Schneier Picks Apart Cyberwar Hype
from the good-work dept
For some time now, we’ve been pointing out how the new claims of cyberwar threats from politicians and defense contractors was massively overhyped. We keep getting comments on those posts along the lines of “the real threat is secret, so you have to trust the government,” which isn’t exactly comforting. Sometimes we get comments saying “you’re not a security expert, so you don’t know the real threat.” At which point we ask people to explain the real threat and they always come up short. With military leaders getting together to once again hype the still unexplained “cyberwar threat” security expert Bruce Schneier has written a great piece detailing the lack of an actual threat.
He points out, correctly, that cybersecurity is important, but elevating it to a bogus “war” is dangerous:
We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There’s a power struggle going on for control of our nation’s cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military’s expansive cyberspace definition of “war,” we feed our fears.
We reinforce the notion that we’re helpless — what person or organization can defend itself in a war? — and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.
Instead, he notes, almost all of the known “examples” of cyberwar are either cybercrime or espionage — which are not the same thing. As he points out:
If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it’s done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens.
This is an important point. No one is saying that online security isn’t important. We’re just questioning whether it’s really a “war” that requires the military to be heavily involved or if there are better options. It’s great to see some in the security field start to speak up on this subject as well.
Filed Under: bruce schneier, cyberwar, hype
Comments on “Schneier Picks Apart Cyberwar Hype”
The U.S. government is starting to look more and more like the old USSR.
They tell people what markets can exist and enforce those market and that lead the USSR to meltdown but they are doing it anyway to the U.S..
Now they want to now what people are doing every second so they can better “protect” them. Riiiiiiiiiiight.
If it looks like BS and smells like BS ...
Saber rattling by the industry rainmakers arguing for more intrusive measures to be wielded by three letter acronym organizations is bullshit. They are going to do whatever they do, and have already been doing, regardless and as a society we do not need to condone it. The whole thing is quite silly.
If an asset is invaluable, then do not connect it to the outside network. It really is that simple. Now if these pundits were to ask for funding in this direction, then they would have a good argument. But they are not, and therefore they are full of it.
There is no way to fully lock down the outside network to the point where it would be acceptable to connect an invaluable asset. Thinking that this is possible is the act of a lunatic or a fraud.
I think the whole thisg is an excuse to control the internet and take away that which is possibly the most important tool available to humanity today.
You don’t know what’s it like out here! Out here, in the cyberkilling cyberfields! The inhumanity of it all! Cyberbabies are being raped!
You just don’t know, so why don’t you not talk about what you clearly don’t know about. Also, I have a phrase that I want you always remember, ’cause this is a threat that could change the face of our very own nation.
Cyberweapons of Mass Destruction. CMDs.
Re: Re:
I have my cybernukes ready. Which countries are the cybernuclear powers of the world? and which country has the most cybernukes? We need to encourage countries to disarm their cybernukes. Maybe we can start a treaty or something.
Re: Re: Re:
Uh, oh. Better start building cyber-missile defenses.
Re: Re: Re: Re:
We need a cybertreaty among all the cyber superpowers of the world. Maybe we can start a cyber organization like the cyber world trade organization or something.
Re: Re: Re:2 Re:
What about cyber-rogue states?
And another thing: what about when cyber-nations begin acts of cyber-electronic sabotage/espionage? You know…acts of cyber-cyber-war? We need to start hyping the cyber-people for the potential of a cyber-war right now! Or else, the cyber-world as we know it may end in a flash!
Re: Re:
I wish there was a funny button just for this post (and others but this one made me voice my wish for it).
Re: Re: Re:
I wish there was a funny button just for this post (and others but this one made me voice my wish for it).
Done. 🙂
Actually we’d been planning to add a funny button for a couple weeks now. Just got around to it.
Re: Re: Re: Re:
Woot!
Come back after the weekend and the funny button is there!
Makes a slow Monday morning a little less painful. =)
Movie
I say let em have control. That way we’ll end up with a future just like in the movies!
It just isn’t like the government/ military to spread FUD.
Re: Movie
It be kind of like a retarded version of Skynet. And there could be rebels! Rebels that I could relate to!
Do it. I like this plan.
They will go to far one of these days and the consequence is loss of respect for those institutions.
its “overhyped” because you don’t really hear about, you don’t know about the real constant attacks, because your not going to be told about them
great way to write a useless article about someone equally uniformed about the threat of cyber attack
computer virus’s are overhyped as well, I do not have an infected system, but yet then why do I use anti-virus software, ah it is just the advertising saying these things exits right????
Re: Re:
Did you know that the US is now AT WAR with Russia? Some spies were caught, you know, so there must be real constant attacks that we’re not going to be told about.
So we must be at war.
Right TAM?
Re: Re:
“its “overhyped” because you don’t really hear about, you don’t know about the real constant attacks, because your not going to be told about them”
You also don’t hear much about alien abductions, mole people and the secret mind control experiments. They are also “overhyped” in some circles. That must mean they are happening a lot more than we are told. The government is lying!! Or not.
Also, can you provide some sort of statistics about these “real constant attacks”? Anyone?
“great way to write a useless article about someone equally uniformed about the threat of cyber attack”
Right…come back when you are able to explain what a stream cypher is. I bet you can’t even explain and apply a caeser cypher. Sounds like a useless post from someone totally uninformed about what cryptography is.
“computer virus’s are overhyped as well”
Yes they are. I have a __Windows__ system running for about two years without an infection or a “mainstream” anti-virus. All I need is Firefox+NoScript and clamwin. All open-source, so I don’t get hit with mysterious false positives.
“but yet then why do I use anti-virus software, ah it is just the advertising saying these things exits right????”
You use it because you are a dope and don’t understand a thing about security.
Re: Re:
– be afraid, be very afraid –
Good advice from the lunatic fringe.
You do not need any stinkin logic or corroborating evidence. Just let us take care of everything and you will be alright.
See, now don’t you fell better ….
/s (is it really necessary?)
Re: Re:
You’re a cybermoron.
Re: Re:
its “overhyped” because you don’t really hear about, you don’t know about the real constant attacks, because your not going to be told about them
yes there are persistent threats to us government and military interests. yes these threats happen via computers and the internet. but these are not new threats. these are the same threats the US has faced since the revolutionary war. they just happen to be technological in nature in this particular incarnation.
people have always wanted unauthorized access to government and military information. this is nothing new.
Re: Re:
So?… Disconnect the critical systems from the internet? Why would something that can cause so much damage if “attacked” be connected to the internet in the first place? If they did that you still wouldn’t hear about attacks because they wouldn’t be possible, what an idea!
Re: Re:
Did you… an anonymous coward on the internet… just call Bruce Schneier… an almost universally respected uber-expert on security with a specialization in cyber-security…
Did you just call Bruce Schneier uninformed? The mind boggles.
Re:
Not going to click on your spam crap dude.
Re:
Thanks pittplasticsurgery! You came at the right time because I was just looking through comments on various blogs to find the right surgeon for me. I’ll definitely be a happy customer.
Re to anon "blah blah you don't know"
“its “overhyped” because you don’t really hear about, you don’t know about the real constant attacks, because your not going to be told about them”.
You know a threat is serious when public security takes over money interests… As with the “whatever that will be” flu that will surely come this winter, I will consider it as a serious threat when the US government says “we invalidate the patents and all IP on the treatment, coz, you know, we need to save mankindd from extinction rather than making some extra $$”, instead of declaring some bogus “state of emergency” (as Obama declared this year, said “state of emergency” being just buying a lot of drugs and granting legal immunity against secondary effects to its excluvie makers).
So I’m sure from now on all US institutions and critical infrastructure will ban the use of mswindows products because, you know, so many flaws there, and you can do nothing but stand powerless because guys in Redmond don’t want you to know the code. Please state publicly that “due to rampant cyberwar chaos everywhere, from now on we will only use oversecured GNU/Linux systems”.
Generating a Plan B Boogieman?
Here’s some errant nonsense:
Suppose this is an attempt to inflate a Boogieman to replace Osama bin Laden. I mean, if he’s not dead (in reality) yet, surely he and his organization have to start doing things to merit the enormous expenditures in Afghanistan.
What, no al Queda action in a while? Why, it’s Cyberwar all the way baby! We need to maintain Cold War levels of spending on things like “Cyberwar Practice Ranges”, and stuff like that, otherwise Our Critical Infrastructure Might Be Taken Over By Russian Siloviks!
The US made a huge mistake by allowing the DoD to get to such a huge size during the Cold War. We can’t wind it down to a reasonable size without economically displacing some very powerful interests.
Cyberwar
You better believe the hype. It’s real. And it’s happening right now. There are men out there dying every day. Millions if not billions all laying about on their respective fronts. From Heavies to Special Forces to modern soldiers. All this death while the enemy taunts with jeers of “BOOM! Headshot!” and “LOL YOU GOT PWNED!” That’s the most disgusting part of it all…
We NEED the military to intervene! To save the lives of these brave men (or boys, and sometimes girls)! Let the defense contracts rain from the skies like hail of (virtual) bullets that will rain on our enemy!
//meh, military isn’t needed and neither is cutting corners by existing designers
Trust
You know its really very simple: If you have to trust them, you can’t!
This is why we can never trust any government (anyone at all?) that hides behind various secrecy decrees or what not.
Don’t tread on the people too much…
words matter
This article makes me happy. I am glad to hear that at least some people are pushing back against the use of terms like “cyberterrorism” and “cyberwar.”
It is becoming clear that at some point in the near future, the US is going to have to get out of – or at least minimize our presence in – Afghanistan. The only way the US military-industrial complex can continue to operate at its current bloated and inflated rate is by finding/creating a new war/niche market. How else can the powers-that-be continue to justify a defense budget of $700 Billion per year – especially with the economy in its current dismal state.
It's like the Y2K "bug's" second coming...
…seems like the people screaming loudest about this are either in it to make some serious cash or to gain a lot of power or influence over web securities.
Like so many other “panics” of our time it seems like certain aspects of it are being blown out of proportion to try and create a panic that feeds back into the problem with the hope that a snowball effect will cause it to gain enough momentum. The problem is creating overblown panics about certain aspects of a problem or using outright falsehoods only damage the arguments in the long run.
Posse Comitatus Act
I’d like to see a response to see how the Cyber Command works within the rules of the PCA. Unless some entity cripples .MIL sites or some secret network I cannot see what the command would actually do.
Not a comment on the cyberwar article itself, but as a frequent reader of Schneier’s blog, I find it funny that the format of this post (short discussion of article, followed by long, indented excerpts from the article) is one he himself uses quite frequently. All that’s missing are links in the last sentence for when you’ve previously covered the same topic.