Tuesday, April 28, 2009

New York Times on Cyberwar

This is a very, very interesting article. John Markoff has long been the best information security reporter in the MSM. There's an awful lot of hype here, but there's an awful lot that rings true as well:
When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group’s computers and altered information that drove them into American gun sights.
A little while ago, I posted about Resource Poisoning, and how it can wreak havoc among users who trust the resource:
A very old attack technique is called "Denial of Service" (DoS) - basically trying to make a service unavailable or unreliable. If someone were to dump a tanker truck load of motor oil on the beltway around 6:00 AM, the police would have to block off the highway for safety reasons, and folks would have an interesting commute. This is the obvious (and uninteresting) form of DoS. What if instead someone switched all the road signs, so that traffic to Chicago were sent down the road towards Albuquerque?
So back to the NYT article. Is it hype? As Mythbusters would say, the threats are plausible (and no surprise to either of my regular readers):
Every few months, it seems, some agency, research group or military contractor runs a war game to assess the United States’ vulnerability. Senior intelligence officials were shocked to discover how easy it was to permanently disable a large power generator. That prompted further studies to determine if attackers could take down a series of generators, bringing whole parts of the country to a halt.
Certainly the idea of nation states engaging in cyber attacks is nothing new, and the article talks about Russian attacks on Estonia and Georgia. Are we doing it? Who knows.

My feeling is that if we're not doing it, someone in the Fed.Gov should be fired.

UPDATE 28 April 2009 23:07: But Security Kitteh should not be fired:


Cyberwar, heh.

No comments:

Post a Comment

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.