[Dailydave] The underlying structure is foamy
Dave Aitel
dave at immunityinc.com
Thu May 23 16:49:00 EDT 2013
So Ben Nagy, who is nothing if not an iconoclast, disagrees with my and
Halvar's general tenets that the easiest analogy to what is happening in
the cyber space is the creation of a new Navy (or set of Navy's). But he
refuses to argue with it when it's not words on paper. So I figured I'd
put down some words on paper.
The first and most basic premise is that the Internet has replaced the
oceans as the global Commons. While it's true if you're moving mercury
or steel or plastic rubber duckies from China to somewhere not-China,
and while it's also true that the very wires that are the Internet are
sitting across Ocean floors, deep down Commerce now largely moves over
the Internet.
I don't know if that's the part Ben disagrees with. I think the part he
disagrees with is that by moving bits around, you can effect him in Real
Life. Which brings us to the second part:
I believe that you can cause dramatic nation-state effecting things over
the Internet. I also believe you can do small things if you want. There
are graduated Booms available if you have true information dominance.
Ben lives in a house that has power only a minority of the hours of the
day, so it's hard sometimes to imagine how you would effect him
personally. But he also flies around in metal tubes running
lowest-bidder real time operating systems hooked up to the network
(occasionally, at least). Modern planes can only fly if a quorum if the
cyber attackers on their systems vote to let them fly.
I look at these physical<-->cyber connections as simple gateways, but I
find that if you go around postulating more ways to do this stuff in
public, people consider you a huge douchebag.
Basically Dvorak and Ben are "not scared". Which is fine. But the people
who really make these decisions in most nation-states ARE scared. And on
one end, that's all that you need for working Deterrence, which is the
next argument.
In other words - I believe that cyber can replace nuclear (and has, to
some extent already) as a military deterrent. If Iran turned around
tomorrow and said "Stop the financial blockade or every wall street firm
goes away forever" then what's the US response? I hope we know, because
that very well is the next step. "We don't believe you" is not the
probable reaction, I'm guessing.
How about this one? "We're going to take a random ship and fill its
ballast tanks completely with water in the next storm". How's that Navy
looking now? At a lot of code assessments and not a lot of sailing
around the world enforcing trade embargoes, I'm afraid.
And if you can replace ANYTHING as a deterrent, then you might as well
replace our aging, expensive, and dangerous fleet of ballistic
submarines. Each of which is TWO BILLION DOLLARS. That's almost real money.
So that's the basic setup for the thesis, all of which annoys @RantyBen
AS PROMISED.
In case you're curious where all this comes from (other than phone calls
with Halvar), I've been working in my copious spare time on a Doctrine
for Cyberwar, which is essentially just game theory as applied to the
realities of what we do as hackers. This results in the three talks I've
given over the past year:
https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fallacies
http://www.youtube.com/watch?v=vBQET68HHSg (Amateur hour on the Internet
aka what is and what is not a cyberweapon)
http://www.youtube.com/watch?v=X2M9nmqP6n0 (Everything Buffy the Vampire
Slayer Taught me about Cyberwar)
-dave
(Ben, you're up.)
(Also, for those of you who haven't noticed yet, there's a special ad in
Immunity Debugger right now that links you to a special video. :>)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130523/71ce72a8/attachment.sig>
More information about the Dailydave
mailing list