More on this book
Community
Kindle Notes & Highlights
Administration was apparently unwilling to destroy Saddam Hussein’s financial assets by cracking into the networks of banks in Iraq and other countries. The capability to do so existed, but government lawyers feared that raiding bank accounts would be seen by other nations as a violation of international law, and viewed as a precedent.
under U.S. law (Title 10) the agency is restricted to collecting information and prohibited from war-fighting. Therefore it will have to be military personnel under Title 50 that enter the keystrokes to take down enemy systems.
As part of the deal with Microsoft, the Chinese modified the version sold in their country to introduce a secure component using their own encryption. Hedging their bets, they also developed their own operating system, called Kylin, modeled on the stable open source system known as Free BSD. Kylin was approved by the People’s Liberation Army for use on their systems.
In the southern city of Voronezh, FAPSI, as many Russians still call it, runs what might be the largest (and certainly one of the best) hacker schools in the world. By now, of course, they are probably calling themselves cyber warriors.
But unlike with nuclear weapons, where an attacker may be deterred by the promise of retaliation or by the radioactive blow-back on his own country, launching a cyber attack may run fewer risks. In cyber war, we may never even know what hit us. Indeed, it may give little solace to Americans shivering without power to know that the United States may be about to retaliate in kind.
Originally “hacker” meant just somebody who could write instructions in the code that is the language of computers to get them to do new things. When they do something like going where they are not authorized, hackers become cyber criminals. When they work for the U.S. military, we call them cyber warriors.
The packets have labels with a “to” and “from” address, and BGP is the postal worker that decides what sorting station the packet goes to next. BGP also does the job of establishing “peer” relationships between two routers on two different networks.
knew. Public knowledge of a “bug” in software would probably mean two things: (1) most sensitive networks would stop using the software until it got fixed, and (2) the software manufacturer would be shamed into fixing it, or pressured to do so by its paying customers, such as banks and the Pentagon.
RSA is very corporate. Black hat is a lot more fun.
Open source had a number of advantages for the Pentagon. First, Pentagon programmers and defense contractors could customize the software to make it operate the way they wanted. They could slice and dice the code to eliminate parts of the operating system that they did not need and that could introduce bugs into the system. Second, after reducing the size of the operating system, they could then run what the software industry refers to as “tools” on the remaining lines of code to try and identify bugs, malicious code, and other vulnerabilities.
U.S. Cyber Command also has a defensive mission, to defend the Department of Defense. Who defends the rest? As it stands now, the Department of Homeland Security defends the non-DoD part of the federal government. The rest of us are on our own. There is no federal agency that has the mission to defend the banking system, the transportation networks, or the power grid from cyber attack.
“Can you imagine if in 1958 the Pentagon told U.S. Steel and General Motors to go buy their own Nike missiles to protect themselves? That’s in effect what the Obama Administration is saying to industry today.”
“We want to go in and knock them out in the first round,” he said. This is reminiscent of another Air Force general, Curtis LeMay, who in the 1950s, as commander of Strategic Air Command, explained to RAND Corporation analysts that his bombers would not be destroyed on the ground by a Soviet attack because “we’re going first.”
We don’t let car manufacturers sell cars without seat belts, and in most states we don’t let people drive cars unless they are wearing them. The same logic should apply on the Internet, because poor computer security by an individual creates a national security problem for us all.
The easiest thing a nation-state cyber attacker could do today to have a major impact on the U.S. would be to shut down sections of the Eastern or Western Interconnects, the two big grids that cover the U.S. and Canada. (Texas has its own, third, grid).
As discussed earlier, China is very familiar with the routers. Most of them are made by the U.S. firm Cisco, but made in China.
The most difficult part of finishing the war usually turned out to be finding who was still alive and in control of the military on the other side. What survivor was in command of Soviet forces, and how do we talk to him without either of us revealing our hidden locations? Part of the problem that the game controllers deviously planned for us sometimes was that the guy with whom we were negotiating war termination did not actually have control over some element of the surviving Soviet force, for instance, their nuclear missile submarines. What we learned from these unpleasant experiences was
...more
And, as one Wall Street CEO told me, “It is confidence in the data, not the gold bullion in the basement of the New York Fed, that makes the world financial markets work.”
(I am reminded of Hegel’s dictum that “the owl of Minerva always flies at dusk,” meaning that wisdom comes too late.)
“Software.” Ed Amoroso sees more security issues in a day than most computer security specialists see in a year. He has written four books on the subject and teaches an engineering course on cyber security. “Software is most of the problem. We have to find a way to write software which has many fewer errors and which is more secure. That’s where the government should be funding R&D.”
but it should be possible gradually to develop an artificial intelligence program that could respond to requests to write software. The artificial code writer could compete with famous software designers, much as IBM’s Big Blue played against human chess masters. Drawing on the open source movement, it could be possible to get the world’s experts to contribute to the process.
October 2009, DARPA granted a contract to a consortium including defense contractor Lockheed and router manufacturer Juniper Networks to design a new basic protocol for the Internet.
If the new nets were “packet switched,” as the Internet is now, the user’s authenticated identity could be embedded in each packet.
