On Cyberwar Hype

Good article by Thomas Rid on the hype surrounding cyberwar. It's well worth reading.

And in a more academic paper, published in the RUSI Journal, Thomas Rid and Peter McBurney argue that cyber-weapons aren't all that destructive and that we've been misled by some bad metaphors.

Some fundamental questions on the use of force in cyberspace are still unanswered. Worse, they are still unexplored: What are cyber 'weapons' in the first place? How is weaponised code different from physical weaponry? What are the differences between various cyber-attack tools? And do the same dynamics and norms that govern the use of weapons on the conventional battlefield apply in cyberspace?

Cyber-weapons span a wide spectrum. That spectrum, we argue, reaches from generic but low-potential tools to specific but high-potential weaponry. To illustrate this polarity, we use a didactically helpful comparison. Low-potential 'cyber-weapons' resemble paintball guns: they may be mistaken for real weapons, are easily and commercially available, used by many to 'play,' and getting hit is highly visible -- but at closer inspection these 'weapons' will lose some of their threatening character. High-potential cyber-weapons could be compared with sophisticated fire-and-forget weapon systems such as modern anti-radiation missiles: they require specific target intelligence that is programmed into the weapon system itself, major investments for R&D, significant lead-time, and they open up entirely new tactics but also novel limitations. This distinction brings into relief a two-pronged hypothesis that stands in stark contrast to some of the debate's received wisdoms. Maximising the destructive potential of a cyber-weapon is likely to come with a double effect: it will significantly increase the resources, intelligence and time required to build and to deploy such weapons -- and more destructive potential will significantly decrease the number of targets, the risk of collateral damage and the coercive utility of cyber-weapons.

And from the conclusion:

Two findings contravene the debate's received wisdom. One insight concerns the dominance of the offence. Most weapons may be used defensively and offensively. But the information age, the argument goes since at least 1996, has 'offence-dominant attributes.' A 2011 Pentagon report on cyberspace again stressed 'the advantage currently enjoyed by the offense in cyberwarfare.' But when it comes to cyber-weapons, the offence has higher costs, a shorter shelf-life than the defence, and a very limited target set. All this drastically reduces the coercive utility of cyber-attacks. Any threat relies on the offender's credibility to attack, or to repeat a successful attack. Even if a potent cyber-weapon could be launched successfully once, it would be highly questionable if an attack, or even a salvo, could be repeated in order to achieve a political goal. At closer inspection cyber-weapons do not seem to favour the offence.

A second insight concerns the risk of electronic arms markets. One concern is that sophisticated malicious actors could resort to asymmetric methods, such as employing the services of criminal groups, rousing patriotic hackers, and potentially redeploying generic elements of known attack tools. Worse, more complex malware is likely to be structured in a modular fashion. Modular design could open up new business models for malware developers. In the car industry, for instance, modularity translates into a possibility of a more sophisticated division of labour. Competitors can work simultaneously on different parts of a more complex system. Modules could be sold on underground markets. But if our analysis is correct, potential arms markets pose a more limited risk: the highly specific target information and programming design needed for potent weapons is unlikely to be traded generically. To go back to our imperfect analogy: paintball pistols will continue to be commercially available, but probably not pre-programmed warheads of smart missiles.

The use of this weapon analogy points to a larger and dangerous problem: the militarisation of cyber-security. William J Lynn, the Pentagon's number two, responded to critics by pointing out that the Department of Defense would not 'militarise' cyberspace. 'Indeed,' Lynn wrote, 'establishing robust cyberdefenses no more militarizes cyberspace than having a navy militarizes the ocean.' Lynn may be right that the Pentagon is not militarising cyberspace -- but his agency is unwittingly militarising the ideas and concepts to analyse security in cyberspace. We hope that this article, by focusing not on war but on weapons, will help bring into relief the narrow limits and the distractive quality of most martial analogies.

Here's an article on the paper.

One final paper by Rid: "Cyber-War Will Not Take Place" (2012), Journal of Strategic Studies. I have not read it yet.

Posted on March 14, 2012 at 6:22 AM • 32 Comments

Comments

Peter AustinMarch 14, 2012 8:21 AM

Patents seem to be effective cyberwar weapons. See e.g. Oracle vs Google, Yahoo vs Facebook, Apple vs Android.

E.g. in the case of drug patents that block the availability of medicines in poorer countries, it is difficult to argue that they have not caused the loss of any hman lives.

bcsMarch 14, 2012 9:12 AM

Seems like a classic: trichotomy: "Potent, broad and affordable; pick two."

With enough resources (and luck) you can get the first two but I expect the cost would require "state sponsored" development and the shelf life of the result would be short and un-predictable.

paulMarch 14, 2012 9:55 AM

It seems to depend a lot on what you're willing to call "warfare" and what your victory conditions are. It could well be that cyberweapons aren't always a good fit for the kinds of actions that state actors like to categorize overtly as warfare.

llewellyMarch 14, 2012 10:08 AM

http://xkcd.com/932/

The material damage of "cyberattacks" is often overestimated.

On the other hand, if insecure SCADA systems remain widespread, that could change. But even there, it would seem an anti-SCADA attack which does something other than shutdown remote access to the site would need to be quite specific.

kashmarekMarch 14, 2012 10:25 AM

Monsato wrote the book on using patents and liability clauses in contracts against their customers.

karrdeMarch 14, 2012 10:52 AM

The analogy is pretty good.

Paintball guns vs. ARMs. (Or cruise missiles, Predator drones, Anti-Satellite Missiles, etc. Each is an expensive tool with specific capabilities.)

And @paul is right. The threat depends on the mission, the target, and the victory-conditions desired by the attacker. As well as peace-conditions (or conditions described as not-under-attack) seen by the defender.

One disturbing question is what the various DefCon levels are for the cyberspace realm. And how they will correlate to DefCon for the physical world...

JonasMarch 14, 2012 12:27 PM

the weapon analogy is wrong in the first place and of cause its inconsistent as the author says. so why does he come up with it then? to make it more appealing to government agencies?
cyber warfare is just a old fashioned intelligence operation. same rules apply plus the mentioned factors of modularity and repeatability (on similar targets or non-reacting targets).
look at the iranian nuclear programm - a one time weapon? thats called a project.

BrettMarch 14, 2012 12:27 PM

This discussion has been circulating for quite a while. Rid's article has been published and recycled for quite a while recently. I have commented on this at every publication I have found this article. There are several problems highlighted:
1 - WAR is defined, and we have a few hundred years of experience. Cyber war is undefined. Lump it with other useless terms like terrorism and homeland security.
2 - What is the goal, what is the attack and what is the result? with the grand exception of SCADA/ICS/smartmeter, there is no likely possible signficant attack. There is one probable example - the Iranian nuclear/Stuxnet
3 - Iran/Stuxnet is a perfect example of the need for extreme specialization in order to accomplish anything signficant. Also probably shows how any effective cyber weapon probably has a lifespan of One, much like 9/11 aircraft attacks will not likely every happen again.
4 - If we fear the cyber nefarious, then lets analyse and define. Nothing to date (exception above) is realistically a cyberwar.
5 - what we really have is cyberizations of crime/theft/bankrobbery, piracy, and/or espionage. even these can be performed by nation states
6 - If nation states really engage in cyberwar, they must declare it, wear cyber uniforms and carry cyber flags (call that 'attribution'; the nationally unattributed would be dumped in to #5)
7 - and since the internet is multinational/non-national everywhere (except maybe in PRC, Mayanma and Syria), then nations should be banned from cyber warfaring
8 - and since the internet is entirely civilian in nature (mil and gov have some assets, mostly gateways to their private domains), then cyberwar becomes crime against humanity (or use one of comparable terms)

jacobMarch 14, 2012 2:54 PM

@kryp3ia. Good summary of sorts. The article does give us some ways to analyze these types of attacks. I would submit it could be thought of in terms of human life or cost. Taking down the amazon site for 24hrs and adding others in the mix would have an economic cost. The Georgian invasion would be a actual case of cyberwar in order for actual tanks. Perhaps the Suxtnet worm will be another prelude to bombs.

Lulzsec? maybe. Anon? maybe. Jester? probably. Chinese espionage is probably costly. Crashing someone's web server probably not, unless it's the CIAs server..Now that's just asking for it.

There are efforts to define what cyberware really is. And the U.S. is adding cyber defense and offense as fast as they can hire them..It's a good time to be a geek....

Brandioch ConnerMarch 14, 2012 2:57 PM

@llewelly
"The material damage of "cyberattacks" is often overestimated."

It also, often, includes expenses that should already have been paid to provide basic computer security.

The same with the SCADA systems.
The same with ANY critical system like that.

The problem is that being sloppy about security is always less expensive and easier and quicker in the short term.

@n0nym0usMarch 14, 2012 3:02 PM

The cyber war is not over. Iran will take revenge from USA and Israel. Get ready for cyber attacks. Nobody can stop them. Why USA and Israel, had underestimated Iran? USA and Israel think that they are smart because of Stuxnet success. But, they forget one Islamic country i.e. Pakistan, the real threat to Israel (and USA too). USA and Israel cannot get access to computer systems within Kadeer Khan Research Laboratory network, which is based in city of Kahuta, Pakistan. Pakistani Software and Security Engineers who got education in foreign countries are working undercover around the world. Behind Stuxnet success, there was a secret plan of National Engineering and Scientific Commission (NESCOM), Pakistan. What was secret plan? We cannot disclose it. Why? Because information can go from a secret place to top secret place, but, not vice versa. Had you ever think, where is a Top Secret Place and where is a Secret Place? Who had provided Nuclear and Missile Technology to Iran? It is Pakistan. Think why Pakistani Software and Security Engineers were behind Stuxnet? Think Why Kadeer Khan Research Laboratory is not connected to Internet? Why employees of KRL are not allowed to bring mobile phones, USB memory stick and etc to their place of work? They already knew Security threats to KRL. Schneier, Israel and USA missile programme are under threat. Why? Because of above things i.e. employees are allowed to bring mobile phones and USB memory sticks etc to their place of work (i.e. within nuclear facilities and ...). Had you ever think, how new missile technology transfers? Technology do not transfer legally through proper channel, it is basically stolen. Stolen by whom? We think you now know who stole them and why they stole them. The main question is how they stole them? Poor Software and Security Engineering practices made it possible. Ever wonder how many Asian (Pakistani, Chinese and Russian) working for IT companies in USA alone? Had you ever thought why they are working in USA (thousand miles away from their families?). They are basically working undercover as civilians. Technically speaking, they are secret agents. These secret agents share vulnerabilities and weaknesses to secret agencies of their home countries. Those secret agencies within their home countries share those vulnerabilities and weaknesses to Top secret agency. The Top secret agency then decides what to do and give instructions to secret agents through their respective secret agencies. We would like to inform you that under new secret partnership between Iran and Pakistan, Pakistan (through KRL) will transfer long range missiles to Iran, which can reach every corner of Europe (i.e. every NATO allies in Europe). Furthermore, through another secret deal between Pakistan and China, China will transfer intercontinental missile technology to Pakistan, which can reach every corner of USA. The idea behind these secret deals is “If your country (USA and Israel) nuclear missiles can reach our country then our country missiles will reach your country”. Moreover, anti-missile shield technology of USA was no more a secret. Had you ever thought, who told Russians truth behind Anti-Missile shield, which were supposed to install in Poland. USA named Iran as a potential threat to Russia. But, unfortunately, the idea of selling missile shield was not worked. Russia smells attack through secret agents of a country. Who told Russian secret agency (KGB) that if Russia itself fire missile to protect its sovereignty, then the American missile shield will diffuse Russia’s missile? To cut story short, Cyber war is not over, instead, it is still ongoing. Those who think it is over are those who live in a fool’s world. Either, those fools want to make people fool by their blogs or they are part of a much bigger plan. “TIT FOR TAT”.

P.S. Hey Mr. Schneier (aka Security Guru), we read your book Cryptography Engineering and we are sorry to say that it was copy of Prof. Ross Anderson book (Security Engineering) .

jacobMarch 14, 2012 3:21 PM

A thought occurs to me though. We constantly criticize security practices and money not spent. The economy is based on a priniciple of "just in time". Until the cost becomes obvious, the money is not spent. We have used the Walmart scalability principle. Or as I have said for years, "the security industry is incident driven" Why spent a lot of money for a very low level of risk.

A CIO will not give a geek however much money he wants to protect against a 0 day attack he just read about or a proof of concept...Just a thought.

jacobMarch 14, 2012 3:26 PM

@nonymess, You disappointed me. I saw the long paragraph and thought "alright, Clive is saying something".

Brandioch ConnerMarch 14, 2012 3:42 PM

@jacob
"Or as I have said for years, "the security industry is incident driven" Why spent a lot of money for a very low level of risk."

What you are describing is the difference between "reactive" and "proactive".
I think you need to read more of Bruce's work. The TSA uses the "reactive" approach and it is ineffective and a waste of money.

jacobMarch 14, 2012 5:48 PM

@Brandioch. I actually agree with you. I just said it poorly. Proactive vs. reactive. Reactive usually wins. Businesses tend not to spend in order to prevent a possible but unlikely attack. What we need to communicate is that most proactive measures are not as expensive as cleaning up the mess later.

We have to state the case better. As Bruce would say, what is the value of what you are protecting? From whom are you trying to protect information from? There is a lot of information out there from Facebook, HIPA, the IRS and FBI computer systems they have been trying to really upgrade properly for years. etc.. But hey Obama has his blackberry.....

BTW, I am a very harsh critic of the TSA and security theator.

Locking down a system is the only alternative but the human element has to be accounted for. I read and put a great deal of stock in what Bruce says and writes among others.

Security is hard and easy, if that makes sense. I really disagree with the TSA measures as implimented as well as the rolling Homeland Security checkpoints. Just my thoughts and sorry I did not express myself very well. I may not have even in this text. ,smile.

GabrielMarch 15, 2012 3:33 AM

The paper from Rid in the JSS is excellent and makes a very persuasive case for why cyberwarfare will not occur, if only in the strict semantic sense of the concept. It makes great points regarding the nature of cyber attacks as sabotage and subterfuge as opposed to out-and-out warfare. I would strongly recommend it.

VlesMarch 15, 2012 3:39 AM

What are cyber 'weapons' in the first place? Like physical weapons, they lower morale and destroy your opponents social fabric.

All processes and human transactions are now being ICT-ed. Trust is being encapsulated by code. It can only be broken once. But the moment it is in transit, with enough skill, it can also be subverted, diverted, modified, denied, amplified. Trust can be spoofed. And the receiver made to believe anything. Receiver may be human or a computer node.

How is weaponised code different from physical weaponry?
It isn't. Both types eventually attack people with the same goal. It wrests control and the belief of control in your opponents production and financial infrastructre. (the capacity to wage war)
It damages your opponents reputation, it forces your opponents to question their own morality to the point of accepting the aggressors morality as superior. It's intent is to make your opponent feel and believe they are inferior and not capable of resisting. It's intent is for them to loose hope and give up.

Just an idea :o|

VlesMarch 15, 2012 4:46 AM

Maybe cyber-superiority is the new air-superiority.

Obviously its surpression techniques and sabotage only work on opponents whose military, production and financial systems are fully or partially computerised and against societies who are conditioned to trust these automated systems to the point of these individuals being paralyzed when they fail. After the industrial revolution, this age of information revolution and automation is the path most societies in this world are taking and why perhaps cyberwarfare is being touted as the new harbinger of doom.

In a world of ICT warfare I imagine you can drastically change the status quo by freezing all computerised processes and telecoms, causing humans to come out of their comfort zones and move in order to isolate and fix networked systems and have them patched. I can imagine this takes time. If you can simultaneously freeze their power plants, traffic control systems and production plants, infiltrate governmental agencies and banking institutions to block financial transactions to and from people, infiltrate news channels to post false information, mock leaders and jam and pin down military weapons, (destroy trust) all you need then is air-superiority and boots on the ground. You look for every possible way to mess with every aspect of their ability to resist you. It seems to me it makes sense to defend yourself against such incursions.

Of course, this is pure speculation, but I'm imagining this type of surpression would be a generals ultimate dream...it costs no lives.

CalumMarch 15, 2012 7:14 AM

It has always struck me that there is a simple, fundamental difference between "cyberwar" and "physical war". You can win a shooting war by producing more weapons and more soldiers than your opponent (and to a lesser extent, be good at putting them in the right place at the right time). You win a cyberwar by defeating your enemy's applied mathematics. If he got it right, though, you're stuck. If your enemy has a non-existent attack surface, you can't go to war with him.

Clive RobinsonMarch 15, 2012 7:50 AM

Lets look at this from a different perspective...

Firstly weapons: all conventional weapons of war and one of the three traditional WMD are energy weapons be they directed or not. The two non energy WMD are Chemical and Biological.

In all but one case (biological) the weapons are designed tested and importantly built by the enemy themselves requiring a very very significant input of resources.

Further those weapons are still loaded aimed and launched at the enemy by humans. Most weapons are either "personal" or deployed by a small detachment usually smaller than a squad. And importantly are of limited capability thus needing a large input of human resources conventionaly called an army / airforce / navy or "standing military" meaning they need to be well trained.

Rolling it backwards cyber attacks are usually launched by a single individual at a single point in space and time (an army of one). Importantly the attack does not use the enemies resources but that of the defenders. Thus the only weapon a cyber attack is even remotly close to is the traditional WMD of "biological".

Thus logic dictates we need to look at the defence against biological weapons as a model for defending against cyber attacks.

These include "quarantine", "issolation", "immunization", "strengthening immunity systems" and the acts of "triage" when resources are limited due to either the speed or imensity of the attack otherwise "antibacterial/viral" medication either to treat infection or prophylacticaly.

The analogs of which in Cyber Systems are all known to be very effective when managed correctly. The most important of which is "strengthening immunity systems" which we know the lack of is the major cause of cyber attack success in the first place. And although improving nearly all commodity OS's and by far the majority of applications are fundementaly immunocompromised beyond any kind of redemption hence their equivalent "infant mortality" rate.

And lets be honest if you exhibit very promiscuous behaviour without appropriate safe guards you realy should expect to die an early and unpleasent death. And lets be honest by far the majority of cyber activities are extreamly promiscous...

So we know what we need to do to either stop or seriously limit the effects of cyber attacks....

However there is one major difference between biological attacks and cyber attacks. We have yet to see a biological attack that has a synchronised clock. Cyber attacks can have a "timed payload" thus can be deployed well in advance to hit all places in such a short period of time the defenders have little or no opportunity to deploy the equivalent of emergency first reponders to control infection spread. Thus deffenders realy need to take very serious consideration of "issolation" and "triage". and where possible "hybrid vigour" as well.

With regards "war" since WWII the term has been continuously diluted and you would be forgiven for thinking that anything concerning "National Security" is a "war" of somekind. And further that "National Security" is by and large an overly generalised term used to get an increased allocation of the "tax take".

If you look at cyber attacks they have no physical actuality they are just information in one form or another. Other than spying / espionage the nearest recognised form of "warfare" to a series of cyber attacks is a subset of "economic warefare".

Now economic warfare comes in many forms and is currently practiced in the form of "trade embargos / sanctions" and by and large the nations most effected by this are those whos economies are overly reliant on "trade" such as the Western Nations. The countires least effected are those whose populace is mainly agrarian and thus almost self sufficient. And it just so happens that those countries tend to be those with fundementalist beliefs that cause civil and regional war from which international terrorism arises.

The thing about 9/11 that made it so successful was that it was a simple attack that used the defenders technology against them. By and large this is true for most terrorist attacks, be it bombs, bullets, missiles the technology was not developed by those attacking. This is true of nearly all asymmetric warfare as well which is also the sort of warfare the West fails at significantly (Iraq / Afghanistan being but two of many going back to almost the end of WWII.

The thing is cyber attack tools are commonly available and thus widely available for sale at considerably less than the traditional attack tools we call "conventional weapons". They are ideal tools for fighting asymetric economic warfare which may well be the next chosen method of small nations wishing to fight back against US/UK et al led economic sanctions/embargos used to impose harm for what is essentialy "political blackmail".

So whilst I will continue to call it cyber-crime or cyber-espionage and not Cyber-warfare, like the Cold War "war by proxie" that gave rise to the current "war by terrorist / insurgent", I can see it has the potential via economic influence to pottentialy have an effect on various Western Nations National Security.

But only if the Western Nations don't take the sensible precautions of improving the security of OS's and the Apps that run on them or issolating them from networks that are accessable one way or another from those who wish to attack them.

Which brings us around to why Western Nations don't take these precautions?

The answer is the idea of "The Great American Dream" that has given rise to the idea of "the instant buck" which gives rise to "short term thinking" giving rise to "short term investment" and the race to the bottom of "free market behaviour". It is only the "market chaos" that the banks and investment houses can create that enables them to make the sort of profits they wish to, so they "stoke the fires" any which way they can to chase that "instant buck".

The only way that has been shown to solve this problem is to stop the "short term investing" and almost invariably this has been by appropriate market regulation.

But that's not what the "Tax Funded" military and their suppliers want, they need the "chaos" real or imagined to get their funding. And I'm fairly sure that when "FUD" stops working they will resort to practical demonstrations of one form or another just to keep their "financial life line" running.

As was observed by United States Marine Corps Major General Smedley D. Butler back prior to WWII

War is a racket. It always has been. It is possibly the oldest, easily the most profitable, surely the most vicious. It is the only one international in scope. It is the only one in which the profits are reckoned in dollars and the losses in lives. A racket is best described, I believe, as something that is not what it seems to the majority of the people. Only a small 'inside' group knows what it is about. It is conducted for the benefit of the very few, at the expense of the very many. Out of war a few people make huge fortunes.

So not much has changed since that observation made 80 or so years ago, the dog and pony shows (con) the same it's just the stage dressing and the actors that have changed...

If you want to know more about what Smedly "Old Gimlet Eye" Butler had to say have a look at,

http://en.m.wikipedia.org/wiki/War_Is_a_Racket

Some of his recomendations still stand the test of time.

BrettMarch 15, 2012 8:48 AM

Clive, altogether great, and I have only one critique for your treatise - one term I will suggest as better refinement and description:
> These include "quarantine", "issolation", "immunization", "strengthening immunity systems" and the acts of "triage" . . .

I suggest that vaccination, and immunization, in a cyber context would really be vaccination (AV/IDS) which may lead to quarantine; immunization/genetic prevention - which, as argued later, is building a better cyber corpus - the more securable OS and applications.
I hope that is agreeable.

Much better than FUD and hype words like cyberwar.
We must guard against the acquisition of unwarranted influence, whether sought or unsought, by the cybermilitary-cyberindustrial complex.

SnallaBolagetMarch 15, 2012 11:48 AM

"Cyber war will not take place", p.6:
"Any act of war has to have the potential to
be lethal; it has to be instrumental; and it has to be political."

This is incorrect, and it seems to form the basis for much of that paper. :P

amanfromMarsMarch 18, 2012 12:06 AM

Those who are more than just competent and who would be leading in the intellectual property* fields which deliver overwhelming virtual advantage/cyber superiority to ...... well, that is something which here, and probably everywhere else where one is free to do as one pleases and is not constrained or intimidated by being constantly, positively third party vetted and monitored, [or signed on/in for TS/SCI and above levels of security classification/information assurance] will remain undefined and strictly need to know ....... are absolutely delighted whenever informed that cyber-weapons aren't all that destructive and that we've been misled by some bad metaphors and that there is an overestimation in the hype surrounding cyberwar.

Their view/experience/virtual realisation would much more wholeheartedly agree with SnallaBolaget's posting [March 15, 2012 11:48 AM] …..

"Cyber war will not take place", p.6:
"Any act of war has to have the potential to
be lethal; it has to be instrumental; and it has to be political."
This is incorrect, and it seems to form the basis for much of that paper. :P

….. and thus is the actual stealthy truth of the matter completely different and everything is, to a catastrophically destructive degree in all present command and control systems of whatever ilk, misunderestimated.

* Well, it is only always a great head game, isn't it, controlling the Great Game remotely with the transparent sharing of novel disruptive and constructive/irregular and unconventional views which established systems would rather have remained unaired because of the further questions and/or greater awareness which they would clearly raise and deliver to others?

Muhammad KhurshidMarch 18, 2012 3:31 AM

@anonymess Why are you pointing your finger on Pakistan, Iran and other Islamic world countries. How do you and your partners know these secrets? Are you a spy? How can you say that cyber war is not over? Share more if you know more secrets.

WikileaksMarch 18, 2012 1:08 PM

@anonymous You are wrong. Do check it http://rt.com/news/...

@Jacob I agree with you Jacob. anonymous is really anonymess and they disappointed me too.

@Clive Do not believe in anonymous comments. That is all not true.

@Muhammad Khurshid Follow wikileaks to know more secrets.

Clive RobinsonMarch 18, 2012 9:01 PM

@ Wikileaks,

Do not believe in anonymous comments. That is all not true.

First of what on earth are you going on about?

Secondly calling yourself "Wikileaks" is somewhat silly and gives no more credibility than using "anonymous" to post by.

As for your RT.com post, the Iran nuclear capability such as it is currently is something I've been saying for quite some time if you can be bothered to look at previous pages on this blog.

Anybody who cares to think about it will know that fossil fuels (due to rate of consumption compaired to production) are a fairly rapidly diminishing resource. And that non oil producing nations have demonstrated they are quite prepared to do what it takes to break the basic economic rule of "supply and demand" cost.

Thus any nation with substantial fossil fuel stocks and little else know that their future economic position is going to be based on access to energy, and that the likes of the US want the money they have spent on oil etc back. Thus if they are sensible will investigate ways of ensuring their future energy supply to prevent themselves becoming like a dependent drug addict on the US etc.

There are currently two viable alternatives to fossil fuels unreliable "green energy" such as wave, wind and solar and reliable nuclear.

Nearly all "green energy" has a hiden dependence which is "rare earth metals" which some nations such as China are using to make other nations dependant ( http://www.economist.com/node/21550243 ) which is something I've gone on about at length before on the pages of this blog.

Thus as many European countries have realised like it or not nuclear is the most viable way forward. There are several reasons for this. Firstly when toted up it has a lower carbon footprint per watt of generated power than any other currently viable option / technology, thus alowing a nation to meet carbon commitments and save having to go to carbon trading to protect it's industry. Secondly the technology involved in nuclear energy production has few dependancies other than knowledge and the starting fuel (once kicked off fairly common thorium can be used). Most of the other materials are to common for a single nation to gain effective control of.

Thus politicaly it's in the US's interest to stop any and all nations (who don't already have the capability) of developing nuclear technology of any kind because it makes those nations second class and thus becoming dependent within a few generations. Of those who have the US quickly tries to bring into it's political sphere of influance (you can see this with US behaviour to non super power nuclear states Pakistan being a recent example).

If you study history you will find that since before written history nations were fighting over resource rights the most basic of which was water.

And the ultimate resources are those needed for life, industry and political independance, and underpinning them all is energy without which the rest cannot be effectivly or efficiently utilised. So you can expect the control of energy to become increasingly the primary means of political control of nation upon nation.

VlesMarch 19, 2012 3:36 AM

And the ultimate resources are those needed for life, industry and political independance, and underpinning them all is energy without which the rest cannot be effectivly or efficiently utilised. So you can expect the control of energy to become increasingly the primary means of political control of nation upon nation.

That reminds me Clive, of this famous teacher and and his students. You don't ever want to cross a nine year old girl with tanks. :o)

PaulMarch 20, 2012 2:03 PM

@Clive I think, Russians are watching and monitoring every comments of this website. See something big had happened which you and Schneier didn't notice after anonymous comments i.e. "Moreover, anti-missile shield technology of USA was no more a secret. Had you ever thought, who told Russians truth behind Anti-Missile shield, which were supposed to install in Poland. USA named Iran as a potential threat to Russia. But, unfortunately, the idea of selling missile shield was not worked. Russia smells attack through secret agents of a country. Who told Russian secret agency (KGB) that if Russia itself fire missile to protect its sovereignty, then the American missile shield will diffuse Russia’s missile?".

This has happened after anonymous comments, see details, http://rt.com/politics/...

Something really big happening in real world. Clive and Schneier, you both need to be very very careful discussing things on this website. Why? Because Clive and Schneier discussed things related with Iranian Stuxnet without figuring out who is and will get benefits after Iran's sanctions? Let me tell you both who is and will get benefit of Iranian sanctions and war. Russia will get the most benefit. Why? and How? Well, first of all you both need to look on statistics. Who is world's largest oil producer after Saudi-Arabia? Its Russia (https://www.cia.gov/library/publications/the-world-factbook/rankorder/2173rank.html?countryName=Russia&countryCode=rs®ionCode=cas&rank=2#rs). Please note that Iran is world fourth oil producer. Now, if EU impose sanctions on Iran, who will get most benefit? Where will EU countries get their Oil from after Iran's sanctions? Russia... Russia will supply Oil to EU countries.

I want to tell you both a lot more secrets which can help you and your country(ies) but I think its worthless.

AndrewMarch 20, 2012 10:57 PM

@Paul USA is also watching and monitoring every comments of this website. If Russians are clever then USA is more clever.

Look what your favorite news channel said,
"US exempts 11 nations from Iran sanctions"(source: http://rt.com/news/line/2012-03-21/#id28287).

Now, think why USA exempts these 11 nations? It is because, you had a valid point and that is after Iran's sanction imposed by EU, Russia and Saudi-Arabia were supposed to get real benefit.

USA intelligence rockz. Why? Because, they had replied to a big oil politics and conspiracy. I mean Saudi-Russian conspiracy. Long live USA and allies...

PotStirrerMay 7, 2013 10:03 PM

Missing the global banking risks and concentrated attacks to target markets, plus SCADA.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..