Tuesday, September 20, 2011

EU BlackHat 2011: Cyberwar Overhyped, Escalating Cyber Conflict The Issue
- EU Keynote counters Ex-CIA Official's Warning

While imminent Cyberwar concerns have ramped up as of late, e.g., BlackHat 2011: Cyberwar is Coming- Ex-CIA Official Warns Black Hat 2011 Attendees, an insightful EU Black Hat 2011 - Keynote (video 1:15) with Bruce Schneier offers constructive and useful perspective:

“It’s not that that we’re fighting cyberwar, we’re increasingly seeing war-like tactics used in broader cyber conflicts. Non-nations can now deploy war-like tactics... a bunch of criminals getting tanks.. now what do you do?" - Bruce Schneier EU BlackHat 2011

Schneier points out that cyber war clearly is not happening now. Rhetoric surrounding cyberwar is exaggerated and harmful in its influence over policy. The debate language lacks good definitions - Don’t know when it starts, what it looks like, who is doing it, or when it’s over. Using the term “war” implies we’re helpless, we need to duck and cover, the government should handle it. Many measures merited in war time pose greater risk in peace time. Advantage is on the attackers side in cyber space with technology pushing capabilities out- so easy, kids can do it.

Further cyberwar high-level analysis commentary addresses topics such as preparing the battlefield, conducting attacks, etc. All advanced nations will need to have some cyber offensive capability as it's part of the war fighting theater now. It's also understood that the most advanced nations have extensive capabilities, e.g., placing logic bombs into enemy systems, potentially before broader conflicts starts. Reoccurring examples of precursor cyber-attacks being followed by more traditional military conflicts. US continues dragging feet on pursing international rules and treaties involving cyber conflicts given a perceived advantage. This stance really feeds the cyber arms race problem where every side assumes the worse. Related offensive decisions also need to be made at higher levels of government- Stuxnet types of attacks are reasonable to view as an act of war.

Critical Infrastructure concerns include widely believed examples of non-US criminal extortions, blackouts from hacking, e.g. Brazil. History is rich with market failure examples where common defense not adequately addressed by private industry. Private industry can only go so far and why we need government, with regulations only part of answer. The US is clearly more vulnerable than other nations; with risk is increasing, it's important to further address.

- 60 minutes exposé - Cyber War: Sabotaging the System 6/13/2010 (video 18:02)
- “Next war might start with blackout, not a bang.” “Art of the Possible”

No comments: