecution for your illegal activities, effective to your profits? So, we see emerge a global model of the 21st century oppressive authoritarian standard, which we see slowly showing up subsequently in the places that used to be havens of liberty. I wonder what these unsavory fellowes could stand to gain with the inclusion of "top secret" backdoors to further weaken the threat of liberty to their control over the global economy. Without control over the global economy, people have choices. Choices are the monopoly man's worst nightmare.
Want to give them any more of your business?
Re:Reliable infrastructure.... (Score:3, Insightful)
I really don't see the point in "cyber warfare" other than small-scale attacks on a certain site or ISP, a large scale plan could never fully work because any country could simply switch to basically a huge local network. Would it be hard? Yes. Is it able to be done? Yes.
I think your post betrays a surprising amount of naivete. The Internet is, by definition, international. The amount of foreign transacting that would be decimated by switching to "basically a huge local network" is unfathomable. The Internet is fast becoming the heart and soul of our economy - and cutting it off at the knees is never an acceptable solution. The cost is always too high to justify.
Plus, other than attacks on military infrastructure, the coming diversity of OSes, CPU platforms, and networks would make attacks on civilian devices nearly impossible. You might be able to write an iPhone worm, but you wouldn't be able to write an iPhone/Android/Java/BREW worm that attacks anyone on any cell network. That worm would also not work on a PC running Windows/OS X/Linux/BSD. And the diversity in browsers make exploit-based attacks even harder. It used to be you could attack the weak IE browser and get 90% of web surfers, now you would only get slightly more than half, and you would need to attack Firefox (both 3.0 and 3.5 along with perhaps older versions), Safari, Chrome, Opera and many smaller browsers.
Anybody with a DSL-class Internet connection can take out large swaths of the Internet using common, widely known exploits, such as DNS spoofing attacks [securiteam.com]. Since this is a DOS attack, it would affect anything at the target points.
You are right in that the Internet is increasingly heterogeneous, but while alternate platforms have flowered, the Internet was never homogeneous! Sure, you could attack 90% of client browsers with an IE attack, but never 90% of the Internet hosts! And certainly not 90% of the "core servers" - high bandwidth servers at the logical center of the Internet.
The Russian mob runs a fairly profitable extortion racket with the force of DDOS attacks. While they currently target semi-legal websites (such as gambling and extreme porn sites) in order to keep their profile low, as their stature grows, they will become an increasing risk to companies doing core, legitimate business.
And the problem is severe. Like I said, anybody with a DSL-class connection can do terrible things - what do you think a mob gang with 125,000 infected hosts can do?
Re:Here's a good first step ... (Score:3, Insightful)
Besides, the whole idea is completely missing the point. Cyberwar cannot be limited the way nuclear arms can, because a civilian attack is not fundamentally different froma military one: unlike with nuclear weapons, the civilians have access to all the tools and knowledge the military does. Oh, and their motivations don't fundamentally alter the approach they take. It's like bankrobbers routinely nuking cities.
If a 100k botnet attacks your site, how do you determine if they're the Russian military or a bored teenager?
Re:What about limiting war in general? (Score:3, Insightful)
Force trumps law, hence any "law" limiting war relies on violence for enforcement.
Lawfare only restricts the lawful thus weakening them relative to the law-free.
As for Iraq, when Iraqis tire of killing each other they will stop. Being law-free, they are free to kill each other except where constrained by internal opposition.