More on this book
Community
Kindle Notes & Highlights
nuclear weapons, politicians and militaries had created rules of engagement based on deterrence. But there was no similar protocol for dealing with cyberattacks.
The vacuum of rules and international agreements had been as much to blame as circumstances in creating the CyberStorm.
We’d jumped to conclusions, our minds tainted by our fears and the horrors that we’d experienced.
“Sometimes things break apart,” read the message, “so that better things can come together.” Below this was the attribution: “Marilyn Monroe.”
The separation between the cyber and physical worlds was disappearing. Cyberbullying was just bullying, and cyberwar was just war—the true age of cyber would begin when we stopped using it as a descriptor.
The same delusional, single-track thinking had almost cost us our lives when I’d been unable to understand what I saw in Washington as anything other than a Chinese invasion.
In the 1980’s, the rise of advanced information and communications technology enabled the creation of the internet and what we’ve come to call cyberspace, a loosely-defined term that encompasses the global patchwork collection of civilian, government and military computer systems and networks.
Congestion and disruption are problems in both space and cyberspace. Ninety percent of email is spam, and a large proportion of traffic over any network is from malware, which clogs up and endangers cyberspace. Cyberattacks are now moving from email as the primary vector, to using customized web applications using tools such as the Blackhole automated attack toolkit. Cyberattack by nation-states is now joining the criminal use of spam, viruses, Trojans and worms as deliberate attempts to attack and disrupt cyberspace.
traditional the air-sea-land domains are covered under the UN—Law of the Sea, Arctic, Climate Change, Biodiversity—outer space and cyberspace still operate under ad-hoc agreements mostly outside of UN frameworks.
Deterrence is only effective as a military strategy if you can know, with certainty, who it was that attacked you, but in a cyberattack, there is purposeful obfuscation that makes attribution very difficult.
internet-centric reliance of a modern nations’ critical infrastructure.
internet security. The internet was originally designed as a redundant, self-healing network, the sort of thing that is purposely hard to centrally control. In the late 80’s it evolved into an information-sharing tool for universities and researchers, and in the 90’s it morphed into America’s shopping mall. Now it has become something that is hard, even impossible, to define—so we just call it cyberspace, and leave it at that.
while everyone runs the internet, nobody is really in charge of it. ICANN— The Internet Corporation for Assigned Names and Numbers—exerts some control, but the World Summit on the Information Society (WSIS), convened by UN in 2001, was created because nations around world have become increasingly uneasy that their critical infrastructures, and economies, are dependent on the internet, a medium that they had little control over and no governance oversight.
we are trying to use the same internet-based technology for social networking and digital scrap-booking, and use this same technology to control power stations and satellites. Not that long ago, critical systems—space systems, power grid, water systems, nuclear power plants, dams—had their own proprietary technologies that were used to control them, but many of these have been replaced these with internet-based technologies as a cost-savings measure. The consequence is that as a result, now nearly everything can be attacked via the internet.
a truly secure internet is not in the common interest of freedom, nor in the interest of software producers—a curious statement, but one that is true. As more of our lives move into the cyber realm, for everything from banking to dating, a truly secure internet would be the same as installing CCTV cameras on every street and inside every home. Privacy is one of the cornerstones of freedom and civil liberty, and a truly secure internet would bring about an end to privacy, and thus an end to freedom—at least in the sense that we understand it today.
This backdoor into software is a huge security flaw—one that companies purposely build into their products—and is one that has been regularly exploited by hackers.
we use the same internet-based technology to support both the private lives of individuals and operate critical infrastructure,
until the general public really sees cybersecurity as a threat, many of the fixable problems will not be addressed, such as setting international prohibitions on cyberespionage—making them comparable in severity to physical incursions into the physical sovereign space of a nation-state—or forcing software companies to get serious about secure coding practices and eliminating backdoors into their products.
In the cybersecurity world, the three things to protect are confidentiality (keeping something secret, and being able to verify this), availability, and integrity of data. Integrity is by far the hardest to protect and ensure. If a cyberattacker, for example, decided on a slow (over time) modification of data in a critical space junk database, they could influence moving satellites into harm’s way.
