Words of Advice:

"We have it totally under control. It's one person coming from China. It's going to be just fine." -- Donald Trump, 1/22/2020

“We will not see diseases like the coronavirus come here..and isn't it refreshing when contrasting it with the awful presidency of President Obama."
-- Trump Press Secretary Kayleigh McEnany, 2/25/20

"I don't take responsibility for anything." --Donald Trump, 3/13/20

"If Something Seems To Be Too Good To Be True, It's Best To Shoot It, Just In Case." -- Fiona Glenanne

"Flying the Airplane is More Important than Radioing Your Plight to a Person on the Ground Who is Incapable of Understanding or Doing Anything About It." -- Unknown

"There seems to be almost no problem that Congress cannot, by diligent efforts and careful legislative drafting, make ten times worse." -- Me

"What the hell is an `Aluminum Falcon'?" -- Emperor Palpatine

"Eck!" -- George the Cat

Wednesday, June 1, 2011

Nuking Pyongyang? Or Helsinki??

This strikes me as a strategy that is not even a quarter-baked:
The Pentagon, trying to create a formal strategy to deter cyberattacks on the United States, plans to issue a new strategy soon declaring that a computer attack from a foreign nation can be considered an act of war that may result in a military response.

Several administration officials, in comments over the past two years, have suggested publicly that any American president could consider a variety of responses — economic sanctions, retaliatory cyberattacks or a military strike — if critical American computer systems were ever attacked.
As the article touches on, how do you know that a government is behind it? Would we really go to war because a bunch of hackers at Qingdao Tech decide that it would be fun to mess with American computer systems? And considering that an attack would probably be routed through a great many computer systems, determining the source of the attack might be difficult.

This strategy is a Potemkin village or, to rip off Gertrude Stein: There is no there, there.


BadTux said...

By "military response" I *HOPE* all they mean is "dispatch submarines and Special Forces to cut all Internet cables to that godforsaken country so it can rot in peace without pestering the rest of us." Because anything more than that is sheer lunacy.

Even that would be fairly problematic for countries with extensive land borders with fiber optic cables laid across them. Not to mention that these cables are owned by the Oligarchy and do you really think they're going to allow their puppet government to cut their cables? Only if they can figure out some way to make the marks err general public pay for it, I guess...

- Badtux the Baffled Penguin

Chuck Pergiel said...

This is the kind of news that just makes my little heart go all pitter patter. We can't even keep our computer systems secure within our own country without anybody else trying to muck with them. This would just give us another excuse to attack another country, as if we actually need another one.

Theoretically, computer systems can be made secure. If a supposedly secure system gets hacked, the people who are responsible for securing that system should be the ones under the gun, not the hackers.

Of course we are dealing with the government here. If there is a politician in the chain of command then all bets are off.

BadTux said...

Charles, there is no such thing as a "totally secure" system. I have hacked even the most secure system ever built, the Honeywell Multics, the only system in the history of the world that ever met the Pentagon's strictest security classification standard (in case you're wondering, it was a phishing attack, and no, I did not deploy it against anybody other than myself -- but it *would* have worked against others). The only theoretically secure system is one locked into a bank vault with no wires going in or out -- not even electric wire. But that computer system isn't very useful.

Computer security is all about making computers harder to attack, not about making them impossible to attack, because short of cutting them off from the outside world entirely there's always an attack vector of *some* sort. Maybe not an easy one -- indeed, Multics was quite difficult to attack, my exploit required physical access to a Multics terminal and a non-administrative account on the Multics system -- but there's always a way. From a practical standpoint Multics would have been unattackable by any current methods used to attack Windows or Linux, but a foreign power with significant resources could have always found a way...

- Badtux the Computer Security Penguin

Comrade Misfit said...

Charles, they're talking about infrastructure attacks. No system is completely secure. Hell, even Ft. Knox could, in theory, be robbed.

Computer systems are not hard for a dedicated hacker to get into. It might take finding a password, but I bet that if you went into ten offices in any company, you'd find at least one desk where the user wrote down their password and stuck it in their desk drawer.

Chuck Pergiel said...

If a banker kept all of the bank's money on the floor of the lobby, and he stood outside on the sidewalk passing out keys to passersby, would anyone take him seriously when he said he was robbed? There is security and there is security theater. If there are politicians involved, I will leave it to you to figure out which one applies.