Comments

Brandioch ConnerJuly 6, 2012 3:09 PM

"I know that cyberwar treaties will be difficult to negotiate and even more difficult to enforce."

I think that should be "impossible to enforce".

Therefore, such treaties will only be used to justify real-world attacks on the enemy du jour.

Meanwhile, nothing will be done about the computer security risks that the average user faces every day.

Me MyselfJuly 6, 2012 3:49 PM

So Bruce, did you go and break into houses after that photo shoot, or was it just before your ninja lessons? ;-)

nkJuly 7, 2012 2:39 AM

Hey, I like the photo in the linked article. It's much cooler than the current one here on the blog. Vote for change?

Clive RobinsonJuly 7, 2012 4:43 AM

Hmm Bruce are you going "European" on us?

Your headdress looks distinctly like a modern take on the French Beret, and you are wearing it "square on" (see wiki comment on this http://en.m.wikipedia.org/wiki/Beret#section_3 )

With regards your comments in the article,

We made a mistake with Stuxnet: We traded a small short-term gain for a large longer-term loss.

This is not the first time the US has "shot from the hip" with "new technology", the biggie that most know is the use of nuclear weapons against Japan during WWII (which as it mainly targeted the civilian population is arguably a war crime).

Such action almost always leads to an escalation of weapons development and considerably greater destructive capability almost invariably follows. That treaty after treaty fails to stop. Worse the US is mostly seen by the rest of the world as hypocritical in it's future dealing with such technology. It condems the design and building of such weapons by other sovereign states whilst designing, building and stockpiling vast arrays of them on the ludicrous presumption it has to "maintain superiority" and that "it can be trusted" after having repeatedly and ususaly ineptly proved it cannot. Worse it then displays a "top table" attitude to other Sovereign nations that have provenly developed the capability, apparently failing to realise this only encourages other nations to build the weapons themselves.

It is thus the 'US Mentality to Foreign Affairs" that gives rise to "Hawks all the way" that should be of serious consideration for your comment,

For that reason, Stuxnet was a destabilizing and dangerous course of action.

I'm sure their are many Americans who will disagree with me on this, but if they do they realy should stop the "fortress mentality" viewpoint and try putting themselves in the shoes of others and walking their path for a mile or two. That is to try standing on the outside and looking in.

As has once been observed the difference between a Fortress and a Prison is mainly the viewpoint. The purpose of the buildings is the same which is to exclude those inside from the general society outside, and thus ties the insiders to a known position that has little or no ability to change.

AnonJuly 8, 2012 6:54 PM

I'm really at a loss to know why Bruce thinks Stuxnet was bad for the US or how he thinks Stuxnet changes anything. The Iranians are upset, but they've always hated us. As for everyone else, it's not obvious why Stuxnet would change their behavior in the least.

Kevin PhairJuly 9, 2012 4:11 PM

@anon

As Bruce said, "Stuxnet didn't just damage the Natanz nuclear facility; it damaged the U.S.'s credibility as a fair arbiter and force for peace in cyberspace".

Imagine for a moment that after WWII the U.S. developed and regularly used nuclear weapons on enemy states, while calling on the rest of the world to refrain from using nukes. Do you think anyone would take the them seriously on the subject?

Likewise with this, we see so much bluster come from America about cyberweapons and the use of them being tantamount to a declaration of war, but somehow when America uses them it's a force for good?

Do you think countries like Iran are going to blithely assume that this was a one-off? They are now obliged to assume that all bets are off and they need to develop their own offensive capability - Not because that's what the best thing to do is, but because from their viewpoint it's the only possible course of action.

AnonJuly 9, 2012 8:30 PM

@Kevin

Other countries took us seriously when we said not to use nuclear weapons because we credibly threatened to kill their entire populations if they did so. I'm lost as to how that situation is remotely relevant to cyber warfare.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..