US and Russia Open Talks On Limits To Cyberwar 80
andy1307 passes on this from the NY Times: "The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace. American and Russian officials have different interpretations of the talks so far, but the mere fact that the United States is participating represents a significant policy shift after years of rejecting Russia's overtures. Officials familiar with the talks said the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race ... While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains."
Re:Here's a good first step ... (Score:2, Interesting)
Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.
Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.
Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.
Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.
Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.
Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.
I think we should blame ourselves for allowing them to have control over it. The factories might be crap and there might be poeple wishing to take advantage of it... If our pcps were build in our own region we wouldnt have this problem. But I dont think it depends on us?..
Re:Big mistake (Score:2, Interesting)
No, its not useless. The US and Russia are the big boys on the block militarily and Russia still has a load of technology. A treaty between the US and Russia on this establishes a "level playing field" for this arena, just like the US and Soviets had treaties about how close SSBMs could get to the coastlines and things like ABM.