[Dailydave] The underlying structure is foamy

Pedro Hugo phugo at highspeedweb.net
Fri May 24 10:08:20 EDT 2013 

Hello everyone,

The navy analogy is definitely very interesting and compelling. I am not
so sure if it is the best one to use in this case.
My issue is with the economics of the new navy. The old navy is essential
a natural monopoly due to its high costs and barriers to entry.
Very few countries can(could) afford to develop, deploy, and maintain an
effective navy. The Spanish and Portuguese split the world and its
richnesses, and still were unable to maintain their empire 500 years ago.

The economics of the new cyber-navy are very different. It is cheap to
develop, deploy, and maintain. Honestly, any country can build their
cyber-army if it wishes so.
What are the real barriers to entry? Very few! It is mostly knowledge,
which is freely available these days or can be acquired at a very low cost
- VUPEN CEO was joking(?) on Twitter that they could train a junior
"pwner" in a year. I think this changes the whole strategic scenario
compared to the real navy. There are no few dominant players but everyone
has the potential to be one. How sure are we that we can evaluate the
"cyber-firepower" of any given country?

The thing about the whole cyber-war discussion that I have most problems
with is its real effects.
The impact of a nuclear bomb can be rather easily measured - many
casualties, nasty long-term effects in the population and environment, etc.
How about the effects of a cyber-war? It definitely has the potential to
kill people, although I doubt not even close to a nuclear attack. It has
potential to disrupt markets, supply-chain, and our day-to-day lives, and
so on. 
But what is the real magnitude of these effects? It will be extremely
annoying to have no electricity for days or even months. Hell, I am afraid
of switching internet providers because I am not sure if the new one will
have the same service levels. Can we survive to these effects? Of course
we can. Latest natural disasters have shown us that it is definitely
annoying to our personal comfort but we can survive and recover, sometimes
faster than predicted.

We love predictions and hate the unpredictable (as a side note, future
babble by Dan Gardner is an interesting book about this subject!).
Everyone is commenting on this topic and making their predictions.
Remember the Y2K bug? Many were saying it would be a disaster; billions
and many hours of ours lives were spent evaluating and fixing it. No real
disaster happened and we kept going with our lives. Maybe those billions
were well spent after all.
Most predictions are too abstract and too generic to be useful to anything
else than a private agenda. There seems to be too many politics, business,
and power games that are blinding us to understand and try to evaluate the
real impacts of a cyber-war.

Just my 2 cents of random write or wrong thoughts.

Best,
Pedro


On 24/05/13 05:56, "Thomas Lim" <thomas at coseinc.com> wrote:

>Dave
>
>Ben, like you and Halvar, are all iconoclasts. It's impossible to find
>anyone else in this Universe that will come close to looking like the 3
>of you and/or have the kind of cognitive "computing power" that you 3
>possess. Unlike me who is a Chinese, common, prevalent (you cannot get
>rid of us, can't you?) and who cannot read, write and pronounce properly
>the lingua franca of planet Earth.
>
>Ben is really a mystique. His train of thoughts is out of this world.
>Which is why no one can explain why he, a brilliant mind, continues to
>work in a tiny weeny company run by someone whose brainpower is
>equivalent to a rubber duckie.
>
>I believe yo are spot on when you said that moving of bits does not
>affect his live. The Internet, no matter how powerful and pervasive,
>will have great difficulty affecting someone's life when that someone
>carries a phones that does not work when he leaves the mountain, when
>electricity is a luxury and does not have a Facebook account. i mean
>which earthlings do not have a Facebook account?
>
>i kind of agree and disagree with you. i think the Internet will be the
>new Navy. Its not quite there yet but its definitely moving in that
>direction. Even when the Internet becomes the new Navy, it still will
>not replace the Ocean as the main medium of commerce. Unless "beam me up
>Scottie" becomes a reality. From what little i know of Physics and
>Biology (yes coming from the guy who believes that it will not rain on a
>full moon), that is not going to happen.
>
>Nation-states are concerned about the effect of the Internet, especially
>so with draconian regimes. It's (the Internet) catalytic effect on
>change on almost all matters of our life is amazing or frightening,
>depending on how you see it or accepting and leveraging it.
>
>i, on the other hand, am not concern only about nation-states and the
>Internet. i am also very concern about how enterprises/big corporations
>are using the Internet to affect our life in ways that we never intend to.
>
>i agree completely with you that Cyber will replace nuclear. What makes
>it really scary is that nation-states postulates with nuclear but will
>launch "cyber attack".
>
>
>
>Thank you
>Thomas Lim
>
>On 24/5/2013 4:49 AM, Dave Aitel wrote:
>> So Ben Nagy, who is nothing if not an iconoclast, disagrees with my and
>> Halvar's general tenets that the easiest analogy to what is happening in
>> the cyber space is the creation of a new Navy (or set of Navy's). But he
>> refuses to argue with it when it's not words on paper. So I figured I'd
>> put down some words on paper.
>> 
>> The first and most basic premise is that the Internet has replaced the
>> oceans as the global Commons. While it's true if you're moving mercury
>> or steel or plastic rubber duckies from China to somewhere not-China,
>> and while it's also true that the very wires that are the Internet are
>> sitting across Ocean floors, deep down Commerce now largely moves over
>> the Internet.
>> 
>> I don't know if that's the part Ben disagrees with. I think the part he
>> disagrees with is that by moving bits around, you can effect him in Real
>> Life. Which brings us to the second part:
>> 
>> I believe that you can cause dramatic nation-state effecting things over
>> the Internet. I also believe you can do small things if you want. There
>> are graduated Booms available if you have true information dominance.
>> Ben lives in a house that has power only a minority of the hours of the
>> day, so it's hard sometimes to imagine how you would effect him
>> personally. But he also flies around in metal tubes running
>> lowest-bidder real time operating systems hooked up to the network
>> (occasionally, at least). Modern planes can only fly if a quorum if the
>> cyber attackers on their systems vote to let them fly.
>> 
>> I look at these physical<-->cyber connections as simple gateways, but I
>> find that if you go around postulating more ways to do this stuff in
>> public, people consider you a huge douchebag.
>> 
>> Basically Dvorak and Ben are "not scared". Which is fine. But the people
>> who really make these decisions in most nation-states ARE scared. And on
>> one end, that's all that you need for working Deterrence, which is the
>> next argument.
>> 
>> In other words - I believe that cyber can replace nuclear (and has, to
>> some extent already) as a military deterrent. If Iran turned around
>> tomorrow and said "Stop the financial blockade or every wall street firm
>> goes away forever" then what's the US response? I hope we know, because
>> that very well is the next step. "We don't believe you" is not the
>> probable reaction, I'm guessing.
>> 
>> How about this one? "We're going to take a random ship and fill its
>> ballast tanks completely with water in the next storm". How's that Navy
>> looking now? At a lot of code assessments and not a lot of sailing
>> around the world enforcing trade embargoes, I'm afraid.
>> 
>> And if you can replace ANYTHING as a deterrent, then you might as well
>> replace our aging, expensive, and dangerous fleet of ballistic
>> submarines. Each of which is TWO BILLION DOLLARS. That's almost real
>>money.
>> 
>> So that's the basic setup for the thesis, all of which annoys @RantyBen
>> AS PROMISED.
>> 
>> In case you're curious where all this comes from (other than phone calls
>> with Halvar), I've been working in my copious spare time on a Doctrine
>> for Cyberwar, which is essentially just game theory as applied to the
>> realities of what we do as hackers. This results in the three talks I've
>> given over the past year:
>> 
>> 
>>https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fall
>>acies
>> http://www.youtube.com/watch?v=vBQET68HHSg (Amateur hour on the Internet
>> aka what is and what is not a cyberweapon)
>> http://www.youtube.com/watch?v=X2M9nmqP6n0 (Everything Buffy the Vampire
>> Slayer Taught me about Cyberwar)
>> 
>> -dave
>> (Ben, you're up.)
>> (Also, for those of you who haven't noticed yet, there's a special ad in
>> Immunity Debugger right now that links you to a special video. :>)
>> 
>> 
>> 
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>> 
>_______________________________________________
>Dailydave mailing list
>Dailydave at lists.immunityinc.com
>https://lists.immunityinc.com/mailman/listinfo/dailydave

More information about the Dailydave mailing list