Schneier on Security
A blog covering security and security technology.
« Vote for Liars and Outliers |
| When Investigation Fails to Prevent Terrorism »
April 30, 2012
JCS Chairman Sows Cyberwar Fears
Army General Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, said:
A cyber attack could stop our society in its tracks.
Gadzooks. A scared populace is much more willing to pour money into the cyberwar arms race.
Posted on April 30, 2012 at 6:52 AM
• 38 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
So long open internet. It was nice while it lasted.
You mean like the TSA does daily to millions of people?
By this point, every control center should be completely disconnected from the internet - water, power, sewage, telephone switches ... none should be accessible remotely. Do we really need a law to make this happen?
Personally, I'm more concerned about solar max radiation overloading transformers and gamma rays wiping out all life in the entire world.
You expect something different from a war monger?
95% of Americans are sheeples, who unquestioningly accept everything the USG says and sit idly by as their freedoms are taken from them.
C/JCS's comments only bring us closer to becoming the world's largest Police State.
Two things about this have caused me to smile or laugh,
Firstly the smile, Bruce "Gadzooks"... Just who have you been hanging out with lately to hear that word (for those who don't know it's the corruption of a word from medieval times that has kind of fallen into disuse except in the likes of Hollywood).
Secondly the laugh, in the article the JCS Chairman (AKA senior bird poop collector) is quoted as saying,
The problem is that our electronic warfare capabilities are no longer so unique. Today, more than 90 percent of the components in an electronic warfare system can be purchased off-the-shelf, from globally-sourced commercial vendors.
Well "No S41t Sherlock" it's a consiquence of the military having to move over to "Cost-effective Off of The Shelf" (COST) technology because the commercial "Fast Moving Consumer Electronics" (FMCE) sector has long since left the military electronics industry in it's over priced over speced under performing sink hole since around the time a handfull of IBM engineers started seriously working on the idea of the first of their PC's (ie very early 1980's).
And... this is actually a serious issue, most if not all Western Nations do not have the capability to manufacture high spec semiconductors on their home soil or even use "home nation" engineers for the whole process. Which leaves a large gaping hole in the "security / defence" of the nations due to "supply chain poisoning" or equivalent.
Ho hum any one for the latest and greatest smart weapon the "homing pigeon cruise missile" that flys out and circles back to "whence it came" before dropping it's load?
[Please remember the US has experienced this "advanced weapons system" before when BF Skinner trained real pigeons to be "suicide bombers", apparently he unfortunatly used the wrong pictures of (allied) warships to train the pigeons who flew home to roost as it were.]
FUD. This man should be court martialed for revealing secrets about our weaknesses or at least for not keeping the information a secret. As far as I am concerned, it is all propaganda coupled with marketing and PR to sell another round of expensive (to taxpayers) high profit commercialization to aid the former military industrial complex in their transition to the security & prison industrial complex.
Yes, so much to worry about. Me, I'm worried that the pub might run out of beer.
Snookie in a hot tub can stop US society in its tracks. So what? This isn't even good fear-mongering. Just ask yourself, it we went back to the level of civilization present in the 1960's would it be so bad? Aside from civil rights advances, what are the things that make society more civil today. Put 2010 technology, minus the Internet, in the hands of the 1960 society and they would be just fine. It's not much of an argument that a cyber attack is an existential threat to the US.
...Me, I'm worried that the pub might run out of beer
Fear, Uncertainty and Drought?
Stop society .. in its tracks? What *are* the tracks of society?
@Bob T "Welcome to 1984."
Actually, it would only nudge us back to about 1988, '89.
"Once a government resorts to terror against its own population to get what it wants, it must keep using terror against its own population to get what it wants. A government that terrorizes its own people can never stop. If such a government ever lets the fear subside and rational thought return to the populace, that government is finished."
What I always want to ask folks who make these cyber-disaster claims is "How?".
What is the use case where a cyber attack has a widespread impact on the lives of Americans? I'm not talking about a cyber attack that's news-worthy, and has "society stopped" because it's watching the drama unfold on TV. I just can't follow the hypothesis that a cyber attack can be more than a massive inconvenience.
Point of calibration: last year my power was off for 5 days because a storm damaged the one-and-only electric power switching sub-station that powers my neighborhood and it wasn't easy to replace the switchgear that failed because adequate parts and skilled workers weren't available. This was a huge problem, forcing me and my neighbors to share gas generators to keep the food in our freezers cold. It cost me hundreds of dollars in food and fuel that I wouldn't normally have bought. That said, it was not an existential threat to the very tracks that society runs on in my neighborhood.
Cyber disaster needs to be more than that!
Case #1: Evil-doers find a flaw in the border gateway protocol and use it to flood the IP routing fabric with incorrect data. This could lead to no practical paths between systems on different subnets, and the end of the Internet as it currently stands.
Outcome: Using our lights, and our phones for those folks who didn't jump to VOIP, the people who make routers have to figure out and fix the problem. It's Cisco, Juniper and a handful of other folks who already know who each other is. Press the answer onto CDs and use FedEx or the Post Office to send them to all your customers. A week later, the Internet is all better, and nobody dies. When I had to live without power, I had to live without the Internet because it seems all my Internet infrastructure runs on electricity.
Case #2: Evil-doers use the Internet connected electric power infrastructure to switch off all the power in the US. I'm not even going to mention how hard this is, every electric power installation is unique, and they all use redundant sources of supply, but SCADA is a potential problem.
Outcome: Lots of angry people, more than Case #1, call to complain that the power is off (unless they went to VOIP). The electric companies unplug their routers and turn the electric power back on. It probably takes 24-48 hours, because those networked SCADA devices are labor saving. Half the impact of my storm.
Case #3: Evildoers mount a sustained, covert, untraceable (ok I'm in sci-fi here) attacks on the DNS infrastructure of the internet block all access to the root server infrastructure. Nobody can figure out what IP goes with "www.schneier.com" .
Outcome: Write this down (220.127.116.11). Well, what really happens is that the ISP who serves you already has a non-authoritative DNS that it uses to reduce outbound bandwidth. Those folks simply become the decentralized source of your DNS. It doesn't propagate as quickly, and so now it takes a month before some new www.whacky123business.com domain name works everywhere. The Internet is less cool, and the DNS admin industry (or mafia, depending on your point of view) wants somebody's head on a platter. The rest of us are back on the internet, and maybe there is a story on page 6 when the evildoer dies in a house fire with a horse's head on his bed, to mix my mafia metaphors.
Bottom line, Where's the real disaster? It's not time for the annual April 1 contest, but we need to figure out what these generals could be talking about. If it's sci-fi, then it needs to go back to the fiction section.
WWII was an attempt to destroy society, and at least some folks thought the use of nuclear weapons was a reasonable tactic. I want to read the cyber problem for which folks think a 50TJ nuclear blast is the appropriate response. I just don't think it exists.
Actually, 2010 technology, minus the Internet, in the hands of the 1960s would not be so great unless it also brought _back_ things like the libraries that have been gutted and the ability of people outside a 25-mile radius of a major city to get television without paying a provider and having their channel lineup being decided by the local franchise authority.
The last ten years have been all about decentralization of the supply of information via the Internet while reducing the number of independent sources that are not internet dependent. Minus the Internet while also minus libraries, local broadcasters/newspapers, and independent bookstores does not look tasty to me.
I agree. What, specifically, can happen that is worse than the regular wars that we see?
And somehow people in those wars keep going on with their lives.
@eWilliams: "I want to read the cyber problem for which folks think a 50TJ nuclear blast is the appropriate response."
Answer: 2 girls 1 cup ... There's actually an historical precedent for this - an ancient city named Gomorrah.
@MikeA: TV would be a problem, there are only a few transmitted channels, and they are transmitted less excellently in DTV than in good old VHF. Cable TV would still be the solution for most folks, and that means satellite relay to the cable head-end. The 60's folks could run that, though I don't know that we'd have 1000 channels. I don't know that we'd miss 950 of the channels.
Newspapers still exist, a kid tosses one on my driveway every day. The Internet made that business a lot less profitable, so I expect the no-Internet world would have a lot more folks subscribing to newspapers. And since newspapers can, conceptually, be sued for printing known to be false stuff, overall knowledge in society might increase. Not be increasing knowledge, but by reducing false but truthy stuff. Books and libraries still have to compete with movies and TV, so that might be a less rosy recovery.
It will be an estimation of a problem that may lead to bombs. The bomb was dropped due to an estimation of how many lives would be lost in an invasion. Other theories include American hatred of Japan during that time-period, and the desire of scientists to have a live experiment on humans of the weapon they created. If our military can convince us through an estimation less lives will be lost by dropping a bomb somewhere instead of taking our chances with a "cyberwar", bombs away. Albeit, our estimations and simulations are much better now.
The "supply chain poisoning" Clive mentions is a MASSIVE problem, one of those fundamental problems that may enable the trumping up of cyberwar.
You know, talk like "Moreover, this isn't the first time malware-infested hardware has infiltrated HP's global supply chain. The company's Australian brand once shipped out USB drives infected by Fakecry and SillyFDC back in 2008, and in 2001, some printer drivers available on HP's website were infected with FunLove."
@calvin "bring us closer to becoming the world's largest Police State"
Nope, still got a long way to go.
USA 3,536,278 square miles, 313,454,000 population (2012)
China 3,706,581 square miles, 1,347,350,000 population (2011)
While I am concerned that the Chairman said what he said, the fact is that I strongly believe that we are already in the midst of a ongooing cyber war that the government, military, and corporate America need to recognize and declare war against as we have a concerted and planned strategy to take out the terrorists and their cells around the world. Being a retired Air Force Lt Col with extensive backgorund in mil strategy and special ops, every day seems to feel more like my active duty days than it does spinning risk assessments. The bottom line is while the Chairman's remarks might have been a bit extreme, please do not discount the fact that the multitude of bad agents out there are plotting and planning cyber offensive engagments against us each and every day ... sounds like a war to me !!!
With all due respect, your background is in military strategy, not computer science or computer security. As a previous poster pointed out, the worst that could happen is a minor and temporary inconvenience. It is difficult at best to determine if an attack on a computer system is state sponsored or not. If a random person from an allied nation blows up a US owned property, it is not an act of war; it is a crime. Calling it an act of war is dangerous because it can create unnecessary tension between us and other governments. Depending on the personalities of those in power, it could escalate to an actual war.
The CJCS said: "The truth is, I believe I am chairman at a time that seems less dangerous but is actually more dangerous." I don't understand the use of the relative term more in this context. More dangerous than what? The Cold War? WW2? The Bush administration? I think its safe to say the height of the Cold War is the most dangerous time we have seen. Lets not forget that the USSR tested a half yield version of a 100 megaton nuclear warhead. To put that into perspective, a15 kiloton warhead pretty much destroyed the entire city of Hiroshima.
Most important networks and computer systems are highly redundant and intranets. I am failing to see how "cyber attacks" from across the globe pose a threat to intranets. There is always the insider threat and thread of clandestine agents getting physical access; but that is something that has been a threat since the beginning of civilization.
I think the CJCS is being sincere, but misguided.
"95% of Americans are sheeples, who unquestioningly accept everything the USG says and sit idly by as their freedoms are taken from them. "
You have a right to such an opinion, but I don't think it's fair.
You can't expect people who don't understand things to do very much but side with or trust what they've known. If you feel they're misinformed, maybe you could work harder to help inform them. I mean, if this is all really that important to you.
I think it's that most people are not going to spend 12 years or more trying to understand what goes on under the hood either of computers or the internet because they're busier trying to do their own jobs and run their households. No one's going to study crptyography or data security in their spare time and thinking they should or being disappointed that they don't strikes me as at least unreasonable and at worst, unfair to the point of just want to spew venom at people you don't really know.
It's not a failure of the 'average user' to understand tech. Maybe it's more a failure of propellor heads being elitist on some level, enjoying some odd obfuscationEgo-thang, or just something else I don't understand either. But those WITH knowledge could ( I'm not saying 'should' ) break into understandable terms the same terms The Government/Whomever relies on being misunderstood, if at all.
Einstein said you don't really understand something if you can't explain it to your grandmother. Well, I can't explain anyone's desire to broadbrush 95% ( that's a lot, isn't it? ) of your fellow citizens as desirous of having their rights fold up like a birthday card, but I think the same could be said for anyone who assumes people 'don't care' if their rights go away. They DO care, but they aren't sure what to do about it. How concerned should they be? How self-eduating, exactly? I mean, Ma and Pa Kettle should lay awake at night actually worrying about wether their network's being used by bad guys?
My question to you is: If you could DO something about the '95% sheeple' that would be more effective than what they're not doing, what would it be? Maybe you could write it all down and promote it as a new book and if it helps, you get money and appreciation and they get to keep their rights.
It's not that I disagree that civil freedoms are at stake ( aren't they always? ) but that I do disagree that the people it happens to actually don't care. That's beyond overly simplistic.
[steps down from soapbox...goes and eats ice cream]
***well what in the wide world of sports is this sbox error stuff? hmmm....cgi...erm...no, i don't own the website...um...blurgh...that's what i get for stepping on a dang soapbox!! ***
I've seen a few movies where the criminals planned to erase all the financial records. That could cause a collapse of the global economy.
@ Anon 8:13pm
We've seen mass destruction of financial records... 9/11 was one, and the WWII destruction of property must have erased significant amounts of records, which at that time would not have been 'backed u' at a disaster recovery site. The result is difficulty, delay and significant losses for individuals, but not an economic collapse. Even Israel, whose banks conspired to make the Shekel worthless in the 1980's, muddled through.
In terms of financial destruction, our own high priests of finance executed damage on an unprecedented scale around about 2008, that if done by anyone not making such large campaign donations could be called terrorism. Certainly my meagre savings are now trembling with fear.
... and yet we carry on.
Today we are on the cusp of a transition into a cyberspace controlled world that will result in devastating consequences if IP access can be selectively blocked.
think about the changes that are rippling through industry.
1) practically all new telephone systems use packet routers at their core, making them effectively VOIP systems. The days of "big iron" five9's reliable systems from AT&T are long gone. So any disruption to IP servers would kill the countries telephone system. Consider the consequences of that as a first strike capability.
2)Smart meters often disguise remote enable / disable systems for electricity providers. Consider what could happen when residential electricity disable codes are controlled by an enemy. Or simply denied control by the utilities.
3) Banking systems and for that matter ALL financial transaction systems rely on the internet or intranets. Look at the so called "Flash Crash" in 2010 and imagine this resulted from a DOS attack. What would happen if stock BUY messages could be selectively blocked while SELL messages got through? In this day of High frequency trading the blocking could be done on msec intervals and remain largely unnoticeable in Human time frames BUT would be disastrous for High speed trading algorithms.
Although most of the systems I have mentioned are not directly public Internet accessible they can be infected by any good air jumping virus (think stuxnet). Or as Clive has pointed out, with supply chain security, malware could be incorporated at the time of manufacture into the chip design or the Bios and remain there for years just waiting for an enable code.
I accept that many years of cyber attacks might lead to a physical war. The IRA set off bombs for quite a while in the UK without upsetting a government smaller than the US. I just suggest we wait until after the cyber bombs start going off before we start de-engineering things. It's been a decade since the 9/11 plot, and we're not finding anything with that level of thought or execution. It was a lot like the Trojan Horse, the attack that only works once.
I propose we wait until after there are 10 confirmed, successful, attacks of the "5 days no power" scale before we start cyber militarization. We'd have the sort of WWII cohesion to vanquish the foe that's required for Manhattan Project style spending on militarization. The Axis was more than 10 countries into WWII before the US started militarization, and that seemed to work out in the end (for most Americans).
So far we might have had a skirmish in Estonia, more of a burst of gunfire than the conquest of a country. We had Stuxnet, where a tiny sliver of Iranian industry was disrupted by "somebody". I think the "actual cyber battle" count is still at 0.
It's simple militarism to claim we need an cyber-army because we think there might be a cyber battle in the future. Until we have a valid use case scenario where "5 days no power" damage can occur, it's just premature to build another military-industrial complex. The things are very expensive and so far we've only decommissioned the horse cavalry. (helicopters =/= horses)
People don't understand anything. They don't understand their computers or the Internet any more than they understand the chemistry of water purification or the mechanics of their car's engine. That's what we have engineers for. The military is for breaking bad things and engineers are for fixing good things. Cyberspace might need more engineers, but that's not a reason to put a bunch of soldiers there. The soldiers, even the CJCS, don't have any real idea how the Internet works either. They just know what their potential industrial partners tell them, that's why they talk about cyberspace in military terms. The engineers that designed the Internet don't talk that way. If there is a problem the IETF will fix it. Fortunately, "it hurts my politics" in Syria or "it hurts my business model" in the USA just don't count as problems.
I was under the impression that the financial firms were already utilizing real-time to near real-time backup to an external site of any critical information on 9/11.
The idea of cyberwar implies, to me, the idea of identifiable state actors, and the ability to combine defensive measures with counter attacks on that identifiable enemy.
What I see is a flood of activity that could, at choice, be labelled terrorism or crime, and with little or no chance of being able to even find the perpetrators.
An example is the fake Windows Technical Helpline, trying to persuade you to let them fix a problem with your computer. They're organised enough to be using call centres in India, and they use the privacy feature of the telephone system--the ability to withhold their telephone number from caller line ID--to prevent the victim from finding out anything.
I've found references in my local press going back five years. The last outbreak I've experienced is slowly fading, but so many legitimate callers I'm having to deal with are having the same privacy feature that I don't know if I have missed a call from the hospital or a call from the crooks.
That is not cyberwar, but it sure feels like an attack to me. (And lousy communication between different parts of the medical system isn't cyberwar either, but it could easily kill somebody.)
It's not just the supply chain being abused I'm worried about, it's the "how" that realy causes me sleepless nights...
Let's take the mainstay of computer recovery "backups" and see if there is a way they can be "blown away" all at the same time.
Surprisingly for some the simple answer is yes they can and there is little or nothing we can do about it, because we can not see our backups to check what is actually written to the backup medium. The reasons for this are many but it boils down to "abstraction" (with a side order of "efficiency").
If you look at what a "backup" is from the user perspective it is "an application" that "copies and retrieves files". In this respect to the user there is little or no difference between it and the ordinary system "file manager". If a user is actually pressed into thinking about it the main difference they would pick up on is the "copying" is done "automagicaly" so they (the user) only has to worry iff (if and only if) something goes wrong.
What they don't see in most cases is where their precious files end up and importantly in what form. The backup system has "abstracted" that issue away, which might account for why some users actually make backups of their precious files on the same HD their files are actualy stored on...
Even when a sysadmin knows where the backup is going and takes good care of the storage medium, do they actualy know or care what form the data is backed up in provided it works?
The simple answer is no, and even if they did they would be unlikley to possess the skills or equipment to be able to check and verify this. As long as they can put a file into the top of the chain and get it back from the top of the chain, they realy don't care what happens to the data on the way down the chain, they just "assume" it's all OK. A very few might actually test this by putting the "backup tapes into another system and check the files are recheavable.
So let us assume you are the "bad guy" what can you do to make all the backups useless over night?
The simple answer is to put a "proprietary algorithm" at some point in the chain between the back up application and the actual storage media. This "proprietary algorithm" amongst other things performs encryption of the data against a key stored in the chain.
As long as the key exists the backup system works fine, if the key becomes unavailable then no matter how old the backup media is or how well it's been protected and stored the media is to all intents and purposes trashed.
Now if you look at the backup systems used by the larger users (banks, insurance, health care, government, etc organisations) they are almost all proprietary in nature and even when there is commonality of hardware from different suppliers (think old style QIC, DAT, etc) frequently a proprietary compression algorithm is used to increase the effective storage to twice or more times the native storage of the medium to get increased "efficiency".
Thus there may be two or more points of "proprietary algorithm" in the chain that could hide an encryption process. In practice as many comms enginers know we actually have simple stream encryption in use as standard "to spread the energy into the mask" and this "whitening" is also used in storage media.
However there is an additional problem these days whilst their might be a number of suppliers of backup media equipment, it is often "badge labled" hardware, and even when not the chances are it uses one of maybe one or two chip manufactures products.
So getting back to you as the bad guy the oportunaty to hide the encryption is very good along the entire backup chain, the only issue is getting the "kill signal" in to erase the keys in all the backup chains at nearly the same moment.
And as we know with various malware and APT style covert attacks in the past this is not exactly difficult to arange.
I was under the impression that the financial firms were already utilizing real-time to near real-time backup to an external site of any critical information on 9/11. Posted by: Anon at April 30, 2012 11:36 PM
Umm sort of. Computer data is in data centers, which are usually far far away from the offices, and presented over high speed networks via technologies such as Citrix Desktop.
While all monocultures share this problem, it just doesn't seem to match the real world. Sure, "Everybody" uses Microsoft Windows, except the people who use Linux, Macs, iPhones, ...
There aren't more monocultures out in the real world because they are bad engineering, and we know the right answer. Multiple interoperable implementations with diverse supply chains. That's the way you solve the monoculture problem, through robust competition. Something might trash all your backups, but not my backups because I use different tools. That's the whole point.
The next time someone in government says things would be better if we would all do things their way, be polite, but remind them the engineering answer is "no thank you".
Sure "Everybody" uses Microsoft Windows, except the people who use Linux, Macs, iPhones, ..
That's at the Application end of the chain and quite offten the core of the application code for "multiplatform development" is effectivly platform independent.
Something might trash all your backups, but not my backups because I use different tools. That's the whole point.
And in many cases it is not the case, take for instance "micro code" in the backup device closest to the backup media, it's embeded in the chips and there are darn few chip sets and in many cases just one and it's proprietory.
We know this is the case due to "common bugs" in encrypted thumbdrives from (supposadly) different manufacturers, and likewise with the early HD "full drive encryption" systems.
And this is the problem, even when you have two devices from two different manufacturers and they appear different and have mainly different chips on them, at the lowest level the chips may well be the same. And it is virtualy guaranteed that the engineers puting these chips in their systems have no more idea what is actually in the devices than you or I do.
As has been pointed out on this blog before in this day and age of high integration SoC systems, it is much much cheaper to make one chip with a high degree of functionality and just disable it for lower spec parts. Thus your D-A device in your backup device could contain a couple of ARM CPU's and a mobile phone RX&TX line up or a GPU and other D-A's, you just don't know.
Further the engineers that "designed" the SoC actually have no idea of what is on the chip either they just use a series of "macros" and join them together. Likewise even the designer of the major macro's is unlikley to know either for similar reasons. Even if the various engineers did "pull out" a logic gate level wiring diagram the chances are they would not understand it or recognise a few hundred gates tucked away in there as a "backdoor".
But worse what is sent to the FAB facility is seldom if ever checked at the chip level, in fact in some cases it would not actually help, so the FAB facility could always "slip in a little something for the week end" that would just not bee found untill long after it had been triggered.
This is the point RobertT was making and it is something the US military are finaly waking upto, however what kicked them into action was not caution but the simple fact they have been sold dodgy components through the ordinary supply chain for COTS components, and they are unfortunatly aware that some "smart weapons" might actually be duds due to the highly profitable "re-marking" of chips...
"And this is the problem, even when you have two devices from two different manufacturers and they appear different and have mainly different chips on them, at the lowest level the chips may well be the same."
in the commercial semiconductor market there are generally only 3 or 4 chip vendors for any given function. Usually the main vendor controls about 50% to 60% of the total available market (TAM) the second vendor supplies about 20 to 30% and the third supplier gets 10 to 15% TAM.
Usually the top guy gets all the big name accounts, the second guy stays in business by being VERY compatible and gets some (maybe 20%) of the Big name business and some emerging Tier 2 business. The third guy is almost always surviving on some mixture of tier2 / tier3 business, which the main vendor fails to properly support.
This means that for two different Tier1 laptops (say Dell and HP) it is very likely that they use exactly the same full disk encryption chip. If you want to find a different chip you need to look at second/third tier brands like say Asus.
"But worse what is sent to the FAB facility is seldom if ever checked at the chip level,..."
This is not correct strictly speaking, because the last stage of any chip design is checking that what is in the design layout database matches what is required. This is done with tools called LVS (layout vs schematic) or through a formal verification process (extract what will go on the masks and compare it to the desired functionality). Anyone wanting to modify a chip and "slip in a backdoor" would either need to simply put it in the chip behavioral database OR somehow bypass the last stages of checking.
If I wanted to get some hidden function into a chip database, I would add it as a "new feature" that is not intended to be enabled (no one has the time to properly check these circuits). I would than find a way to make sure the circuit disable was not done properly, or the Mask was modified after the check procedures.
What I'm describing is not easy to do but it is definitely possible, especially if the person creating the backdoor is senior enough to not be questioned by any junior engineer. (there is a definite pecking order within the chip design community).
Better still is to "blackbox" the circuit, and just say it is some special security feature and disable all access to this section of the database, in this way there is absolutely no oversight. you typically need to be Very senior to get away with this approach.
If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking... is freedom.
~Dwight D. Eisenhower
Data backup / retrieval is definitely a weak spot in most systems and a really good place to focus if you want to maximize the long term damage that you cause.
For my part I'm most worried about the emergence of Smartphones and the incredibly diverse attack space that these devices have. Think about a malware that is spreads over 3G networks. Imagine how much Apple would be prepared to pay to prevent a 3G network attack which remotely shut-down all iPhones. From memory RIM payed about $600M USD to prevent their Blackberry network being shutdown for a few days in that Patent troll case a few years ago.
In the past I have also mentioned the Smartphone as a vector for transmission of airgap-jumping viruses. USB charging is a nightmare for all high security networks, but couple this with the highly promiscuous (interconnected) nature of smartphone, especially on social networks, and you've got the mother of all head aches to monitor/administer.
To be honest, my only wish is that I actually had a solution / product to sell into this FUD, because imho none of the PC style anti-virus systems has any hope of addressing the above mentioned problems.
For my part I'm most worried about the emergence of Smartphones and the incredibly diverse attack space that these devices have.
The key word there is "emergence", at the moment in the civilian world the main focus on harm around these devices is "self harm". That is people are trusting them way way more than they should with the information and apps they load onto them.
However... if the NSA and current POTUS are to be believed then it is possible to make the likes of the Blackberry sufficiently secure... (I'd have loved to be in the room after his taking the oath when a Whitehouse aid said "Mr President, I need you to hand over your private phone as we will be storing it for your term of office" ;)
Thus the main problem I see with smart phones from this particular perspective is not "making them secure" but "keeping them secure".
But it's a limited perspective for a couple of reasons. The first is the network providers are the phone users worst enemy by far currently due to the simple economics of the "race to the bottom" service providers are in. You can be sure by taking a good long look at the service agreement "you are the turkey that's been invited to thanks giving dinner at your own expense". The recent debacle with carrier IQ test software "end running" around any and all security on the phone in the name of "efficient" fault resolution. This can be viewed as just the start of the problems we will see when the mobile/cell phone service providers move closer to the "Google / Facebook / et al model, where the phone user ceases to be the customer for "connection" and they and their information instead become the product.
Of course there will be "premium business" solutions available where this (supposadly) will not happen. But we only have to look at how Blackberry didn't live up to expectations on that one. Then with the addition of just about every nations anti- "pirate / child molester / drug runner / terrorist" legislation that is actually designed for political control / tax raising, I seriously doubt if any kind of security let alone privacy will be alowed to exist outside of "grubmint" hands.
Which brings us around to Government agencies of all forms, but especialy the military. Lets be honest all the Military Radio and National / Emergancy security / response Trunked Radio systems are a compleate bust, they don't work at the best of times which is why you often see Police officers carrying two (or more) mobile phones. One reason they just don't "hack it" in the real world is "efficiency" another is the system designers and procurers don't actually know (or want to know) what it is the troops want to do.
If you ask most soldiers what piece of kit they would rather have on the battle field out of a "secure military radio set" or an "iPhone" they would say the iPhone for a whole host of reasons. One of which is not only does it provide "comms" it also provides "entertainment" and "learning" because many "squadies" have built their own apps to replace existing training manuals etc.
And this has started to cause the top brass to have not just headaches but nightmares. Their problem being over priced usless secure military kit -v- working value added but insecure civy kit, that the troops are going to use irrespective of "orders".
Their current solution appears to be "focus on one platform" (iPhone) and encorage the sharing of good app design via their own "app store".
I do find myself wondering when Apple will bring out the iPhone 4GS (Government Secure/Special) to get "lock in" to what may well be a very lucrative market.
First, thank you to the very thoughtful response to my original post. Second, I think the Chairman's comments were a preview to this morning's Washington Post Article seen at the link.
Given the way Washington works, the iterative process, as seen in the article, indicates that the status of the US approach to Cyber Warfighting is changing. I hope it does because I am convinced, given the theory of war, we are already in a Cyber War and have been for years. It is almost the perfect terrorist war .... numerous independent operating cells unknown to one another that have a similar mission to inflict damage, destruction, and fear on the target society (ies).
" Military leaders seek higher profile for Pentagon’s Cyber Command unit "
" The change in status would not resolve a host of more fundamental issues, such as the scope of its authority to defend the nation. Officials are still debating under what circumstances military commanders can respond on their own to hostile acts in cyberspace and how far notions of state sovereignty should apply in cyberspace. "
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.