"...The Pentagon revealed an unclassified version of its 'Strategy for Operating in Cyberspace.' And despite a drumbeat of scare talk and digital sabre-rattling in Washington, the document takes a measured, reasonable approach - focusing on good network hygiene and data-sharing, rather than bombing hackers into submission...."I've put longer excerpts at the end of this post.1
(Noah Shachtman, Danger Room, Wired (July 14, 2011)
I've also archived a copy of that unclassified document ("DoD Strategy for Operating in Cyberspace (DSOC)" (Department of Defense (July 14, 2011)), along with the text of their news release.2
"Digital Sabre-Rattling?"
I'm not sure if what the vice chairman of the Joint Chiefs of Staff had to say is part of that "drumbeat of scare talk and digital sabre-rattling in Washington" cited by Mr. Shachtman. General Cartwright's attitude certainly isn't a sort of nice, deferential, conciliatory posture toward folks who want to kill Americans."...'For the Department of Defense, our networks are really our lifeblood,' Marine Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, told reporters in an interview prior to Lynn's release of the new strategy....
"...'If it's OK to attack me and I'm not going to do anything other than improve my defenses every time you attack me, it's difficult' to stop that cycle, Cartwright said. 'There is no penalty for attacking (the U.S.) right now.' He added that a number of complex legal and cultural issues need to be sorted out before the Pentagon can devise a comprehensive offensive strategy.
"In response to an audience member's question after his speech, Lynn the White House could be expected to consider using military force in response to a cyberattack 'if there is massive damage, massive human losses, significant economic damage.'..."
(Associated Press, via FoxNews.com).3
Hack Attack: What's the Big Deal?
So far, major hack attacks on American targets have been - rather intellectual. Information has been stolen, folks have found it difficult to use a few online resources, and that's about it.Even the personal data that's been stolen hasn't been all that serious. Sure, credit card numbers, email addresses, and financial records that were supposed to be personal, private, and not in the hands of whoever some anonymous hacker sold them to, went missing. But we're told that it's okay.
Since there apparently hasn't been a massive wave of identify theft, maybe those reassurances are true.
I certainly hope that's the case.
Sooner or later, though, someone's likely to try taking down the North American power grid. Some folks in China did a serious study of how that could be accomplished. Last year we were told that it's okay, though: the study was purely theoretical. Or maybe a big misunderstanding. Or something. That may be true. (March 20, 2010)
Major Blackout: What to Expect
Let's see what would happen if someone did decide to pull the plug on large parts of North America. Here's a sample of what we could expect:"Stay safe during West Mich.'s heat wave"
Kyle Underwood, WOOD TV8 (July 15, 2011)
"...More Americans suffer heat-related deaths each year than from any other weather disaster. Many heat-caused fatalities are elderly folks who do not have access to air conditioning or a cooling center. Heat stroke and dehydration are also far more likely during heat waves...."
"Memphis man, 72, becomes third victim of summer heat"
Jody Callahan, The Commercial Appeal (Memphis, Tennessee) (July 14, 2011)
"A 72-year-old man succumbed to the high temperatures Wednesday, becoming the third heat-related death so far this summer in the Memphis area, officials said today...."
"Heat blamed in five Alabama deaths since May"
Associated Press, via The Gadsden Times (July 14, 2011
"At least five deaths are being blamed on the hot weather in Alabama, and health officials said Thursday they fear the number could climb as temperatures soar...."
"Second heat-related death in St. Louis"
STLtoday.com (July 14, 2011)
"An 80-year-old woman whose air conditioner wasn't working properly became the city's second heat-related death this year, officials said Thursday...."
"With many hot days to come, suspected heat deaths hit nine"
Alan Bavley, The Kansas City Star (July 13, 2011 )
"With most of the summer still ahead, and a dangerously hot weekend in the forecast, the Kansas City area on Wednesday added another possible heat-related death, bringing the year's total to nine...."
"A Drumbeat of Scare Talk?"
I don't think that some nation, or terrorist group, will hack into the systems that maintain North America's electrical power supply: Almost certainly not today. Or even this weekend. Probably not this month. Or even this year.Besides, six months from now, we wouldn't have to worry about not having power for air conditioners. Here in Minnesota, at least, it'd be power for heating systems that I'd be concerned about.
Maybe the power would come back on in a little less than 24 hours, like it did in the part of town where I live, after a storm went through recently. If that was the case, not many folks would die. Probably.
On the other hand, no power for days, weeks, maybe a month? During summer? Or winter? I'm pretty sure that quite a few folks would survive. Particularly those of us who are comparatively young, and healthy, and don't live in cities, and have access to basements. Or caves.
The rest of you? Well, maybe you'd survive. Or, maybe not.
Is recognizing that folks die when it gets too hot - or too cold - "a drumbeat of scare talk?" I'd say it depends on how the ideas are presented.
Me? I'm trying to point out that there really is a threat. And that some folks, like the lot that run Al Qaeda and the Taliban, don't seem to respond all that well to polite requests.
Related posts:
- "China and Google: 'Shut Up Or We'll Hurt You' "
(June 6, 2011) - "L-3 Communications, Grumman: Hack Attack"
(June 1, 2011) - "Pentagon's New(ish) Policy About Hack Attacks"
(May 31, 2011) - "China, Paper on How to Bring Down USA Power Grid: All a Big Misunderstanding?"
(March 20, 2010) - "Pentagon Computers Hacked - Joint Strike Fighter Project Data This Time"
(April 21, 2009)
- "Pentagon Makes Love, Not Cyber War, in New Strategy"
Noah Shachtman, Danger Room, Wired (July 14, 2011) - "Pentagon Discloses Largest-Ever Cyber Theft"
Associated Press, via FoxNews.com (July 14, 2011)
1Excerpts from yesterday's news and views:
"Pentagon Makes Love, Not Cyber War, in New Strategy"2Department of Defense News Release
Noah Shachtman, Danger Room, Wired (July 14, 2011)
"For one day, at least, you can call off the cyberwar. The Pentagon revealed an unclassified version of its 'Strategy for Operating in Cyberspace.' And despite a drumbeat of scare talk and digital sabre-rattling in Washington, the document takes a measured, reasonable approach - focusing on good network hygiene and data-sharing, rather than bombing hackers into submission.
"The question is whether this public summary conveys what's actually in the classified strategy, or reflects the real mood of the Department of Defense.
" 'DoD would like to be much more aggressive in what it says and how it acts,' says a source familiar with the development of the strategy. 'But that tendency to be aggressive has been reined in by the State Department, Treasury, and the White House, and not in an unreasonable way.'
"Listen to the talk inside the Washington Beltway - and especially within the Pentagon — and you'd think hackers were about to reach their hands through our computers, and strangle us all in our sleep....
"Pentagon Discloses Largest-Ever Cyber Theft"
Associated Press, via FoxNews.com (July 14, 2011)
"The Pentagon on Thursday revealed that in the spring it suffered one of its largest losses ever of sensitive data in a cyberattack by a foreign government. It's a dramatic example of why the military is pursuing a new strategy emphasizing deeper defenses of its computer networks, collaboration with private industry and new steps to stop "malicious insiders."
William Lynn, the deputy secretary of defense, said in a speech outlining the strategy that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. He offered no details about what was taken but in an interview before the speech he said the Pentagon believes the attacker was a foreign government. He didn't say which nation.
"We have a pretty good idea" who did it, Lynn said the interview. He would not elaborate.
Many cyberattacks in the past have been blamed on China or Russia. One of the Pentagon's fears is that eventually a terrorist group, with less at stake than a foreign government, will acquire the ability to not only penetrate U.S. computer networks to steal data but to attack them in ways that damage U.S. defenses or even cause deaths...."
IMMEDIATE RELEASE3Longer excerpt:
No. 608-11
July 14, 2011
"DOD Announces First Strategy for Operating in Cyberspace
"The Department of Defense released today the DoD Strategy for Operating in Cyberspace (DSOC). It is the first DoD unified strategy for cyberspace and officially encapsulates a new way forward for DoD's military, intelligence and business operations.
"'It is critical to strengthen our cyber capabilities to address the cyber threats we're facing,' said Secretary of Defense Leon E. Panetta. 'I view this as an area in which we're going to confront increasing threats in the future and think we have to be better prepared to deal with the growing cyber challenges that will face the nation.'
"Reliable access to cyberspace is critical to U.S. national security, public safety and economic well-being. Cyber threats continue to grow in scope and severity on a daily basis. More than 60,000 new malicious software programs or variations are identified every day threatening our security, our economy and our citizens.
"“The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,” said Deputy Secretary of Defense William J. Lynn III. 'Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity.'
"The DoD and other governmental agencies have taken steps to anticipate, mitigate and deter these threats. Last year, DoD established U.S. Cyber Command to direct the day-to-day activities that operate and defend DoD information networks. DoD also deepened and strengthened coordination with the Department of Homeland Security to secure critical networks as evidenced by the recent DoD-DHS Memorandum of Agreement.
" 'Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial,' said Lynn. 'Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.' "
"...'For the Department of Defense, our networks are really our lifeblood,' Marine Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, told reporters in an interview prior to Lynn's release of the new strategy....
"...Lynn said intrusions in the last few years have compromised some of the Pentagon's most sensitive systems, including surveillance technologies and satellite communications systems. Penetrations of defense industry networks have targeted a wide swath of military hardware, including missile tracking systems and drone aircraft, he said.
"In Cartwright's view, a largely defensive approach to the problem is inadequate. He said the Pentagon currently is focused 90 percent on defensive measures and 10 percent on offense; the balance should be the reverse, he said. For the federal government as a whole, a 50-50 split would be about right, Cartwright argued.
" 'If it's OK to attack me and I'm not going to do anything other than improve my defenses every time you attack me, it's difficult' to stop that cycle, Cartwright said. 'There is no penalty for attacking (the U.S.) right now.' He added that a number of complex legal and cultural issues need to be sorted out before the Pentagon can devise a comprehensive offensive strategy.
"In response to an audience member's question after his speech, Lynn the White House could be expected to consider using military force in response to a cyberattack 'if there is massive damage, massive human losses, significant economic damage.'..."
(Associated Press, via FoxNews.com)
No comments:
Post a Comment