There are thousands of articles perpetuating the claim that China is out to get us on the Internet. And yet, all these discussions are begging the question, is it China attacking? Also, are they even the "usual suspects"?
While I can point to real facts of China making active use of information warfare, cyber warfare, or whatever else you choose to call it (such as the release of 0 days being patched by Microsoft
and originally reported by the Taiwanese government, search Microsoft's site), I can also point to Germany (intelligence Trojan horse), the US (The Farewell Dossier) and other countries such
as North Korea (without much detail, so questioned).
We have a failing, that even as experts we see an IP source in China for an attack, and as it is popular, and we are still used to think in the physical world, jump to the conclusion the actor is from China. The actor is often from the US, Eastern Europe, Russia, Brazil, and many other countries. That in turn does not mean these actors are then sponsored by these countries. Information warfare is about covertness, not about being loud. The Internet is perfect for plausible deniability, as I've learned when writing the postmortem analysis of the 2007 attacks against Estonia, for the Estonian CERT.
The Chinese know more about the uses of being covert than any of the rest of us, in their strategy, their actions, and their history. If they are being so indiscreet it is for a specific reason, perhaps as a smoke-screen, or indeed, they are not doing it to begin with.
I am not saying the Chinese government does not attack, I am saying naming them continually is nothing but a baseless red herring, and an easy scape-goat we have all grown used to. Thus, blaming China by itself has become acceptable just because people did it often enough. The story of Ethos manufacturing itself.
Malicious computers in China are a problem we can't and shouldn't deny. However, continually claiming China is the Big Bad and attributing every attack to them, is beyond ridiculous. Nothing to see here, move along.
Then again, maybe if we keep saying it's the Chinese with every attack we see, they will get some ideas and make it true for us. It may eventually prove true, but our current proof is based mainly on people claiming it in the past. We are better than this.
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
Showing posts with label cyber war. Show all posts
Showing posts with label cyber war. Show all posts
Friday, November 13, 2009
Friday, October 30, 2009
Cyber War and Cyber Deterrence
A few days ago a Google Alert on my name let me know that I was referenced in a paper from RAND. I have high appreciation for RAND's work, so naturally I went to look.
The work by one Martin Libicki discusses cyber war and cyber deterrence. He is against the silly notion, much like I am.
I've grown so tired of repeating "these discussions the past two years in US defense circles are just ... stupid." I am happy that someone else, as articulate as Libicki, joined our side of the debate. Just because US experts are so used to deterrence as a strategy after 70 years, does not mean it fits the bill with the Internet. In fact, it is extreme folly.
I don't agree with everything Libicki says, but I do agree with him on this matter.
However...
Unlike many, I believe offensive capabilities are critical for any nation nowadays, but that thinking it would assist in defense is delusional.
Libicki's actual RAND paper can be found here:
www.rand.org/pubs/monographs/2009/RAND_MG877.pdf
Maybe now I can finally write a paper I want to write, on when deterrence actually does work on the Internet. There are cases where it does, but raising these before now would have muddied the water.
I also plan to be more vocal in the debate in the coming months, and pull out of the drawer some articles I wrote on the subject, for when it warms up and they can make a difference.
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
The work by one Martin Libicki discusses cyber war and cyber deterrence. He is against the silly notion, much like I am.
I've grown so tired of repeating "these discussions the past two years in US defense circles are just ... stupid." I am happy that someone else, as articulate as Libicki, joined our side of the debate. Just because US experts are so used to deterrence as a strategy after 70 years, does not mean it fits the bill with the Internet. In fact, it is extreme folly.
I don't agree with everything Libicki says, but I do agree with him on this matter.
However...
Unlike many, I believe offensive capabilities are critical for any nation nowadays, but that thinking it would assist in defense is delusional.
Libicki's actual RAND paper can be found here:
www.rand.org/pubs/monographs/2009/RAND_MG877.pdf
Maybe now I can finally write a paper I want to write, on when deterrence actually does work on the Internet. There are cases where it does, but raising these before now would have muddied the water.
I also plan to be more vocal in the debate in the coming months, and pull out of the drawer some articles I wrote on the subject, for when it warms up and they can make a difference.
Gadi Evron,
ge@linuxbox.org.
Follow me on twitter! http://twitter.com/gadievron
Subscribe to:
Posts (Atom)