<div dir="ltr"><div>Cyberwar. I am not sure that it conjures the right picture on my head because there would be a dark skies and a dystopian society with only Mel Gibson, Harrison Ford, and just for the heck of it Patrick Swayze from Road House. Do I believe that people are going to replace their fleet with something else? Yes. A scramjet based one. Nothing says dystopia like a scramjet drone army.</div>
<div><br></div><div>I think this new notion that large companies are pushing, the one I work for included, of the Internet of Everything dilutes some of these point a bit. I can agree that we are building some new 'navies' for a portion of the internet. I don't think that its that analogous for the system as a whole. What we are building, I don't think humans have ever been seen before.<br>
</div><div><br></div><div>To start cyber enhances kinetic warfare, today nuclear, tomorrow whatever. More importantly, some of us have become weapons makers with or without wanting it to be that way. I am not sure if 'Cyber war is still the appropriate word'. The history of war shows us, those with the best technology generally wins. Not always, but mostly. I think guerrilla insurgents are supposed to teach us something about that. I am not sure I can't pay attention long enough.</div>
<div><br></div><div>I think cyber is a bit of a leveling field for countries to some extent, while it could be an effective tool, its not going to be the only piece that matters. Your analogy to financials is one thing, having a campaign that tears down all financials would be bad. We have however heard of some countries being able to do manipulations of currency to subvert governments that are much more effective that just a simple 'crash'. In our case, the varying levels of cyber and how they are used would be the more interesting implication. Something as advanced as stuxnet being created in the mid to early 2000's for instance, while South Korea gets hit with the equivalent of 'rm -rf'.</div>
<div><br></div><div>A point about physical and virtual gateways. A few years from now there be Machine to Machine communication in order to attempt to take the 'fallacy' of humans out of the equation. I just heard the CEO of Ford speaking about cars talking to other cars. It would be 'better' if my car could talk to other cars on the road to understand how to move along the city. If my car could talk to the city then it could understand weather the road was wet and so-on. If an attacker took control of my that car and drove it into other cars, that would not be fun. Maybe it would be depending on your personality. If the internet is backbone of that neural network then those that are 'policing' that portion of it wouldn't be called a navy. I am not sure what we call this 'thing' at that point. What I can tell you is a few things:</div>
<div><br></div><div>- Society needs order so that people can live a normal life and so that it can sustain itself, no self crashing cars. In the same sense that if we had so much credit card theft electronically the system would not work and would need to be shut down. </div>
<div><br></div><div>- Those that build these machines will be forced to build them safer, because no one will get into a self driving car when the roads are not safe to drive. No one will fly Pan-Am because their planes crash. This is partly why Pan-Am no longer exists.</div>
<div><br></div><div>- Maybe our governments are not fully prepared to face a world without borders that the internet provides. If we attempt in our minds to separate cyber and physical, there is no real country in cyber its all one country with many places to visit.<br>
</div><div><br></div><div>Moses</div><div><a href="http://www.moses.io" target="_blank">www.moses.io</a></div><div><br></div><div>road house</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 23, 2013 at 4:49 PM, Dave Aitel <span dir="ltr"><<a href="mailto:dave@immunityinc.com" target="_blank">dave@immunityinc.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">So Ben Nagy, who is nothing if not an iconoclast, disagrees with my and<br>
Halvar's general tenets that the easiest analogy to what is happening in<br>
the cyber space is the creation of a new Navy (or set of Navy's). But he<br>
refuses to argue with it when it's not words on paper. So I figured I'd<br>
put down some words on paper.<br>
<br>
The first and most basic premise is that the Internet has replaced the<br>
oceans as the global Commons. While it's true if you're moving mercury<br>
or steel or plastic rubber duckies from China to somewhere not-China,<br>
and while it's also true that the very wires that are the Internet are<br>
sitting across Ocean floors, deep down Commerce now largely moves over<br>
the Internet.<br>
<br>
I don't know if that's the part Ben disagrees with. I think the part he<br>
disagrees with is that by moving bits around, you can effect him in Real<br>
Life. Which brings us to the second part:<br>
<br>
I believe that you can cause dramatic nation-state effecting things over<br>
the Internet. I also believe you can do small things if you want. There<br>
are graduated Booms available if you have true information dominance.<br>
Ben lives in a house that has power only a minority of the hours of the<br>
day, so it's hard sometimes to imagine how you would effect him<br>
personally. But he also flies around in metal tubes running<br>
lowest-bidder real time operating systems hooked up to the network<br>
(occasionally, at least). Modern planes can only fly if a quorum if the<br>
cyber attackers on their systems vote to let them fly.<br>
<br>
I look at these physical<-->cyber connections as simple gateways, but I<br>
find that if you go around postulating more ways to do this stuff in<br>
public, people consider you a huge douchebag.<br>
<br>
Basically Dvorak and Ben are "not scared". Which is fine. But the people<br>
who really make these decisions in most nation-states ARE scared. And on<br>
one end, that's all that you need for working Deterrence, which is the<br>
next argument.<br>
<br>
In other words - I believe that cyber can replace nuclear (and has, to<br>
some extent already) as a military deterrent. If Iran turned around<br>
tomorrow and said "Stop the financial blockade or every wall street firm<br>
goes away forever" then what's the US response? I hope we know, because<br>
that very well is the next step. "We don't believe you" is not the<br>
probable reaction, I'm guessing.<br>
<br>
How about this one? "We're going to take a random ship and fill its<br>
ballast tanks completely with water in the next storm". How's that Navy<br>
looking now? At a lot of code assessments and not a lot of sailing<br>
around the world enforcing trade embargoes, I'm afraid.<br>
<br>
And if you can replace ANYTHING as a deterrent, then you might as well<br>
replace our aging, expensive, and dangerous fleet of ballistic<br>
submarines. Each of which is TWO BILLION DOLLARS. That's almost real money.<br>
<br>
So that's the basic setup for the thesis, all of which annoys @RantyBen<br>
AS PROMISED.<br>
<br>
In case you're curious where all this comes from (other than phone calls<br>
with Halvar), I've been working in my copious spare time on a Doctrine<br>
for Cyberwar, which is essentially just game theory as applied to the<br>
realities of what we do as hackers. This results in the three talks I've<br>
given over the past year:<br>
<br>
<a href="https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fallacies" target="_blank">https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fallacies</a><br>
<a href="http://www.youtube.com/watch?v=vBQET68HHSg" target="_blank">http://www.youtube.com/watch?v=vBQET68HHSg</a> (Amateur hour on the Internet<br>
aka what is and what is not a cyberweapon)<br>
<a href="http://www.youtube.com/watch?v=X2M9nmqP6n0" target="_blank">http://www.youtube.com/watch?v=X2M9nmqP6n0</a> (Everything Buffy the Vampire<br>
Slayer Taught me about Cyberwar)<br>
<br>
-dave<br>
(Ben, you're up.)<br>
(Also, for those of you who haven't noticed yet, there's a special ad in<br>
Immunity Debugger right now that links you to a special video. :>)<br>
<br>
<br>_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com" target="_blank">Dailydave@lists.immunityinc.com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
<br></blockquote></div><br></div></div>