[Pops]

So this is on my nightstand
Cyber War by Richard Clark.
http://www.amazon.com/Cyber-War-Threat- ... 0061962244

Mostly the run of the mill doom, except real.

$this->bbcode_second_pass_quote('', 'D')aily Beast, 03.18.15
China Reveals Its Cyberwar Secrets
In an extraordinary official document, Beijing admits it has special units to wage cyberwar—and a lot of them. Is anybody safe?
A high-level Chinese military organization has for the first time formally acknowledged that the country’s military and its intelligence community have specialized units for waging war on computer networks.

China’s hacking exploits, particularly those aimed at stealing trade secrets from U.S. companies, have been well known for years, and a source of constant tension between Washington and Beijing. But Chinese officials have routinely dismissed allegations that they spy on American corporations or have the ability to damage critical infrastructure, such as electrical power grids and gas pipelines, via cyber attacks.

Now it appears that China has dropped the charade. “This is the first time we’ve seen an explicit acknowledgement of the existence of China’s secretive cyber-warfare forces from the Chinese side,” says Joe McReynolds, who researches the country’s network warfare strategy, doctrine, and capabilities at the Center for Intelligence Research and Analysis.

[AgentR11]

That would depend on if we have plans for a color revolution in Hong Kong or Beijing. If we don't; then I wouldn't worry too much about it; it'll likely always be commercial stuff they are after. We're a huge customer; you don't go break your customers ability to buy stuff from you, though you might like to know lots of their nifty secrets before anyone else.

[vox_mundi]

Relax. Drug resistant bacteria or virus will probably get yah. Of course, the Chinese can do almost everything we can do.

Cyber Commander Expects Damaging Critical Infrastructure Attack

$this->bbcode_second_pass_quote('', 'A')dm. Michael Rogers, USN, who leads both the National Security Agency and U.S. Cyber Command, predicts a damaging attack to critical infrastructure networks within the coming years. If an attack happens, the agency and Cyber Command will coordinate a response along with other government agencies and potentially the private sector organizations that own many of the networks.

Critical infrastructure is the backbone of the nation’s economy, security and health, according to the Department of Homeland Security (DHS). It includes the systems and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, the economy or national public health or safety. It also includes broadband and wireless networks and the massive power and communications grids.

“I fully expect that in my time as commander, someone—whether it’s a nation-state, group or individual—will attempt to engage in destructive activity against one of those, if not more than one,” Adm. Rogers says.

[davep]

I really hate the term "cyber-war". When the Five Eyes do it, it's "bulk collection" or "targeted operations", when the Chinese do it it's "cyber-war".

It's hacking/surveillance etc. Not war. And the NSA "Equation Group" has been operating for at least 14 years and are the most capable in the world, so if we're going to be using the term, who are the cyber-warmongers?

[Pops]

$this->bbcode_second_pass_quote('davep', 'I') really hate the term "cyber-war". When the Five Eyes do it, it's "bulk collection" or "targeted operations", when the Chinese do it it's "cyber-war".

It's hacking/surveillance etc. Not war.

[davep]

$this->bbcode_second_pass_quote('Pops', '')$this->bbcode_second_pass_quote('davep', 'I') really hate the term "cyber-war". When the Five Eyes do it, it's "bulk collection" or "targeted operations", when the Chinese do it it's "cyber-war".

It's hacking/surveillance etc. Not war.

[Pops]

I don't give a rats ass who "started" it, this ain't some playground shoving match. If it makes you feel better to self flagellate then more power to ya.

My question is how likely is an attack on MY infrastructure?

[vox_mundi]

$this->bbcode_second_pass_quote('Pops', 'I') don't give a rats ass who "started" it, this ain't some playground shoving match. If it makes you feel better to self flagellate then more power to ya.

My question is how likely is an attack on MY infrastructure?

[Pops]

$this->bbcode_second_pass_quote('vox_mundi', 'D')efine "MY infrastructure", are we talking your power grid, or do you want a pipeline blown up or NO water or power for 10-20 Million people. Or crashing the port computers at Houston, Newark, and Long Beach. Or airline radar coverage. It's a target rich environment.

[davep]

I think ICS (Industrial control systems)/SCADA (supervisory control and data acquisition) systems may be the computer-based infrastructure the most likely to be at risk. A few examples http://www.computerworld.com/article/2475789/cybercrime-hacking/hackers-exploit-scada-holes-to-take-full-control-of-critical-infrastructure.html

[MD]

$this->bbcode_second_pass_quote('davep', 'I') think ICS (Industrial control systems)/SCADA (supervisory control and data acquisition) systems may be the computer-based infrastructure the most likely to be at risk. A few examples http://www.computerworld.com/article/2475789/cybercrime-hacking/hackers-exploit-scada-holes-to-take-full-control-of-critical-infrastructure.html

[davep]

$this->bbcode_second_pass_quote('', 'O')ne solution is to keep the control networks stand-alone except for one interconnect that has to be manually turned on when needed, and is turned off when service is complete. But that still doesn't stop malicious code from being inserted while the service is being done.

[davep]

Latest Snowden info on Canadian capabilities http://www.cbc.ca/news/canada/communication-security-establishment-s-cyberwarfare-toolbox-revealed-1.3002978

Including:

*destroying infrastructure, which could include electricity, transportation or banking systems;

*creating unrest by using false-flags — ie. making a target think another country conducted the operation;

*disrupting online traffic by such techniques as deleting emails, freezing internet connections, blocking websites and redirecting wire money transfers.

[Pops]

I'll take number 2, Dave. The thing that makes cyber seem a threat to me is the possibility that an attack could be untraceable, that would make it the ultimate asymmetric attack, and completely nullify superior military strength and nuke deterrence.

(Although I'm not all that convinced of our superior strength, merely our superior spending; but that's another thread)

[davep]

People in the InfoSec community have decided on the best method of attribution http://cyberattribution.com/#!/Dice/c/12550174/offset=0&sort=normal

[Pops]

LOL

Sorta. DPRK would have surprised me except the book (Cyber War) mentioned their iinterest.

This is from a few months ago, in relation to their involvement (or not) in the Sony hack
http://www.thedailybeast.com/articles/2 ... legal.html

[vox_mundi]

No. 1 vulnerability of crypto-security is the USER, 2nd passphrases, 3rd overconfidence, 4th trust in the (hardware/software) producer, 5th believing backdoors are No. 1

And little deeper into the rabbit hole ...

$this->bbcode_second_pass_quote('', 'M')ass surveillance is about control. It’s promulgators may well claim, and even believe, that it is about control for the greater good, a control that is needed to keep a cap on disorder, to be fully vigilant to the next threat. But in a context of rampant political corruption, widening economic inequalities, and escalating resource stress due to climate change and energy volatility, mass surveillance can become a tool of power to merely perpetuate itself, at the public’s expense.

A major function of mass surveillance that is often overlooked is that of knowing the adversary to such an extent that they can be manipulated into defeat. The problem is that the adversary is not just terrorists. It’s you and me. To this day, the role of information warfare as propaganda has been in full swing, though systematically ignored by much of the media.

[vox_mundi]

Relax, they have us covered ...

House unveils cyber bill and signals bipartisan compromise

$this->bbcode_second_pass_quote('', 'H')ouse intelligence committee leaders unveiled a bipartisan cybersecurity bill Tuesday amid signs of broad agreement on long-sought legislation that would allow private companies to share with the government details of how they are hacked, without fear of being sued.

The House bill would grant companies liability protection if they stripped out personal information from the data and shared it in real time through a civilian portal, most likely run by the Department of Homeland Security.

Similar efforts have foundered in previous years over concerns by privacy groups that personal information held by companies would end up in the hands of the National Security Agency, the digital spying agency that is the country's foremost repository of cyber expertise. The House bill would allow the NSA to get the data, but not until it had been stripped of private information. (they lie - see below)

[Pops]

I saw something about this, didn't it also allow private companies to "counter attack" when they are attacked?