Archive for Wednesday, February 13, 2013

Opinion: Cyberattack is a real threat

February 13, 2013


The last few weeks have seen an increasing number of articles in the media about the dangers of cyberwar. In part, this increase in the volume may be due to the current confirmation hearings in Congress for the new director of the Central Intelligence Agency and, in part, because of a recent major conference on cybersecurity, the S4, held in Miami. But the truth is that the danger is all too real, as is the perception that the United States is not prepared for what appears to be inevitable: a major cyberattack on American interests.

In fact, such attacks are going on every day. Last fall, two United States power-generating stations were targets of a computer virus that affected turbine operation and required temporary shutdowns. Recently, the New York Times ran a series of articles detailing how it had been the target of a sophisticated long-term attack designed to steal data from the company’s computers. The Times attributed the attack to China.

Just a few weeks ago, a new virus was discovered to be infecting more than 500,000 Macintosh computers, once thought to be virtually impervious to such attacks. This virus was designed to steal financial data from computers. Apparently, this virus is now spreading to PCs as well. It is incorrect to say that the United States may come under cyberattacks in the future. The future is already here.

As troubling as attacks on individual computers may be, attacks on computers that operate critical infrastructure are far more dangerous. Several years ago the U.S. government went to great lengths to suppress a scholarly paper that described how a cyberattack could bring down the American electrical grid. But this hardly has prevented such knowledge from spreading worldwide. Properly orchestrated attacks on American computers could bring electricity production to a halt. Similarly, attacks could wreak havoc with our transportation systems, water delivery systems, even traffic controls. There are very few critical infrastructure components that are not computer controlled and, therefore, at risk of cyberattack.

The good news is that the Pentagon has established a new “Cyber Command” and has recently indicated that it will substantially increase the size of this command. But the military alone cannot solve our national cybersecurity problems. Virtually all of our critical infrastructure, financial institutions and transportation systems are privately owned. Unless these private corporations act now to protect their property from cyberattack, our risk of some catastrophe even caused by a hostile country or individuals increases each day.

— Mike Hoeflich, a distinguished professor in the Kansas University School of Law, writes a regular column for the Journal-World.


just_another_bozo_on_this_bus 1 year, 9 months ago

"The good news is that the Pentagon has established a new “Cyber Command” and has recently indicated that it will substantially increase the size of this command."

I heard a report the other day that there are both "offensive" and "defensive" specialists among the various cybersecurity units. The job of defensive specialists is to identify vulnerabilities to cyber attacks, and help software developers to close them. Offensive specialists look for these vulnerabilities, too, but so they conceal them so they can exploit them. In other words, our government is also engaged in cyber warfare. Maybe even against you.

jhawkinsf 1 year, 9 months ago

"Maybe even against you" - Maybe. Perhaps. I guess. And if I were a conspiracy theorist, I might conclude the answer to that would be yes. On the other hand, I was listening to NPR just a day or two ago and a US General was being interviewed. He described a situation where cyber attacks might be helpful. He said if aircraft was about to be used against a certain target, cyber attacks might be used to disable anti-aircraft missiles used by the other side.

So do I think the Pentagon is engaged in cyber warfare that might disable North Korea's long range missile program or do I think they're spying in on this conversation? Yes to North Korea. Maybe, perhaps, I guess it's possible to this conversation (but only when I wear my tin foil hat).

just_another_bozo_on_this_bus 1 year, 9 months ago

So, cyber warfare is fine, as long as it's the US military that's doing it. I have a feeling not all in the world will share that view. But you have a well-demonstrated fondness for double standards.

"(but only when I wear my tin foil hat)."

Is that tinfoil hat how you protect your willful ignorance?

jhawkinsf 1 year, 9 months ago

Sure, I'm fine with double standards. But I think if you're going to have double standards, you need to be willing to justify them. You do the same, though you're slow to admit as such. You believe in one rate of taxes for some and another for others. You then go on to justify your double standards. No different than I.

That aside, I was not calling for a double standard here. There have been reports, I'm certain you've seen them as well, of numerous countries conducting cyber warfare against other countries and against companies as well. At least here, I'm not advocating a double standard. Yes, the U.S. should be engaged in cyber warfare specifically because others are doing so as well. Given that, I hope we do it better than them, whomever they are.

just_another_bozo_on_this_bus 1 year, 9 months ago

"You believe in one rate of taxes for some and another for others."

Not at all. I believe the same rates should apply to everyone. Those rates should have a progressive structure that recognizes that income isn't distributed evenly or fairly (it's not supposed to be in a market economy) but they apply exactly the same to everyone.

jhawkinsf 1 year, 9 months ago

You're justifying your double standard while denying you have any double standard. And of course you're ignoring the original point, that many are engaged in cyber warfare, not just the U.S. So while I freely admit I have double standards at times, the only double standard here is my desire to see the U.S. do it better than everyone else.

bad_dog 1 year, 9 months ago

How can tax rates be the "same" for everyone, while having a "progressive" structure? Merely using the plural "rates" rather than the singular "rate" disputes your argument.

just_another_bozo_on_this_bus 1 year, 9 months ago

You're right-- those whose income is subject primarily to the capital gains tax aren't treated the same as those who are subject to the progressive income tax code on non-capital-gains income. That type of income should be treated like all other income.

Dave Greenbaum 1 year, 9 months ago

A few points of clarification

1) The virus the infected the power plants was "Stuxnet", believed to have been made by the US. It's a weaponized virus that was used against us, much like a weaponized biological virus. Once in the wild all are at risk.

2) Macs were never through to be "impervious" from attacks. Macs have always been at risk for viruses. While some may have believed that, some believed the world was flat. Experts know otherwise.

3) I'm not sure what virus was discovered "a few weeks" ago you are referring to unless your column has a year lead time. I assume you are referring to the Flashback Trojan that infected Macs and PCs due to a flaw in Java. That number of 550,000 was quoted by own vendor, Dr. Web, and was not verified by any independent sources. Dr. Web had a financial incentive to spread this unverified information.

If you are referring to the "zero day" exploit in which DHS advised disabling Java last month, no stats were given for the infection and Apple pushed out an update regarding this .

Professionally, I don't agree that it's the private corporations responsibility to protect themselves against attacks. These attacks are due to flaws in products made by corporations such as Adobe, Microsoft and Sun. Once they become at lease partially liable for flaws in the products they produce I expect a dramatic shift in cybersecurity.

Moreover, many of these threats have a financial component in which consumers are tricked into purchasing fact products or have the computer held at ransom. If banks would refuse to process transactions from known criminal source,d the financial backing for these enterprises would dry up significantly.

Thanks for the article and your point is well taken.

oldbaldguy 1 year, 9 months ago

Having been around some compartmented programs, I can assure you DOD is up to its eyeballs in cyber warfare and it should be. We need to harden our infrastructure from attack. The Dean is right.

Commenting has been disabled for this item.