Schneier Picks Apart Cyberwar Hype
from the good-work dept
For some time now, we've been pointing out how the new claims of cyberwar threats from politicians and defense contractors was massively overhyped. We keep getting comments on those posts along the lines of "the real threat is secret, so you have to trust the government," which isn't exactly comforting. Sometimes we get comments saying "you're not a security expert, so you don't know the real threat." At which point we ask people to explain the real threat and they always come up short. With military leaders getting together to once again hype the still unexplained "cyberwar threat" security expert Bruce Schneier has written a great piece detailing the lack of an actual threat.He points out, correctly, that cybersecurity is important, but elevating it to a bogus "war" is dangerous:
We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears.Instead, he notes, almost all of the known "examples" of cyberwar are either cybercrime or espionage -- which are not the same thing. As he points out:
We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime.
If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it's done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens.This is an important point. No one is saying that online security isn't important. We're just questioning whether it's really a "war" that requires the military to be heavily involved or if there are better options. It's great to see some in the security field start to speak up on this subject as well.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bruce schneier, cyberwar, hype
Reader Comments
Subscribe: RSS
View by: Time | Thread
They tell people what markets can exist and enforce those market and that lead the USSR to meltdown but they are doing it anyway to the U.S..
Now they want to now what people are doing every second so they can better "protect" them. Riiiiiiiiiiight.
[ link to this | view in chronology ]
If it looks like BS and smells like BS ...
If an asset is invaluable, then do not connect it to the outside network. It really is that simple. Now if these pundits were to ask for funding in this direction, then they would have a good argument. But they are not, and therefore they are full of it.
There is no way to fully lock down the outside network to the point where it would be acceptable to connect an invaluable asset. Thinking that this is possible is the act of a lunatic or a fraud.
I think the whole thisg is an excuse to control the internet and take away that which is possibly the most important tool available to humanity today.
[ link to this | view in chronology ]
You just don't know, so why don't you not talk about what you clearly don't know about. Also, I have a phrase that I want you always remember, 'cause this is a threat that could change the face of our very own nation.
Cyberweapons of Mass Destruction. CMDs.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
And another thing: what about when cyber-nations begin acts of cyber-electronic sabotage/espionage? You know...acts of cyber-cyber-war? We need to start hyping the cyber-people for the potential of a cyber-war right now! Or else, the cyber-world as we know it may end in a flash!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Done. :)
Actually we'd been planning to add a funny button for a couple weeks now. Just got around to it.
[ link to this | view in chronology ]
Re: Re: Re:
Come back after the weekend and the funny button is there!
Makes a slow Monday morning a little less painful. =)
[ link to this | view in chronology ]
Movie
It just isn't like the government/ military to spread FUD.
[ link to this | view in chronology ]
Re: Movie
Do it. I like this plan.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
great way to write a useless article about someone equally uniformed about the threat of cyber attack
computer virus's are overhyped as well, I do not have an infected system, but yet then why do I use anti-virus software, ah it is just the advertising saying these things exits right????
[ link to this | view in chronology ]
Re:
So we must be at war.
Right TAM?
[ link to this | view in chronology ]
Re:
You also don't hear much about alien abductions, mole people and the secret mind control experiments. They are also "overhyped" in some circles. That must mean they are happening a lot more than we are told. The government is lying!! Or not.
Also, can you provide some sort of statistics about these "real constant attacks"? Anyone?
"great way to write a useless article about someone equally uniformed about the threat of cyber attack"
Right...come back when you are able to explain what a stream cypher is. I bet you can't even explain and apply a caeser cypher. Sounds like a useless post from someone totally uninformed about what cryptography is.
"computer virus's are overhyped as well"
Yes they are. I have a __Windows__ system running for about two years without an infection or a "mainstream" anti-virus. All I need is Firefox+NoScript and clamwin. All open-source, so I don't get hit with mysterious false positives.
"but yet then why do I use anti-virus software, ah it is just the advertising saying these things exits right????"
You use it because you are a dope and don't understand a thing about security.
[ link to this | view in chronology ]
Re:
Good advice from the lunatic fringe.
You do not need any stinkin logic or corroborating evidence. Just let us take care of everything and you will be alright.
See, now don't you fell better ....
/s (is it really necessary?)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
yes there are persistent threats to us government and military interests. yes these threats happen via computers and the internet. but these are not new threats. these are the same threats the US has faced since the revolutionary war. they just happen to be technological in nature in this particular incarnation.
people have always wanted unauthorized access to government and military information. this is nothing new.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Did you just call Bruce Schneier uninformed? The mind boggles.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re to anon "blah blah you don't know"
You know a threat is serious when public security takes over money interests... As with the "whatever that will be" flu that will surely come this winter, I will consider it as a serious threat when the US government says "we invalidate the patents and all IP on the treatment, coz, you know, we need to save mankindd from extinction rather than making some extra $$", instead of declaring some bogus "state of emergency" (as Obama declared this year, said "state of emergency" being just buying a lot of drugs and granting legal immunity against secondary effects to its excluvie makers).
So I'm sure from now on all US institutions and critical infrastructure will ban the use of mswindows products because, you know, so many flaws there, and you can do nothing but stand powerless because guys in Redmond don't want you to know the code. Please state publicly that "due to rampant cyberwar chaos everywhere, from now on we will only use oversecured GNU/Linux systems".
[ link to this | view in chronology ]
Generating a Plan B Boogieman?
Suppose this is an attempt to inflate a Boogieman to replace Osama bin Laden. I mean, if he's not dead (in reality) yet, surely he and his organization have to start doing things to merit the enormous expenditures in Afghanistan.
What, no al Queda action in a while? Why, it's Cyberwar all the way baby! We need to maintain Cold War levels of spending on things like "Cyberwar Practice Ranges", and stuff like that, otherwise Our Critical Infrastructure Might Be Taken Over By Russian Siloviks!
The US made a huge mistake by allowing the DoD to get to such a huge size during the Cold War. We can't wind it down to a reasonable size without economically displacing some very powerful interests.
[ link to this | view in chronology ]
Cyberwar
We NEED the military to intervene! To save the lives of these brave men (or boys, and sometimes girls)! Let the defense contracts rain from the skies like hail of (virtual) bullets that will rain on our enemy!
//meh, military isn't needed and neither is cutting corners by existing designers
[ link to this | view in chronology ]
Trust
This is why we can never trust any government (anyone at all?) that hides behind various secrecy decrees or what not.
Don't tread on the people too much...
[ link to this | view in chronology ]
words matter
It is becoming clear that at some point in the near future, the US is going to have to get out of - or at least minimize our presence in - Afghanistan. The only way the US military-industrial complex can continue to operate at its current bloated and inflated rate is by finding/creating a new war/niche market. How else can the powers-that-be continue to justify a defense budget of $700 Billion per year - especially with the economy in its current dismal state.
[ link to this | view in chronology ]
It's like the Y2K "bug's" second coming...
Like so many other "panics" of our time it seems like certain aspects of it are being blown out of proportion to try and create a panic that feeds back into the problem with the hope that a snowball effect will cause it to gain enough momentum. The problem is creating overblown panics about certain aspects of a problem or using outright falsehoods only damage the arguments in the long run.
[ link to this | view in chronology ]
Posse Comitatus Act
[ link to this | view in chronology ]
[ link to this | view in chronology ]