Schneier Picks Apart Cyberwar Hype

from the good-work dept

For some time now, we’ve been pointing out how the new claims of cyberwar threats from politicians and defense contractors was massively overhyped. We keep getting comments on those posts along the lines of “the real threat is secret, so you have to trust the government,” which isn’t exactly comforting. Sometimes we get comments saying “you’re not a security expert, so you don’t know the real threat.” At which point we ask people to explain the real threat and they always come up short. With military leaders getting together to once again hype the still unexplained “cyberwar threat” security expert Bruce Schneier has written a great piece detailing the lack of an actual threat.

He points out, correctly, that cybersecurity is important, but elevating it to a bogus “war” is dangerous:

We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There’s a power struggle going on for control of our nation’s cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military’s expansive cyberspace definition of “war,” we feed our fears.

We reinforce the notion that we’re helpless — what person or organization can defend itself in a war? — and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.

Instead, he notes, almost all of the known “examples” of cyberwar are either cybercrime or espionage — which are not the same thing. As he points out:

If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it’s done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens.

This is an important point. No one is saying that online security isn’t important. We’re just questioning whether it’s really a “war” that requires the military to be heavily involved or if there are better options. It’s great to see some in the security field start to speak up on this subject as well.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Schneier Picks Apart Cyberwar Hype”

Subscribe: RSS Leave a comment
Anonymous Coward says:

The U.S. government is starting to look more and more like the old USSR.

They tell people what markets can exist and enforce those market and that lead the USSR to meltdown but they are doing it anyway to the U.S..

Now they want to now what people are doing every second so they can better “protect” them. Riiiiiiiiiiight.

abc gum says:

If it looks like BS and smells like BS ...

Saber rattling by the industry rainmakers arguing for more intrusive measures to be wielded by three letter acronym organizations is bullshit. They are going to do whatever they do, and have already been doing, regardless and as a society we do not need to condone it. The whole thing is quite silly.

If an asset is invaluable, then do not connect it to the outside network. It really is that simple. Now if these pundits were to ask for funding in this direction, then they would have a good argument. But they are not, and therefore they are full of it.

There is no way to fully lock down the outside network to the point where it would be acceptable to connect an invaluable asset. Thinking that this is possible is the act of a lunatic or a fraud.

I think the whole thisg is an excuse to control the internet and take away that which is possibly the most important tool available to humanity today.

Anonymous Coward says:

You don’t know what’s it like out here! Out here, in the cyberkilling cyberfields! The inhumanity of it all! Cyberbabies are being raped!

You just don’t know, so why don’t you not talk about what you clearly don’t know about. Also, I have a phrase that I want you always remember, ’cause this is a threat that could change the face of our very own nation.

Cyberweapons of Mass Destruction. CMDs.

Anonymous Coward says:

Re: Re: Re:2 Re:

What about cyber-rogue states?

And another thing: what about when cyber-nations begin acts of cyber-electronic sabotage/espionage? You know…acts of cyber-cyber-war? We need to start hyping the cyber-people for the potential of a cyber-war right now! Or else, the cyber-world as we know it may end in a flash!

Anonymous Coward says:

its “overhyped” because you don’t really hear about, you don’t know about the real constant attacks, because your not going to be told about them

great way to write a useless article about someone equally uniformed about the threat of cyber attack

computer virus’s are overhyped as well, I do not have an infected system, but yet then why do I use anti-virus software, ah it is just the advertising saying these things exits right????

Anonymous Coward says:

Re: Re:

“its “overhyped” because you don’t really hear about, you don’t know about the real constant attacks, because your not going to be told about them”

You also don’t hear much about alien abductions, mole people and the secret mind control experiments. They are also “overhyped” in some circles. That must mean they are happening a lot more than we are told. The government is lying!! Or not.

Also, can you provide some sort of statistics about these “real constant attacks”? Anyone?

“great way to write a useless article about someone equally uniformed about the threat of cyber attack”

Right…come back when you are able to explain what a stream cypher is. I bet you can’t even explain and apply a caeser cypher. Sounds like a useless post from someone totally uninformed about what cryptography is.

“computer virus’s are overhyped as well”

Yes they are. I have a __Windows__ system running for about two years without an infection or a “mainstream” anti-virus. All I need is Firefox+NoScript and clamwin. All open-source, so I don’t get hit with mysterious false positives.

“but yet then why do I use anti-virus software, ah it is just the advertising saying these things exits right????”

You use it because you are a dope and don’t understand a thing about security.

chris (profile) says:

Re: Re:

its “overhyped” because you don’t really hear about, you don’t know about the real constant attacks, because your not going to be told about them

yes there are persistent threats to us government and military interests. yes these threats happen via computers and the internet. but these are not new threats. these are the same threats the US has faced since the revolutionary war. they just happen to be technological in nature in this particular incarnation.

people have always wanted unauthorized access to government and military information. this is nothing new.

Alatar says:

Re to anon "blah blah you don't know"

“its “overhyped” because you don’t really hear about, you don’t know about the real constant attacks, because your not going to be told about them”.

You know a threat is serious when public security takes over money interests… As with the “whatever that will be” flu that will surely come this winter, I will consider it as a serious threat when the US government says “we invalidate the patents and all IP on the treatment, coz, you know, we need to save mankindd from extinction rather than making some extra $$”, instead of declaring some bogus “state of emergency” (as Obama declared this year, said “state of emergency” being just buying a lot of drugs and granting legal immunity against secondary effects to its excluvie makers).

So I’m sure from now on all US institutions and critical infrastructure will ban the use of mswindows products because, you know, so many flaws there, and you can do nothing but stand powerless because guys in Redmond don’t want you to know the code. Please state publicly that “due to rampant cyberwar chaos everywhere, from now on we will only use oversecured GNU/Linux systems”.

Bruce Ediger (profile) says:

Generating a Plan B Boogieman?

Here’s some errant nonsense:

Suppose this is an attempt to inflate a Boogieman to replace Osama bin Laden. I mean, if he’s not dead (in reality) yet, surely he and his organization have to start doing things to merit the enormous expenditures in Afghanistan.

What, no al Queda action in a while? Why, it’s Cyberwar all the way baby! We need to maintain Cold War levels of spending on things like “Cyberwar Practice Ranges”, and stuff like that, otherwise Our Critical Infrastructure Might Be Taken Over By Russian Siloviks!

The US made a huge mistake by allowing the DoD to get to such a huge size during the Cold War. We can’t wind it down to a reasonable size without economically displacing some very powerful interests.

Nate (profile) says:


You better believe the hype. It’s real. And it’s happening right now. There are men out there dying every day. Millions if not billions all laying about on their respective fronts. From Heavies to Special Forces to modern soldiers. All this death while the enemy taunts with jeers of “BOOM! Headshot!” and “LOL YOU GOT PWNED!” That’s the most disgusting part of it all…

We NEED the military to intervene! To save the lives of these brave men (or boys, and sometimes girls)! Let the defense contracts rain from the skies like hail of (virtual) bullets that will rain on our enemy!

//meh, military isn’t needed and neither is cutting corners by existing designers

vrob (profile) says:

words matter

This article makes me happy. I am glad to hear that at least some people are pushing back against the use of terms like “cyberterrorism” and “cyberwar.”

It is becoming clear that at some point in the near future, the US is going to have to get out of – or at least minimize our presence in – Afghanistan. The only way the US military-industrial complex can continue to operate at its current bloated and inflated rate is by finding/creating a new war/niche market. How else can the powers-that-be continue to justify a defense budget of $700 Billion per year – especially with the economy in its current dismal state.

lostalaska (profile) says:

It's like the Y2K "bug's" second coming...

…seems like the people screaming loudest about this are either in it to make some serious cash or to gain a lot of power or influence over web securities.

Like so many other “panics” of our time it seems like certain aspects of it are being blown out of proportion to try and create a panic that feeds back into the problem with the hope that a snowball effect will cause it to gain enough momentum. The problem is creating overblown panics about certain aspects of a problem or using outright falsehoods only damage the arguments in the long run.

Randall says:

Not a comment on the cyberwar article itself, but as a frequent reader of Schneier’s blog, I find it funny that the format of this post (short discussion of article, followed by long, indented excerpts from the article) is one he himself uses quite frequently. All that’s missing are links in the last sentence for when you’ve previously covered the same topic.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...