The real-world ramifications of cyberwarfare

The following essay by Bruce Schneier has me thinking about the physical impact of cyberwarfare:

Cyberwar Treaties:
We’re in the early years of a cyberwar arms race. It’s expensive, it’s destabilizing, and it threatens the very fabric of the Internet we use every day. Cyberwar treaties, as imperfect as they might be, are the only way to contain the threat.

If you read the press and listen to government leaders, we’re already in the middle of a cyberwar. By any normal definition of the word “war,” this is ridiculous. But the definition of cyberwar has been expanded to include government-sponsored espionage, potential terrorist attacks in cyberspace, large-scale criminal fraud, and even hacker kids attacking government networks and critical infrastructure. This definition is being pushed both by the military and by government contractors, who are gaining power and making money on cyberwar fear.

The danger is that military problems beg for military solutions. We’re starting to see a power grab in cyberspace by the world’s militaries: large-scale monitoring of networks, military control of Internet standards, even military takeover of cyberspace. Last year’s debate over an “Internet kill switch” is an example of this; it’s the sort of measure that might be deployed in wartime but makes no sense in peacetime. At the same time, countries are engaging in offensive actions in cyberspace, with tools like Stuxnet and Flame.

Arms races stem from ignorance and fear: ignorance of the other side’s capabilities, and fear that their capabilities are greater than yours. Once cyberweapons exist, there will be an impetus to use them. Both Stuxnet and Flame damaged networks other than their intended targets. Any military-inserted back doors in Internet systems make us more vulnerable to criminals and hackers. And it is only a matter of time before something big happens, perhaps by the rash actions of a low-level military officer, perhaps by a non-state actor, perhaps by accident. And if the target nation retaliates, we could find ourselves in a real cyberwar.

The cyberwar arms race is destabilizing.

International cooperation and treaties are the only way to reverse this. Banning cyberweapons entirely is a good goal, but almost certainly unachievable. More likely are treaties that stipulate a no-first-use policy, outlaw unaimed or broadly targeted weapons, and mandate weapons that self-destruct at the end of hostilities. Treaties that restrict tactics and limit stockpiles could be a next step. We could prohibit cyberattacks against civilian infrastructure; international banking, for example, could be declared off-limits.

Yes, enforcement will be difficult. Remember how easy it was to hide a chemical weapons facility? Hiding a cyberweapons facility will be even easier. But we’ve learned a lot from our Cold War experience in negotiating nuclear, chemical, and biological treaties. The very act of negotiating limits the arms race and paves the way to peace. And even if they’re breached, the world is safer because the treaties exist.

There’s a common belief within the U.S. military that cyberweapons treaties are not in our best interest: that we currently have a military advantage in cyberspace that we should not squander. That’s not true. We might have an offensive advantage­although that’s debatable­but we certainly don’t have a defensive advantage. More importantly, as a heavily networked country, we are inherently vulnerable in cyberspace.

Cyberspace threats are real. Military threats might get the publicity, but the criminal threats are both more dangerous and more damaging. Militarizing cyberspace will do more harm than good. The value of a free and open Internet is enormous.

Stop cyberwar fear mongering. Ratchet down cyberspace saber rattling. Start negotiations on limiting the militarization of cyberspace and increasing international police cooperation. This won’t magically make us safe, but it will make us safer.

This essay first appeared on the U.S. News and World Report website, as part of a series of essays on the question: “Should there be an international treaty on cyberwarfare?”

Mr. Schneier is without a doubt one of the experts in this field, and I have no desire to analyze his comments which I believe to be spot on. I do want to ponder, however on the impact that unmitigated cyberwar would have on modern society, which ties in neatly with my technophobe, luddite stance.

First off, in cyberwarfare, the entire Internet is potential battlefield. There is no Bull Run, there is no Flanders field, there is no Iwo Jima, there is no DMZ and there is no line of demarkation. The battle is anywhere and everywhere in nanoseconds. Cyberwarriors do not march for weeks or even days to an enemy’s digital citadel and lay siege. The enemy’s stronghold is simultaneously in the midst of its capital and on its borderland. The cyberwarriors emerge from the ether and disappear equally instantaneously. There are no signs of encampment, and only rarely do any of the individual combatants leave any footprints behind. On both sides, the most frail mage is the most powerful warrior.

Second, cyberwarfare is the most unhuman form of conflict yet invented by mankind. There is no adrenaline-charged rush toward an enemy that is just as real and scared as one’s self. There is only the anonymous clatter and click of the keyboard and mouse, with its own source of adrenaline, which can be felt when playing a first-person shooter, such as America’s Army. The same can be said of robot proxy (drone) warfare, a physical/cyber hybrid. One can engage and kill an enemy and the enemy can engage and kill the drone, but the enemy cannot engage and kill the pilot flying the drone from the other side of the planet. The enemy can smell the iron from the spilling blood of his comrade, but the pilot only sees a pixelated image on his screen, if he sees the dead at all. While this is advantageous as long as it is asymmetric, once hybrid warfare is conducted on mass scale by both sides, it will be the most horrific thing we have ever seen. Assume that drones are just as susceptible to compromise as any other computer system and then imagine a malware like Stuxnet that targets UAVs. As horrible as nuclear warfare is with its ability to wipe out entire cities in seconds, how much worse would be a squadron of drones flying slow and low picking off civilians and combatants alike?

Finally, our global society depends on a stable cyber infrastructure. Destroy cyberspace and you destroy Western civilization, or at least set it back a couple hundred years. We live in an electron-driven society. No Internet means no international commerce, which means no local commerce. If the entirety of cyberspace is a battlefield, since you can’t designate war zones in an abstract realm that has no borders, then you can’t keep the battle out of your front yard, and everyone who is resident in cyberspace is victim in cyberspace. Everything is intensified because it is omnipresent and instantaneous. The collective intelligence of mankind is weaponized and can be turned against anyone by a small set of bad actors. Since bots are set-and-forget, taking out the general, the lieutenant, the sergeant, or the private, does nothing to slow the tempo of battle. The conflict destroys reactors in the Middle East and in nanoseconds, turns across the ocean to down the electrical grid in New England. Insert your own catastrophe here.

What we end out with is societal collapse because of an over-reliance on tech. Many parts of the world may not be impacted at all, and those societies may rise over ours. Such is the cycle of human cultures. But the question I would pose is this: can we not re-cork this genie before he gets all the way out of the bottle? I don’t suggest we eschew all the wonderful advances we have made, but as a culture, we need a robust backup plan that depends a little less on what our grandparents didn’t have and a little more on what our great-great-grandparents did have.

GPS Hate! Part Deux

In continuance (see this post for the last rant) of my diatribe on the over-reliance on tech, I saw the following article in The Scottsman:

Scots the most misled by satnavs:

Misleading satnavs have caused more than £200 million worth of damage to cars in the past 12 months with Scots the most misled by their devices.
And here is a re-spin of the same story from Ireland’s Independent:

Satnav errors ’cause damage £ 200m’:Misleading satnavs have caused more than £200 million worth of damage to cars in the past 12 months, it has been revealed.

But being the Luddite that I am, I fear no squawk box sitting on my dash! I laugh in the face (if she only had one…) of my tinny-voiced navigator and her incessant “Recalculating!”. I’ll take no orders from the waif-er of silicon who would with all her might keep me off The Road Not TakenI am a man and I shall get lost on my own terms, and my wife and children will heartily attest to that. 

Ah, but I digress… so my advice to the weary traveler led astray by his GPS, satnav, or whatever the local  parlance for the little beast is, is to get a real map, and get a real navigator. The companionship of a fellow human is worth the inconvenience. And get lost along the way on purpose. Pull over at a gas station and meet the locals. You might find a treasure in the countryside that those who never leave the beaten path have opportunity to experience. 

Another reason why paper maps are superior to GPS

Over the past several years I have developed some fairly strong anachronistic views on the overuse of technology, with GPSes being one in particular. Given, I own hiking and auto GPSes, I find them no substitute for actual navigational and geo-positional savvy (i.e. knowing where you are, where you want to go, and how to get there). I prefer paper maps, and given the subject of the post below, they have a very strong characteristic in their favor: THEY CAN’T TELL ON YOU.

TomTom Satnavs To Set Insurance Prices: nk497 writes “TomTom has signed a deal with an insurance firm that will see its satnavs used to monitor drivers. Fair Pay Insurance, part of Motaquote, will use monitoring systems built into the TomTom PRO 3100 to watch for sharp braking and badly managed turns, rewarding ‘good’ drivers with lower premiums and warning less skilled motorists when they aren’t driving as they should. ‘We’ve dispensed with generalization’s and said to our customers, if you believe you’re a good driver, we’ll believe you and we’ll even give you the benefit up front,’ said Nigel Lombard of Fair Pay Insurance.”

Share on Google+

Read more of this story at Slashdot.