Research on Cyber Warfare

Re: Research on Cyber Warfare

An EMP is not a pinch.. it would cause economic collapse, world market shutdown for a while, and (it is estimated) the loss of several ten to hundred million lives. I think the report said imagine life in the USA in the 1920s and 30s. That's the population we could support with minimal infrastructure.

That sounds a little doomsday to me, but honestly the more you look into EMP the more you realize no one knows for sure, just that electronics are more complicate and sensitive than the tubes and basics when the Starfish(prime) test happened. The groups that have the test facilities aren't writing about it.

Re: Research on Cyber Warfare

Hah, sorry, I was half asleep when I posted...I know overall it would cause all sorts of problems, but comparing that to a nuke...in that context it would make the EMP not look so bad. I'd still hope that nobody resorts to using either.

Re: Research on Cyber Warfare

I think the writers of Ocean's Eleven would beg to differ.

Re: Research on Cyber Warfare

Lol I'd forgotten about that movie...

Re: Research on Cyber Warfare

As promised, I have made a more organized list of the resources that I've gathered so far. Of course not all of them will be used for the paper, but some provide insight or a different perspective of things. Thanks a bunch! - you guys have been a big help, and if you run across anymore sources, especially newer stuff, please let me know. I may still need some advice here and there as the paper develops.

The list is located here: http://web.mac.com/agentdarkapple/Ag...r_Warfare.html


Also, I was going to throw a few titles out there and see what you guys think. I know some of you think "cyberwarfare" is cliche, but I've found out that my professor actually seems to like the term. I'm trying to find the most relevant title that also appeals to her interest (hey, I want a good grade). Background on her - female, doctorate in Information Systems and Communication, works in law enforcement (cyber crimes, computer forensics, etc.). Here are my ideas, feel free to criticize or add to...

Cyberwarfare: A Threat for the Future

Cyberwarfare: When Information Warfare meets Technology

Network-centric Warfare and the threat of Cyber Terrorism

InfoWars 2.0: The Threat of Cyberwarfare in the 21st Century

Keyboards and Conquests (I hope this one doesn't sound too WoW-ish lol)

Digital Destruction: The Impending Threat of Cyberwarfare

Re: Research on Cyber Warfare

Number 2 or Number 5 if you must go with something cyberwarefarish. The rest smack of some CNN scary wary type 5 minute sound bite. Cyberware as you seem to define it is already here so number 1, 3, 4, are out. It's a reality. Just my opinion since you asked. YMMV.

Regards,

valkyrie
________________________________________________
sapere aude

Re: Research on Cyber Warfare

My reaction to anything with "cyber" in the title, is that it's 100% pure fertilizer, directly out of the south end of a northbound male bovine. It's a real red flag for me. That may be different in the academic world, but my experience is that 99% of the people who to use it are the kind of moron who thinks that they know how to control/legislate this stuff, but can barely get Windows to boot on a brand new PC. Plus, most don't know that "cyber" is short for cybernetics, have never heard of Norbert Wiener, or read any of his seminal work.

Re: Research on Cyber Warfare

Slashdot has an interesting post right now about radiation overdoses from CT scanners due to software errors.

http://science.slashdot.org/story/09...ation-Overdose

This led me to the link about the Therac-25 overdoses in the late 80's.

http://courses.cs.vt.edu/cs3604/lib/.../Therac_1.html

This made me think of this thread and to highlight that bad things can happen even without out outside malicious intent. You'd be hard pressed to notice a difference.

As I said before, my main worry is when these sorts of things are built to be networked and designed by people not thinking about security (anyone who asks the question 'why would anyone want to hack it? rhetorically should be shot on sight). Where this fits into 'cyber warfare' is the question of culpability. Why in the hell are we building anything that makes it easy to take over remotely? There is a prevailing attitude that you are not responsible if someone attacks you, even if you did something really stupid to enable it to happen.

It's not a question of warfare, it's a matter of responsibility. If you could actually hold someone responsible for the security of the products they sell, you'd have alot fewer crappy products on the market. Arguably that would slow innovation, but I think we can all agree that technology has surpassed societies ability to cope with it and needs time to catch up.

Several red bulls were harmed in the making of this post.

Re: Research on Cyber Warfare

To see an example of this, you only need to look in the news from a month or so ago about that hospital security guard that was installing nasty things on hospital computers. He claimed to have control of the hospital's HVAC system because it was tied into the main network.

Many times when networks are setup, they're setup to keep the nasties out, but what if the nasties are already inside the network and they're 'trusted' employees?

Re: Research on Cyber Warfare

I so wanted to bite my tongue, however, I seem to have tourette's syndrome. I tried to be nice, I tried to be supportive. This is so not going to work.

DarkApple person thingy: Everything you have posted indicates you are a tool and NOT a free thinker, to wit:

"Also, I was going to throw a few titles out there and see what you guys think. I know some of you think "cyberwarfare" is cliche, but I've found out that my professor actually seems to like the term. I'm trying to find the most relevant title that also appeals to her interest (hey, I want a good grade). Background on her - female, doctorate in Information Systems and Communication, works in law enforcement (cyber crimes, computer forensics, etc.). Here are my ideas, feel free to criticize or add to..."

So, you want a good grade so you are going to go with the flow. More power to you. Not that you would? Just don't come looking me up at DefCon, eh? I really don't get along well with panderers.

Thorn: the OP doesn't appear to care about thinking freely, the OP cares about a "good grade."

Renderman: agreed. However, one cannot hold one responsible for their products efficacy because we all agree that "security" is nebulous. That's one of the dirty little secrets in our industry.

Streaker69: I have been talking about this one for several years. There really is nothing wrong with role-based lock down in the enterprise. Unfortunately, it is like mating elephants. It's done with lots of yelling and screaming and takes about two years to get results. Which is why many orgs wish to rant about the nebulous threat "outside" while ignoring the real threat "inside."

My, I AM cranky today!

Regards,

valkyrie
___________________________________
sapere aude

Re: Research on Cyber Warfare

Have you heard of the Red Flag program from the FTC? That's what we're currently working on, yes, I know, it has to be completed by November 30th. But hey, I gave the information out to our management when it first hit the news and they chose to not even bother addressing it until September of this year.

Your statement of "mating elephants" is about right when it comes to dealing with these things. I've been saying since I started that we need to do more not only with network security, which I've made steady improvements on and continue to do so, but we need to focus on physical security as well. So far, the attitude is since we haven't had a problem, let's ignore the issues until something bad does happen and then we'll scramble to fix it.

I've talked with Thorn about one big issue that I found, I think he was fairly shocked by it.

Re: Research on Cyber Warfare

You shocked Thorn? I am impressed. :-)

Re: Research on Cyber Warfare

I think he was more shocked by the sheer stupidity of a third party.

Re: Research on Cyber Warfare

renderman, thanks! I was going to focus on such vulnerabilities in parts II & III then talk about human error in part IV.

I was able to read more from my sources today. I’m still working on the outline, but it is going to go something like:

Intro, definitions. (From what I’ve learned here and from reading some Schneier and Schwartau, I am actually going to mention that cyberwarfare is a bit of a hokey, all-encompassing term that the govt and military love but that experts hate. And that the use of technology in information warfare, cyber crime and cyber terror, and things like robotics somehow just get lumped together in one term for the benefit of the public).

Info warfare and how it is both beneficial and dangerous to use computers and electronics for sensitive information, particularly in warfare

Examples of what could happen or what did happen (cyber crimes used as an act of war, cyber terror, Russia & Georgia, etc.)

Then comes the big THEREFORE...applicable war theories (Sun Tzu, Boyd, Clausewitz), application of information security and information assurance principles, CIA triangle, why none of this is foolproof

V. Speculation and opinion section, conclusion

Thorn, now I’m fully aware that using “cyberwarfare” doesn’t really cut it around here. Unfortunately, the term is being pushed in some of my classes. Which makes me think a couple of my professors need to look beyond the textbooks and academic articles -that’s exactly what I am trying to do by asking for advice here :)

valkyrie, thanks for the input on the title, and the book you suggested earlier has proven to be helpful. I can assure you I am NOT a tool or panderer. I could care less what anybody THINKS, and I am far from being a people pleaser. The only reason I care so much about whether or not the teacher likes the title is because chicks often take things at face value. Whether or not she likes the title will set her mood while grading my paper. If she’s having a PMS week and is a tough grader or doesn’t agree with my perspective, she might still think “Ah, but the title was catchy, so she still gets an A.” I have had finicky professors like that in the past, both male and female. I need to do well in her class particularly, because she teaches at least two other courses that I must take. In other words, this woman could make my life a living hell if she were so inclined. And the reason I care about input here in the forums is that I know some of you guys aren’t just telling me what you THINK but what you KNOW - and it’s a heck of a lot more than I’m going to learn just by taking a class. I’m the first to admit that I’m the researcher, not the expert. I’m up for learning whatever you guys can teach me.

Re: Research on Cyber Warfare

Duck & cover

xor