Schneier Picks Apart Cyberwar Hype

from the good-work dept

For some time now, we've been pointing out how the new claims of cyberwar threats from politicians and defense contractors was massively overhyped. We keep getting comments on those posts along the lines of "the real threat is secret, so you have to trust the government," which isn't exactly comforting. Sometimes we get comments saying "you're not a security expert, so you don't know the real threat." At which point we ask people to explain the real threat and they always come up short. With military leaders getting together to once again hype the still unexplained "cyberwar threat" security expert Bruce Schneier has written a great piece detailing the lack of an actual threat.

He points out, correctly, that cybersecurity is important, but elevating it to a bogus "war" is dangerous:
We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears.

We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.
Instead, he notes, almost all of the known "examples" of cyberwar are either cybercrime or espionage -- which are not the same thing. As he points out:
If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it's done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens.
This is an important point. No one is saying that online security isn't important. We're just questioning whether it's really a "war" that requires the military to be heavily involved or if there are better options. It's great to see some in the security field start to speak up on this subject as well.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bruce schneier, cyberwar, hype


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 8 Jul 2010 @ 5:43pm

    The U.S. government is starting to look more and more like the old USSR.

    They tell people what markets can exist and enforce those market and that lead the USSR to meltdown but they are doing it anyway to the U.S..

    Now they want to now what people are doing every second so they can better "protect" them. Riiiiiiiiiiight.

    link to this | view in chronology ]

  • identicon
    abc gum, 8 Jul 2010 @ 6:16pm

    If it looks like BS and smells like BS ...

    Saber rattling by the industry rainmakers arguing for more intrusive measures to be wielded by three letter acronym organizations is bullshit. They are going to do whatever they do, and have already been doing, regardless and as a society we do not need to condone it. The whole thing is quite silly.

    If an asset is invaluable, then do not connect it to the outside network. It really is that simple. Now if these pundits were to ask for funding in this direction, then they would have a good argument. But they are not, and therefore they are full of it.

    There is no way to fully lock down the outside network to the point where it would be acceptable to connect an invaluable asset. Thinking that this is possible is the act of a lunatic or a fraud.

    I think the whole thisg is an excuse to control the internet and take away that which is possibly the most important tool available to humanity today.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2010 @ 6:17pm

    You don't know what's it like out here! Out here, in the cyberkilling cyberfields! The inhumanity of it all! Cyberbabies are being raped!

    You just don't know, so why don't you not talk about what you clearly don't know about. Also, I have a phrase that I want you always remember, 'cause this is a threat that could change the face of our very own nation.

    Cyberweapons of Mass Destruction. CMDs.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Jul 2010 @ 8:09pm

      Re:

      I have my cybernukes ready. Which countries are the cybernuclear powers of the world? and which country has the most cybernukes? We need to encourage countries to disarm their cybernukes. Maybe we can start a treaty or something.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Jul 2010 @ 8:27pm

        Re: Re:

        Uh, oh. Better start building cyber-missile defenses.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 8 Jul 2010 @ 8:31pm

          Re: Re: Re:

          We need a cybertreaty among all the cyber superpowers of the world. Maybe we can start a cyber organization like the cyber world trade organization or something.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Jul 2010 @ 4:18am

            Re: Re: Re: Re:

            What about cyber-rogue states?

            And another thing: what about when cyber-nations begin acts of cyber-electronic sabotage/espionage? You know...acts of cyber-cyber-war? We need to start hyping the cyber-people for the potential of a cyber-war right now! Or else, the cyber-world as we know it may end in a flash!

            link to this | view in chronology ]

    • icon
      Killer_Tofu (profile), 9 Jul 2010 @ 9:50am

      Re:

      I wish there was a funny button just for this post (and others but this one made me voice my wish for it).

      link to this | view in chronology ]

      • icon
        Mike Masnick (profile), 9 Jul 2010 @ 3:27pm

        Re: Re:

        I wish there was a funny button just for this post (and others but this one made me voice my wish for it).

        Done. :)

        Actually we'd been planning to add a funny button for a couple weeks now. Just got around to it.

        link to this | view in chronology ]

        • icon
          Killer_Tofu (profile), 12 Jul 2010 @ 7:18am

          Re: Re: Re:

          Woot!
          Come back after the weekend and the funny button is there!
          Makes a slow Monday morning a little less painful. =)

          link to this | view in chronology ]

  • identicon
    Pixelation, 8 Jul 2010 @ 6:24pm

    Movie

    I say let em have control. That way we'll end up with a future just like in the movies!

    It just isn't like the government/ military to spread FUD.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Jul 2010 @ 7:04pm

      Re: Movie

      It be kind of like a retarded version of Skynet. And there could be rebels! Rebels that I could relate to!

      Do it. I like this plan.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2010 @ 6:29pm

    They will go to far one of these days and the consequence is loss of respect for those institutions.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2010 @ 7:45pm

    its "overhyped" because you don't really hear about, you don't know about the real constant attacks, because your not going to be told about them

    great way to write a useless article about someone equally uniformed about the threat of cyber attack

    computer virus's are overhyped as well, I do not have an infected system, but yet then why do I use anti-virus software, ah it is just the advertising saying these things exits right????

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Jul 2010 @ 7:57pm

      Re:

      Did you know that the US is now AT WAR with Russia? Some spies were caught, you know, so there must be real constant attacks that we're not going to be told about.

      So we must be at war.

      Right TAM?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Jul 2010 @ 8:02pm

      Re:

      "its "overhyped" because you don't really hear about, you don't know about the real constant attacks, because your not going to be told about them"

      You also don't hear much about alien abductions, mole people and the secret mind control experiments. They are also "overhyped" in some circles. That must mean they are happening a lot more than we are told. The government is lying!! Or not.

      Also, can you provide some sort of statistics about these "real constant attacks"? Anyone?

      "great way to write a useless article about someone equally uniformed about the threat of cyber attack"

      Right...come back when you are able to explain what a stream cypher is. I bet you can't even explain and apply a caeser cypher. Sounds like a useless post from someone totally uninformed about what cryptography is.

      "computer virus's are overhyped as well"

      Yes they are. I have a __Windows__ system running for about two years without an infection or a "mainstream" anti-virus. All I need is Firefox+NoScript and clamwin. All open-source, so I don't get hit with mysterious false positives.

      "but yet then why do I use anti-virus software, ah it is just the advertising saying these things exits right????"

      You use it because you are a dope and don't understand a thing about security.

      link to this | view in chronology ]

    • identicon
      abc gum, 8 Jul 2010 @ 8:10pm

      Re:

      - be afraid, be very afraid -

      Good advice from the lunatic fringe.

      You do not need any stinkin logic or corroborating evidence. Just let us take care of everything and you will be alright.
      See, now don't you fell better ....

      /s (is it really necessary?)

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Jul 2010 @ 8:45pm

      Re:

      You're a cybermoron.

      link to this | view in chronology ]

    • icon
      chris (profile), 9 Jul 2010 @ 6:00am

      Re:

      its "overhyped" because you don't really hear about, you don't know about the real constant attacks, because your not going to be told about them

      yes there are persistent threats to us government and military interests. yes these threats happen via computers and the internet. but these are not new threats. these are the same threats the US has faced since the revolutionary war. they just happen to be technological in nature in this particular incarnation.

      people have always wanted unauthorized access to government and military information. this is nothing new.

      link to this | view in chronology ]

    • icon
      BigKeithO (profile), 9 Jul 2010 @ 6:49am

      Re:

      So?... Disconnect the critical systems from the internet? Why would something that can cause so much damage if "attacked" be connected to the internet in the first place? If they did that you still wouldn't hear about attacks because they wouldn't be possible, what an idea!

      link to this | view in chronology ]

    • identicon
      Boggled Mind, 9 Jul 2010 @ 1:30pm

      Re:

      Did you... an anonymous coward on the internet... just call Bruce Schneier... an almost universally respected uber-expert on security with a specialization in cyber-security...

      Did you just call Bruce Schneier uninformed? The mind boggles.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2010 @ 8:19pm

    Re:

    Not going to click on your spam crap dude.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Jul 2010 @ 8:52pm

    Re:

    Thanks pittplasticsurgery! You came at the right time because I was just looking through comments on various blogs to find the right surgeon for me. I'll definitely be a happy customer.

    link to this | view in chronology ]

  • identicon
    Alatar, 9 Jul 2010 @ 12:30am

    Re to anon "blah blah you don't know"

    "its "overhyped" because you don't really hear about, you don't know about the real constant attacks, because your not going to be told about them".

    You know a threat is serious when public security takes over money interests... As with the "whatever that will be" flu that will surely come this winter, I will consider it as a serious threat when the US government says "we invalidate the patents and all IP on the treatment, coz, you know, we need to save mankindd from extinction rather than making some extra $$", instead of declaring some bogus "state of emergency" (as Obama declared this year, said "state of emergency" being just buying a lot of drugs and granting legal immunity against secondary effects to its excluvie makers).

    So I'm sure from now on all US institutions and critical infrastructure will ban the use of mswindows products because, you know, so many flaws there, and you can do nothing but stand powerless because guys in Redmond don't want you to know the code. Please state publicly that "due to rampant cyberwar chaos everywhere, from now on we will only use oversecured GNU/Linux systems".

    link to this | view in chronology ]

  • icon
    Bruce Ediger (profile), 9 Jul 2010 @ 6:33am

    Generating a Plan B Boogieman?

    Here's some errant nonsense:

    Suppose this is an attempt to inflate a Boogieman to replace Osama bin Laden. I mean, if he's not dead (in reality) yet, surely he and his organization have to start doing things to merit the enormous expenditures in Afghanistan.

    What, no al Queda action in a while? Why, it's Cyberwar all the way baby! We need to maintain Cold War levels of spending on things like "Cyberwar Practice Ranges", and stuff like that, otherwise Our Critical Infrastructure Might Be Taken Over By Russian Siloviks!

    The US made a huge mistake by allowing the DoD to get to such a huge size during the Cold War. We can't wind it down to a reasonable size without economically displacing some very powerful interests.

    link to this | view in chronology ]

  • icon
    Nate (profile), 9 Jul 2010 @ 6:50am

    Cyberwar

    You better believe the hype. It's real. And it's happening right now. There are men out there dying every day. Millions if not billions all laying about on their respective fronts. From Heavies to Special Forces to modern soldiers. All this death while the enemy taunts with jeers of "BOOM! Headshot!" and "LOL YOU GOT PWNED!" That's the most disgusting part of it all...

    We NEED the military to intervene! To save the lives of these brave men (or boys, and sometimes girls)! Let the defense contracts rain from the skies like hail of (virtual) bullets that will rain on our enemy!

    //meh, military isn't needed and neither is cutting corners by existing designers

    link to this | view in chronology ]

  • identicon
    Pablo Francisco, 9 Jul 2010 @ 8:22am

    Trust

    You know its really very simple: If you have to trust them, you can't!

    This is why we can never trust any government (anyone at all?) that hides behind various secrecy decrees or what not.

    Don't tread on the people too much...

    link to this | view in chronology ]

  • icon
    vrob (profile), 9 Jul 2010 @ 1:51pm

    words matter

    This article makes me happy. I am glad to hear that at least some people are pushing back against the use of terms like "cyberterrorism" and "cyberwar."

    It is becoming clear that at some point in the near future, the US is going to have to get out of - or at least minimize our presence in - Afghanistan. The only way the US military-industrial complex can continue to operate at its current bloated and inflated rate is by finding/creating a new war/niche market. How else can the powers-that-be continue to justify a defense budget of $700 Billion per year - especially with the economy in its current dismal state.

    link to this | view in chronology ]

  • icon
    lostalaska (profile), 9 Jul 2010 @ 4:47pm

    It's like the Y2K "bug's" second coming...

    ...seems like the people screaming loudest about this are either in it to make some serious cash or to gain a lot of power or influence over web securities.

    Like so many other "panics" of our time it seems like certain aspects of it are being blown out of proportion to try and create a panic that feeds back into the problem with the hope that a snowball effect will cause it to gain enough momentum. The problem is creating overblown panics about certain aspects of a problem or using outright falsehoods only damage the arguments in the long run.

    link to this | view in chronology ]

  • identicon
    AudibleNod, 10 Jul 2010 @ 3:37pm

    Posse Comitatus Act

    I'd like to see a response to see how the Cyber Command works within the rules of the PCA. Unless some entity cripples .MIL sites or some secret network I cannot see what the command would actually do.

    link to this | view in chronology ]

  • identicon
    Randall, 12 Jul 2010 @ 11:54am

    Not a comment on the cyberwar article itself, but as a frequent reader of Schneier's blog, I find it funny that the format of this post (short discussion of article, followed by long, indented excerpts from the article) is one he himself uses quite frequently. All that's missing are links in the last sentence for when you've previously covered the same topic.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.