Keeping Defense.gov Up Isn't A National Security Issue
from the cyber-vandalism dept
Apparently, last year’s “cyber attacks” against Estonia have caused NATO to set up a “cyber warfare” center that will coordinate responses to online security threats. This is silly. The article says that the Estonian attacks succeeded in “knocking some financial systems in the country offline for several hours,” but if you read press accounts of the attacks more closely, what you find is that the attacks mostly forced the websites of several financial institutions offline. I’m sure that was annoying for Estonians who couldn’t check their bank balances, but there’s a big difference between “annoyance” and “national security threat.” Equally silly is the Air Force’s proposal to develop a military botnet for launching distributed denial-of-service attacks against America’s enemies. The Internet is not a military network; the military has maintained its own, separate, TCP/IP-based network for military operations since the 1970s. Most other countries have undoubtedly followed suit. Which means that “cyber warfare” can’t accomplish much more than to knock out some websites in foreign countries. And while that’s certainly going to be annoying for users of the affected websites, it’s not a national security issue, and the world’s militaries have far more urgent things to worry about.
Filed Under: national defense, website protection
Comments on “Keeping Defense.gov Up Isn't A National Security Issue”
Too much Cyberpunk...
Seriously.
Never fade away…
Re: Too much Cyberpunk...
Indeedy. Too much Cyberpunk and probably too much Cypherpunk too. The NSA hired a married couple in math recently, one of whom is one of just a handful of people who does the specific type of math she does in America. Quantum Knot Topology.
What the hell does the NSA need with Quantum Knot Topologists? Mostly Physicists use them for building string theory models. Though mostly physicists are totally wrong about what the math for string theory says too… Either way it’s a very specialized form of math.
Re: Re: Too much Cyberpunk...
Likely? it’s such a specialized form of math that NSA wants it in case someone’s using it as part of a coding/encryption deal.
Actually, I’d say this tendency to overstate the importance of denial-of-service attacks like the ones that hit the Estonians is what makes it important to devote resources to preventing them, and to counter-attacking for that matter; they may not achieve a hell of a lot on a practical level, but they’re a useful psychological weapon. Besides, there’s far worse things a serious hacker could do than DoS.
just good ole fun
Seriously, if a (current) real war, with real consequences and casualties doesn’t get the public’s attention… but I digress. This is a perfectly apt approach for the military. I recently took a Certified Ethical Hacker course (ok, I like paper) and half the students were from the military. We had a 25% pass rate, and the military was no different. What does this mean? Our military needs better skills, and these types of attacks really are an effective way to hamper a modern societies ability to function. The best our leaders can do now is beg for oil, and exhort us to go shopping. Oh, happy stimulus! But really seriously, I would think (make that, hope) that our “cyber warfare” capabilities go beyond DoS attacks.
botnets
Actually, I would be sorely disillusioned if we did not already have a million-unit botnet ready to go at any time… what else would a military-grade hacker worth his salt do in his spare time?
Re: botnets
Historically the military’s cyberwarfare capabilities have focused on the NSA-type and then protecting its own networks from intrusion. The problem is the defensive capabilities have not kept up with rapid desire for more connectivity for command and control(the buzzword thrown around is a “netted force”).
I think part of what Timothy is ranting about is some Air Force Colonel that made a comment about using the Air Force’s own computers and networks as part of a massive botnet. In fact, he wanted to take old unused computers and spare rooms as part of this network. The whole proposal is stupid for many reasons, so of course, it’s getting a lot of press on the blogosphere. I sincerely doubt it will become a reality.
Ok…so on the quantum knot topologists; the NSA is scared of anything dealing with quantum computing, they are also desperate to acquire it probably has something to do with that.
As for the military, what most people don’t understand is that the is playing catch-up. For decades DoD was the leading innovator in technology, they were the cutting edge. Today that story is very different, the DoD doesn’t develop technologies, it utilizes them, and the one thing about the military that everyone knows is that it is not geared for change, it is by it’s nature a conservative institution. Military schools are notorious for teaching obsolete material, most barely have funtioning equipment, this is because they are severely under-funded and all new equipment is rushed into service. Often a military instructor will have never seen the latest generation of equipment. In short the 8th Air Forces proposed Cyber Command is the only way the DoD knows how to respond and quite frankly the only way that it will probably succeed.
Timothy Lee's Annoyance
Its just an annoyance unless its YOU trying to do online banking, then it becomes a crisis.
BTW: You are absolved for your stupidity.
Re: Timothy Lee's Annoyance
Its just an annoyance unless its YOU trying to do online banking, then it becomes a crisis.
Maybe you should keep your money in a bank that has a physical presence where you live. You know, in case you can’t get to your bank’s web site for some reason. Suddenly, no crisis! Or maybe you didn’t know you can still actually go to a bank to do banking. 😉
Depends, might be a large part of the psy-ops and general propaganda machine – then it would be, to many, considered a ‘defense’ issue.
...um yeah...
Chester…stop cut-pasting your posts. Thanks. And once again, Tech Dirt does not do all of their research. I love people like you Lee. Always out for the story and never the facts. For someone who is so proud of being an adjunct w/ Cato you sure do a poor job of researching.
Military Networks
Although the military does maintain its own separate SIPRNET for classified information the NIPRNET is accessible from all military computers as well at the regular internet therefor you get access to one computer and you are on the inside. Not completely separate. Not to mention even if you don’t obtain access to an inside computer you could still DDoS military computers and since it is the same incoming connection the WWW would block the NIPR side. Just my analysis.
Nothing better to do
We (in the US) spend an incredible fortune on our military:
http://www.globalissues.org/Geopolitics/ArmsTrade/Spending.asp#USMilitarySpending
We spend roughly half of what the rest of the world spends combined. So I’m not sure why it is surprising that we are spending it on stupid, inane things, at least a fair portion of the time. The fact is that we spend more money than could possibly be applied to real threats, so the military must work on the imaginary ones as well.
Re: Nothing better to do
“We spend roughly half of what the rest of the world spends combined.”
According to Fred Kaplan on Slate Magazine, we actually spend more than all other countries combined. You could rephrase that as: one half of all countries combined, except that we actually exceed the others combined. Also, the defense budget greatly understates what we are actually spending on defense related matters.
They just needed something else to blow our tax money on. I suppose there could be some need to have a department specifically into this sort of thing. But, the writer is correct… there is a big difference between shutting down a website for a couple hours and national security. http://www.custompcmax.com
Slight exaggeration on TCP/IP
Contrary to the statement in the original article, it seems unlikely that the “military has maintained its own, separate, TCP/IP-based network for military operations since the 1970s,” given that the Arpanet switchover from NCP happened in 1983.
There were, no doubt, TCP/IP networks within the military before that, but they were most likely used for research and engineering, rather than operations.
my sister-in-law is Estonian...
According to her, there are very few brick and mortar banks in Estonia. All of one’s banking is done online. So I would think that the denials of service could hurt a bit.