The Great Cyberwar to Come
Every day lately I open up the newsfeed and see more and more dire predictions of cyber doom and cyber war.
Each time I read this stuff I just have to hang my head and curse under my breath all of the morons out there both reporting on it as well as those purveyors spinning the cyberwar to come.
In fact, I really loathe the term “Cyberwar” as do I think, many of my compatriots in the infosec industrial complex (ooh coined a new one there huh?). Every time these people open their mouths I have to just borrow a line from Seinfeld and bellow;
Enough already of this Cyberwar lunacy! Let me tell you something, we have been in an information war for a long long time and a component of that is EW (Electronic Warfare). For years we have been manipulating warfare through information whether it be planting fake stories in the press (newspapers, tv, radio etc) to manipulating data within systems as part of disinformation campaigns.
The only real difference today, and I think is the crux of the cyberwar craze are two factors:
- Everything seems to be connected by computers today
- We can now manipulate not only data, but the machines that process actual physical processes (ICS/SCADA)
So yes, there is more that potentially can be done to an enemy target electronically, but, the hoopla and hype around cyberwarfare has gotten WAY out of hand today and someone needs to bust that bubble before the morons in charge get their trigger fingers on the button.
Perhaps though, its too late for that as I am looking around today and see that the military is saying they have the potential right to launch attacks after cyber attacks...
Good God... It makes one root for Skynet thinking about the great cyberwar to come.
Trust Us… We’re the Government!
What is most frightening to me is that the government and the military seem to be under many misapprehensions over “cyberwar”. In the case of the government, more to the point, Congress and the House, we have two august bodies that are filled with some of the most misinformed and Luddite oriented groups of people I have ever seen...
And these are the people we are going to entrust to make policy on such topics? The said same people who would have the likes of Gregory Evans speak to them about digital security?
We are doomed.
So, what do we have here? We have the people making laws led by the blind and the chicken little’s of the world. All of this over the overhyped and overblown idea that the great cyber war is a commin' and no one is safe! Our power will go out because hackers will shut it all down!
The gas pipelines will explode because John McClane won’t be able to get the Apple kid to the right terminal during the fire sale! The financial system will collapse because Thomas Gabriel will have jacked into the feeds and slurped ALL of our digital records on to his terabyte drives!
OH NO! Yeah, you might be asking yourself right about now; “Do they really believe that damn?”
Well, take a look at some of their laws lately concerning digital matters and privacy.. Then tell me they really know anything about the internet nor digital security. So, yes, I firmly believe they believe it.
In fact, there is an old trope in the movies about hackers. You know the one, where the hacker just sits down and 5 seconds later they are root on the Gibson… Yeah, I really think that is how they perceive hacking and how easy it would be to hack the planet... So to speak.
So, are you comfortable with these people deciding whether or not we actually physically (or digitally) attack another country after we get a little pwn3d? I am not.
Attribution… We Don’t Need No Stinkin Attribution!
Back to the DoD and their recent proclamation about physical and other attacks against those who attack us with a cyber attack. I just have one word for them to chew on and contemplate: ATTRIBUTION
You know, that pesky word meaning we actually KNOW who attacked us? Yeah, well as far as I have seen today, it’s pretty damned hard to determine most of the time who did what and where on the net. Digital forensics only gets you so far, compromised machines can be tampered with in so many ways to make it look like someone did something and these guys want to launch cruise missiles against nation states over a DDoS?
Mmmm yeah... This will not end well.
Ok, so the next great cyberwar will take place pretty much like the whole premise of the Terminator films then? Will Skynet become sentient or will we just have a military and government that says “THEY DID IT” and fire off some missiles? Frankly, what I see here is a lot of posturing and hope that the reality is that people will realize that they cannot attribute anything and not fire one missile due to the lack of concrete proof.
But... That assumes that cooler heads prevail and there are not too many hawks in the room...
Dark Prognostications of DOOM… Trust Me, I Write Blogs!
Meanwhile, we have the blogosphere and the pundits out there with slit eyed prognostications about how many more times 9/11 it would be, this cyberwar to come that McClane is not there to save us from.
- “THERE ARE NO AIR GAPS TO SCADA! WE ARE DOOMED!”
- “THE COLLATERAL DAMAGE WILL BE HUGE!”
- “OUR WAY OF LIFE WILL BE DESTROYED!”
Blech. Look, sure, a cyber attack on key infrastructure would be bad. It could cause a real ruckus and we could have pockets of the country/world where power may be down a while, gas lines could blow, and there would be collateral damage. However, this would not be an all out war.
In fact, I think it would be far worse if someone took out the core routers to the internet... I mean, at least that is doable if you do it right with kinetic attacks at key points (MAE’s etc) However, I just don’t see it as a likely scenario.
Frankly, you know what keeps me worried?
- Biological warfare or accidents with the materials
- A dirty bomb or a nuclear bomb cobbled together from illicit materials from the likes of Russia or Pakistan
- Mass coronal ejections causing a large EMP
Cyberwar... Not so much.
The problem is that there are too many pundits and too many crazy opinions out there that are getting ear time with the Luddites in charge. Hell, for that matter, I am a blogger too, so I could be part of the problem as well huh?
Maybe I am all wet and tomorrow China will attack at dawn... It’ll be just like Red Dawn.. Except they will hit us first with cyber attacks and then drop thousands of troops on us (Wait a minute! What a movie idea!).
CRAP! Someone beat me to it! Oh I know! instead the Chinese will just release all our prisoners from cell blocks by using Metasploit against their ICS systems that lock the doors!!!
Heh... Remember you heard it here first!
Reality? Nah, Just Pass Me The SymStim and Goggles!
I guess in the end, I just have to resign myself to the fact that sanity will not prevail. We will have a military with putative attribution and a Congress unqualified to rule on such things to pass the vote to attack those who attacked us with their packets and malware.
Oh well, I will just have to put in the REM and listen to the end of the world and we know it...
*Sits back... puts on shades... Hacks the Gibson*
Cross-posted from Krypt3ia