More on this book
Community
Kindle Notes & Highlights
Read between
July 23 - August 14, 2019
All told, the initial five nuclear-weapons states detonated over 2,300 weapons above and below the surface.
many sophisticated cyber attack techniques may be similar to the cryptologist’s “onetime pad” in that they are designed for use only once.
In recent years, the Pentagon has taken the view that if it conducts some kind of covert action, well, that’s just preparation of the battlefield and no one needs to know.
In the real world, my own attempts to have NSA hack into banks to find and steal al Qaeda’s funds were repeatedly blocked by the leadership of the U.S. Treasury Department in the Clinton Administration.
Hacking into the flight controls of an aircraft in flight is probably also becoming more feasible.
plans for the new 787 Dreamliner called for the flight control system and the elaborate interactive passenger-entertainment system to use the same computer network.
The airlines, like so many other huge business systems, no longer have manual backup systems that are sufficient to create even minimal operations.
What we learned from these unpleasant experiences was that if we eliminate the opponent’s command and control system, then he has no way to tell his forces to stop fighting.
you do have the option of “hack back,” breaking into the server and checking its records. Of course, that is illegal for U.S. citizens to do, unless they are U.S. intelligence officers.
The U.S. expects to see an attack coming and move quickly to blunt the cyber assault and destroy the attacker’s ability to try it again. The assumption about being able to see an attack coming may be invalid.
When the Chinese lost satellite communications, they had a backup radio network up in an hour. In short, China had not thrown out their old systems, and had a plan to use them.
The United States, almost single-handedly, is blocking arms control in cyberspace. Russia, somewhat ironically, is the leading advocate.
Whether or not you think reviewing our position on cyber arms limitations is a good policy may well depend upon what you think about arms control more broadly.
The U.S. is fairly scrupulous in its obedience of treaty limits to which it agrees. Many other nations are not.
we first need to ask whether this new form of combat gives the United States such an advantage over other nations that we would not wish to see international constraints. If we believe that we do enjoy such a unilateral advantage, and that it is likely to continue, then we should not ask the follow-on questions about what kinds of limits might be created, whether they could be verified, and so on.
few nations, and certainly none of our potential adversaries, have more of their essential national systems owned and operated by private enterprise companies.
The American political system of well-financed lobbying and largely unconstrained political campaign contributions has greatly empowered private industry groups, especially when it comes to avoiding meaningful federal regulation.
Insurgents in Iraq had used twenty-six-dollar software to monitor the video feeds of U.S. Predator drones through an unencrypted communications link.
I sat around the table for months with Soviet counterparts trying to define something as simple as “military personnel.”
Chinese cyber espionage and intellectual property war may swing the balance of power in the world away from America. We need to make protecting this information a much higher priority,
An arms control agreement limiting cyber espionage is not clearly in our interest, might be violated regularly by other nations, and would pose significant compliance-enforcement problems.
as one Wall Street CEO told me, “It is confidence in the data, not the gold bullion in the basement of the New York Fed, that makes the world financial markets work.”
It apparently came as a shock to European financial institutions in 2006 that the U.S., seeking to track terrorist funds, may have been covertly monitoring the international financial transactions of the SWIFT bank-clearing system.)
One way to address the attribution problem is to shift the burden from the investigator and accuser to the nation in which the attack software was launched.
“If a hacker in St. Petersburg tried to break into the Kremlin system, that hacker could count the remaining hours of his life on one hand.”
broad definitions of cyber warfare, such as those that include espionage, are not verifiable and are not in our interest as a nation.
what will the Commander-in-Chief do? Perhaps he will appoint a commission to investigate what went wrong. That commission will read the work of another commission, one appointed by Bill Clinton in 1996, and be astonished to learn that this disaster was foreseen back then.
General Ken Minihan has been promoting the idea of an Eligible Receiver–type war game for the private sector. “We could scare the pants off them, the way we did for the President in ’97.”
the National Security Agency must not be given the mission of protecting domestic U.S. cyber networks.
SALT and its follow-on Strategic Arms Reduction Treaty (START) not only accepted intelligence collection as an inevitability, they relied upon it and called for “noninterference” with it.
We have to do a better job of finding the errors and vulnerabilities in existing software, which is a matter of testing in various ways. But at the same time we need to find a process for writing new applications and operating systems from scratch with close to zero defects.
