nerdgirl 0 #1 March 10, 2008 As reported last week in UK’s The Guardian “Nato is treating the threat of cyber warfare as seriously as the risk of a missile strike, according to a senior official. Suleyman Anil, who is in charge of protecting Nato against computer attacks, said: ‘Cyber defence is now mentioned at the highest level along with missile defence and energy security. We have seen more of these attacks and we don't think this problem will disappear soon. Unless globally supported measures are taken, it can become a global problem.’ “Among the chief threats is cyber terrorism, in which attempts are made to shut down online communication networks or use the internet to attack official institutions. Although some have warned of the possible threat since the 1980s, it is only in recent years that the issue has made it onto the radar of governments around the world. “But Anil also warned of rogue nations who could sponsor internet-based attacks on Nato members. ‘There are nations who are not just working on defence capabilities, but who have attack capabilities - and that brings a new dimension to the whole issue.’” I assert w/r/t formal threat assessment, where Threat = F(vulnerability, capability, motivation), the threat from cyberterrorism, cyberwarfare, and cybercrime exceeds the missile threat both to the US and to NATO countries. Vulnerability: Well, if you accept that missile defense works, one can assert that US vulnerability is low; if you don’t, then there is a potential vulnerability to those who do have such capability. In June 2007, the Chinese military hacked into the Office of Secretary of Defense’s unclassified computer network. Last week, OSD's chief information officer, Dennis Clem, acknowledged publicly, “This was a very bad day … We don't know when they'll use the information they stole, [which was] an amazing amount, [including] processes and procedures that will be valuable to adversaries.” -- Far from the first time: in 2005, there were almost 80,000 attempted hacks. About 1,300 were successful, including hacks into the Army’s 101st and 82nd Airborne and the 4th Infantry. Not just the DoD that’s being targeted, State Department computers were hacked by China too. Commerce and DHS have also been hacked. -- W/r/t NATO allies, what may mark the first incidence of politically-motivated state-on-state ‘cyber-invasion:’ the Estonian government, police, banks, airports, and communications systems were shut down in April by an cyber attack traced to Russia. Estonia called for help under NATO … the implications of this w/r/t security alliances and security assurances are tremendous: under NATO, who/what is retaliated against? -- the National Strategy for Physical Protection of Critical Infrastructures and Key Assets and the National Strategy to Secure Cyberspace indentifying information and communications technology (ICT) infrastructure, i.e., “telecommunications” as US critical infrastructure. -- National Security Presidential Directive(NSPD) 54/Homeland Security Presidential Directive (HSPD) 23 (classified) was signed 8 Jan 2008. It reportedly “expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies’ computer systems. The directive authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies -- including ones they have not previously monitored. “Until now, the government’s efforts to protect itself from cyber-attacks -- which run the gamut from hackers to organized crime to foreign governments trying to steal sensitive data -- have been piecemeal. “There has been a string of attacks on networks at the State, Commerce, Defense and Homeland Security departments in the past year and a half. U.S. officials and cyber-security experts have said Chinese Web sites were involved in several of the biggest attacks back to 2005, including some at the country's nuclear-energy labs and large defense contractors.” The execution of this NSPD extends to & is proactively involving the private sector, i.e., “information sharing.” At the same time “privacy advocates, fearing government intrusion on private networks, have already compared the project to the NSA's warrantless wiretapping program. In a congressional hearing last Thursday, Rep. Paul Broun, R-Ga., said the program seemed ‘a little like the fox guarding the henhouse.’” -- The conclusion of the recent National Academy of Sciences report, “Toward a Safer and More Secure Cyberspace” is … well, to put it concisely and less than diplomatically, we’re screwed. On vulnerability: much greater w/r/t execution of cyberterrorism, cyberwarfare, and cybercrime. Capability: We know that there are only 4 countries that have ICBMs capable of hitting the US: Russia, China, France & UK. The President, the SecDef, and head of MDA (nee BMDO) has repeatedly asserted that missile defense is not directed at Russia or China. What non-NATO nations have missiles and nuclear weapons capable of hitting our NATO allies? -- Which non-state actors (terrorists) have ICBMs, mid-range, or short-range missiles? None have nuclear weapons. Conversely, how many countries have access to the internet? -- China and Russia have demonstrated capabilities w/r/t executing cyberwarfare/cyberterrorism. -- Non-state actors (terrorists) have excelled at exploiting cyberspace: SecDef Gates “It is just plain embarrassing that al-Qaeda is better at communicating its message on the internet than America.” -- Al Qa'eda has it's own media and internet 'company.' On capability: much greater with execution of cyberterrorism, cyberwarfare, and cybercrime. Motivation: States: I would assert is low. -- Non-state actors: Big Al Qa’eda has indicated that they consider nuclear (along w/biological) to be strategic weapons they would like to acquire. I don’t see any evidence that AQ would differentiate between an improvised nuclear device (*not* a radiological dispersal device/RDD or ‘dirty bomb’) or suicide detonation of a bought/stolen/whatever nuclear warhead and one on a missile. Yes – see discussion above w/r/t actions of China, Russia, etc. -- Additionally, the US National Intelligence Council’s (NIC) “Key Judgments” from the April 2006 National Intelligence Estimate (NIE) on “Trends in Global Terrorism: Implications for the United States, asserted “We judge that groups of all stripes will increasingly use the Internet to communicate, propagandize, recruit, train, and obtain logistical and financial support.” On motivation: -- state actors much greater with execution of cyberterrorism, cyberwarfare, and cybercrime. -- non-state actors: perhaps equal. In summary, back to qualitative threat analysis: there is greater capability and greater vulnerability w/r/t cyber attacks and perhaps equal of greater motivation, therefore threat from cyber attacks is greater than threat of missile attack. DNI’s unclassified threat assessment – cyber threat assessment starts on page 18 of the pdf file/excerpts here. --- ---- --- And in case ya don’t believe accept my threat analysis, one final bon mot: (Coincidently (?)), LTG Ray Odierno (recently nominated to be the Army’s Vice Chief of Staff and who has spent some time recently, ahh last 3 years, in Iraq) stressed the cyber threat in conversation with Ralph Peters, as reported in Peter’s NY Post Op-Ed column “Lessons from the General” Friday: “We need to better understand the cyber-world piece. It's critical to our enemies.” VR/Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites
lawrocket 3 #2 March 10, 2008 The building I worked in in Downtown Los Angeles for about 4 years had the first 19 floors dedicated to communications servers - 23 floors in total. Thus, I considered myself to be in what was a prime target of terrorism. Take that building out and the whole west coast communications infrastructure is kaput for at LEAST a few days. More likely, a few weeks. Imagine what it would be like without operational phone lines. No access to ATM's or credit card transactions. It's mind boggling. My wife is hotter than your wife. Quote Share this post Link to post Share on other sites
PLFXpert 0 #3 March 10, 2008 Generally what we do here is open with an issue, state our synoptic opinion, and wait for others to respond before proving our point with additonal facts & links. It is more fun this way. P.S. I've only gotten to this part so far: Quote I assert w/r/t formal threat assessment, where Threat = F(vulnerability, capability, motivation), the threat from cyberterrorism, cyberwarfare, and cybercrime exceeds the missile threat both to the US and to NATO countries. I'm pretty sure I agree. I need a snack, though, before I read the rest. Paint me in a corner, but my color comes back. Quote Share this post Link to post Share on other sites
ryoder 1,590 #4 March 10, 2008 QuoteThe building I worked in in Downtown Los Angeles for about 4 years had the first 19 floors dedicated to communications servers - 23 floors in total. One Wilshire?"There are only three things of value: younger women, faster airplanes, and bigger crocodiles" - Arthur Jones. Quote Share this post Link to post Share on other sites
kelpdiver 2 #5 March 10, 2008 perhaps the military could stop using Windows. Quote Share this post Link to post Share on other sites
nerdgirl 0 #6 March 10, 2008 Quote Generally what we do here is open with an issue, state our synoptic opinion, and wait for others to respond before proving our point with additonal facts & links. It is more fun this way. I’ve never particularly excelled at following standard, customary norms and practices. It’s my inner iconoclast. Quote P.S. I've only gotten to this part so far: Quote I assert w/r/t formal threat assessment, where Threat = F(vulnerability, capability, motivation), the threat from cyberterrorism, cyberwarfare, and cybercrime exceeds the missile threat both to the US and to NATO countries. Just imagine you were the poor guy sitting next to me Sunday night as our plane sat on the tarmac last night, as I’m pulling up documents from my laptop hard drive on cyberterrorism and Al Qa’eda. VR/Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites
PLFXpert 0 #7 March 10, 2008 Quote I’ve never particularly excelled at following standard, customary norms and practices. It’s my inner iconoclast. Rock on. Quote Just imagine you were the poor guy sitting next to me Sunday night as our plane sat on the tarmac last night, as I’m pulling up documents from my laptop hard drive on cyberterrorism and Al Qa’eda. Paint me in a corner, but my color comes back. Quote Share this post Link to post Share on other sites
nerdgirl 0 #8 March 10, 2008 Quote perhaps the military could stop using Windows. It's more than just the military -- that's the point. While the military's unclassified networks may have vulnerabilities; one could argue that anything that's got underlying parts radiation hardened is less vulnerable. It's a credit (& strength of) to the US system (civilian oversight, w/in & w/out the USG) that the military/DoD is so forthcoming/transparent. The civilian network, part of the nation's critical infrastructure, is more vulnerable. Softer target, as well. Qualitative comparison of long-term strategic consequences of attack on military versus civilian network is going to require either a few beers or another delayed plane. /Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites
lawrocket 3 #9 March 10, 2008 Yep. I worked there for three years. Knowing what was on those floors below me made me pretty nervous sometimes. This was BEFORE 9/11. About six months after 9/11, I heard military jets. I looked out my window (at about 12:30 p.m.) to see an F-14 and an F-4 approach from the east and fly out over the Valley. Okay. That was weird. Five minutes later they come back for another buzzing. Five minutes later, yet another. I told my boss I was outta there and went a few blocks away for lunch. My wife is hotter than your wife. Quote Share this post Link to post Share on other sites
FreeflyChile 0 #10 March 10, 2008 Quote About six months after 9/11, I heard military jets. I looked out my window (at about 12:30 p.m.) to see an F-14 and an F-4 approach from the east and fly out over the Valley. reply] Wow....i did not know the military still used F-4s as recently as 2002...aside from the fright factor, that had to be pretty cool to see. Quote Share this post Link to post Share on other sites lawrocket 3 #11 March 10, 2008 QuoteQuote About six months after 9/11, I heard military jets. I looked out my window (at about 12:30 p.m.) to see an F-14 and an F-4 approach from the east and fly out over the Valley. reply] Wow....i did not know the military still used F-4s as recently as 2002...aside from the fright factor, that had to be pretty cool to see. Oops. I didn't complete the story. They were practicing flyovers of Dodger Stadium in preparation for opening day. They simply failed to inform the general population of this. Note: A couple of weeks later, that same F-4 augered in at the Pt. Mugu Airshow. My wife is hotter than your wife. Quote Share this post Link to post Share on other sites kelpdiver 2 #12 March 10, 2008 QuoteQuoteperhaps the military could stop using Windows. It's more than just the military -- that's the point. While the military's unclassified networks may have vulnerabilities; one could argue that anything that's got underlying parts radiation hardened is less vulnerable. It's a credit (& strength of) to the US system (civilian oversight, w/in & w/out the USG) that the military/DoD is so forthcoming/transparent. The civilian network, part of the nation's critical infrastructure, is more vulnerable. Softer target, as well. Once radiation hardening comes into the equation, we got bigger concerns that just the internet. On the attacks of the 'cyber' variety, I believe the civilian side is in much better shape than the military. Openness means more people that can address the problem, and fewer regs/procedures slowing down the implementation. Quote Share this post Link to post Share on other sites nerdgirl 0 #13 March 11, 2008 QuoteOn the attacks of the 'cyber' variety, I believe the civilian side is in much better shape than the military. Openness means more people that can address the problem, and fewer regs/procedures slowing down the implementation. I would direct you toward the recent National Academy of Sciences report and the appendix therein, which reviews all the previous reports that came to largely the same conclusion (but also got little traction, i.e., the problem has been recognized and is *not* being addressed) and which details all the reasons why what you describe is not the case, from individual folks ignoring 'smart practices' and downloading/opening stuff anyway; lack of updating anti-virus, etc software; limitations in anti-viral software to be chasing the last attack (somewhat analogous to vaccine production); lack of communications due to proprietary instincts in the private sector, etc. VR/Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites Join the conversation You can post now and register later. If you have an account, sign in now to post with your account. Note: Your post will require moderator approval before it will be visible. Reply to this topic... × Pasted as rich text. Paste as plain text instead Only 75 emoji are allowed. × Your link has been automatically embedded. Display as a link instead × Your previous content has been restored. Clear editor × You cannot paste images directly. Upload or insert images from URL. Insert image from URL × Desktop Tablet Phone Submit Reply 0 Go To Topic Listing
lawrocket 3 #11 March 10, 2008 QuoteQuote About six months after 9/11, I heard military jets. I looked out my window (at about 12:30 p.m.) to see an F-14 and an F-4 approach from the east and fly out over the Valley. reply] Wow....i did not know the military still used F-4s as recently as 2002...aside from the fright factor, that had to be pretty cool to see. Oops. I didn't complete the story. They were practicing flyovers of Dodger Stadium in preparation for opening day. They simply failed to inform the general population of this. Note: A couple of weeks later, that same F-4 augered in at the Pt. Mugu Airshow. My wife is hotter than your wife. Quote Share this post Link to post Share on other sites kelpdiver 2 #12 March 10, 2008 QuoteQuoteperhaps the military could stop using Windows. It's more than just the military -- that's the point. While the military's unclassified networks may have vulnerabilities; one could argue that anything that's got underlying parts radiation hardened is less vulnerable. It's a credit (& strength of) to the US system (civilian oversight, w/in & w/out the USG) that the military/DoD is so forthcoming/transparent. The civilian network, part of the nation's critical infrastructure, is more vulnerable. Softer target, as well. Once radiation hardening comes into the equation, we got bigger concerns that just the internet. On the attacks of the 'cyber' variety, I believe the civilian side is in much better shape than the military. Openness means more people that can address the problem, and fewer regs/procedures slowing down the implementation. Quote Share this post Link to post Share on other sites nerdgirl 0 #13 March 11, 2008 QuoteOn the attacks of the 'cyber' variety, I believe the civilian side is in much better shape than the military. Openness means more people that can address the problem, and fewer regs/procedures slowing down the implementation. I would direct you toward the recent National Academy of Sciences report and the appendix therein, which reviews all the previous reports that came to largely the same conclusion (but also got little traction, i.e., the problem has been recognized and is *not* being addressed) and which details all the reasons why what you describe is not the case, from individual folks ignoring 'smart practices' and downloading/opening stuff anyway; lack of updating anti-virus, etc software; limitations in anti-viral software to be chasing the last attack (somewhat analogous to vaccine production); lack of communications due to proprietary instincts in the private sector, etc. VR/Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites Join the conversation You can post now and register later. If you have an account, sign in now to post with your account. Note: Your post will require moderator approval before it will be visible. Reply to this topic... × Pasted as rich text. Paste as plain text instead Only 75 emoji are allowed. × Your link has been automatically embedded. Display as a link instead × Your previous content has been restored. Clear editor × You cannot paste images directly. Upload or insert images from URL. Insert image from URL × Desktop Tablet Phone Submit Reply 0
kelpdiver 2 #12 March 10, 2008 QuoteQuoteperhaps the military could stop using Windows. It's more than just the military -- that's the point. While the military's unclassified networks may have vulnerabilities; one could argue that anything that's got underlying parts radiation hardened is less vulnerable. It's a credit (& strength of) to the US system (civilian oversight, w/in & w/out the USG) that the military/DoD is so forthcoming/transparent. The civilian network, part of the nation's critical infrastructure, is more vulnerable. Softer target, as well. Once radiation hardening comes into the equation, we got bigger concerns that just the internet. On the attacks of the 'cyber' variety, I believe the civilian side is in much better shape than the military. Openness means more people that can address the problem, and fewer regs/procedures slowing down the implementation. Quote Share this post Link to post Share on other sites
nerdgirl 0 #13 March 11, 2008 QuoteOn the attacks of the 'cyber' variety, I believe the civilian side is in much better shape than the military. Openness means more people that can address the problem, and fewer regs/procedures slowing down the implementation. I would direct you toward the recent National Academy of Sciences report and the appendix therein, which reviews all the previous reports that came to largely the same conclusion (but also got little traction, i.e., the problem has been recognized and is *not* being addressed) and which details all the reasons why what you describe is not the case, from individual folks ignoring 'smart practices' and downloading/opening stuff anyway; lack of updating anti-virus, etc software; limitations in anti-viral software to be chasing the last attack (somewhat analogous to vaccine production); lack of communications due to proprietary instincts in the private sector, etc. VR/Marg Act as if everything you do matters, while laughing at yourself for thinking anything you do matters. Tibetan Buddhist saying Quote Share this post Link to post Share on other sites
