Posted on 12/19/2014 4:27:10 AM PST by nathanbedford
Implications of Sony
1. The threat posed by unidentified attackers of the Sony system is not limited to the Hollywood corporation but has broad, even existential, implications for homeland defense, for liberty, especially the First Amendment, and for the economy.
2. Our nuclear facilities, our transportation infrastructure, our communication infrastructure, our banking institutions, Wall Street, our media, system of justice and the rule of law, in short, the whole structure which holds our way of life together and keeps us from anarchy are potentially threatened by any expansion or intensification of this threat.
3. The identity of the hackers is unknown, at least to the public, nor is it known for sure whether the culprits are one nation or conspiracy of several nations. The media and the government have tentatively identified North Korea as the culprit. But other public indications say that the software is entirely too sophisticated to have come exclusively from North Korea and that suggests a conspiracy involving those nations with the capacity: Russia, China, Iran. Even if there is no conspiracy beyond North Korea, it is certainly possible that the success of the hack against Sony might just instigate such an axis of cyber evil.
4. The frantic conferences in the White House are not reassuring. This frantic disarray might have been caused by any one or combination of the following: (A) the president has been utterly inattentive to briefings which might have brought him up to speed and have caused a responsible leader to take appropriate defensive measures; (B) the defense and intelligence establishments in the United States were blindsided and are frantically trying to identify the source of the hack; (C) the diplomatic arm of the government is frantically reaching out to allies and China for intelligence and cooperation; (D) a menu of options is being created to deal with the specific threat and subsequent enlarged and far more dangerous attacks.
5. Those options are severely constrained by the fact that three out of the four nations named, Russia, China, North Korea, all have the bomb and the fourth nation, Iran, has just been given the green light to get the bomb by the Obama administration. Therefore, military action against the first three is virtually to be ruled out and military action, in the unlikely event that it is to be resorted to by this administration against Iran must be done quickly. Because of the bomb military action must necessarily be confined to peripheral proxy war actions. Obama has shown no stomach for any where it might advance the interests United States is shown more than a reluctance to engage Iran.
6. A strategic conception must be settled on. Does The United States react with only diplomatic efforts? Should the strategy be one of retaliation? Deterrence? Containment? Should we retaliate militarily? By a counter cyber attack? With economic sanctions? These questions cannot be answered, unfortunately, until intelligence determines the nature of the attack, it's motivation, the identity of the attackers and whether they have the bomb. No diplomatic reaction against North Korea can have much effect against this already isolated rogue nation without explicit and real intervention by China, which is unlikely. Military intervention against North Korea, Russia or China is unthinkable because of the bomb. Military retaliation against Iran is unthinkable because the Obama administration won't think it. Containment will have little effect in a world of cyberspace. Economic sanctions will have little effect against already isolated Korea but might prove more effective against an already beleaguered Russia-or more provocative and therefore more dangerous-and might certainly have profound effect against China, but the ability of the world's largest economy to retaliate against the world's second economy (take your pick, which is which) certainly would be profoundly economically dangerous to the whole world. It is conceivable that counter cyber attacks could be waged against peripheral targets done with plausible deniability to deliver a message of determination that might lead to a condition of containment. Whatever course is embarked upon, we must recognize the path is strewn with hidden traps which could catapult the situation into real war. But we must not forget that cyber warfare can cause just as many casualties as might be caused by what we regard as conventional or even nuclear warfare.
7. The list of options surveyed above indicates that the United States and the West are perilously vulnerable to cyber attack with very few attractive options for retaliation. None of these options can be pursued with any confidence so long as our intelligence leaves us in a muddle.
8. The most obvious first move is to beef up our defenses. Some reports characterize our defense establishment provisions is far superior to our private commercial free marketplace. We Americans have a peculiar liability because so much of our defense establishment is inextricably interwoven with our military-industrial complex that a successful hack of private enterprise can lead directly into the Pentagon or to a place just as fruitful. To beef up our requirements of private industry suggests loss of liberty. A trade-off is inevitable. Worse, the attack against Sony has been an attack not just against the corporate structure when against individuals to turn those individuals to do the hackers bidding. That means that the individuals affiliated with our private partners in the military-industrial complex might also be targeted and that means that their security will have to be upgraded. A lesson we should already have learned from Mr. Snowden. In any event, these inevitable measures inevitably mean loss of liberty. The trade-off continues.
9. In the wake of 9/11 we conducted a thorough review and ultimately a revision of the national defense posture setting up the Department of Homeland Security. Without wandering into a discussion of the prudence of that revision, it is clear that a review and possible revision of our cyber vulnerabilities and are offensive cyber capacities must be undertaken. If the Department of Homeland Security is historical foresight, the outcome will no doubt be mixed and bureaucratic. It probably will have insufficient connection to the kind of strategy we should choose and implement and will rather have to do with bringing the pork home.
10. It might have already occurred to Putin that a cyber attack against the facilities in Saudi Arabia, for example, which pump oil and transport oil would be devastating to the price of oil, causing it to spike while leaving the West with no option but to buy oil and gas from Russia at high prices, thus saving Putin from his own follies. The attraction of such a situation to Iran is also obvious. China, to the contrary, has an interest in maintaining oil at a cheap price. So Russia and Iran, coming closer and closer as allies, might see an opportunity as they are illuminated by the hack against Sony. Iran cannot go it alone until it gets the bomb and Russia would seek plausible deniability but the temptation would be very great. Perhaps an attack could be launched from Nigeria which will also profit, indeed the regime might save itself, with higher oil prices. Putin could consider that is downside risk is minimal, no one is going to deliberately initiate war against Russia on an intercontinental or on a nuclear level. His standing with the people will only be improved, even if found out. Only food for thought.
10. These thoughts are suggested to spark discussion
Call me a cynic, just another contrived step and blah-blah to control the sheeple and cut-off communication from them.
To me, Cyber - addressing those dangers you cite is perhaps one of the highest areas of focus in DoD today.
It is rather reminiscent of JIEDDO (Joint Improvised Explosive Device Defeat Organization) on which billions was (and is, under a revised name)spent to solve the IED problem.
As the en vogue concepts-du-jour go, Cyber is the hot tamale. Yet, it remains to be seen how effective it will be. I am not instilled with a great sense of confidence, however, especially with this administration.
Obviously, we are in the best of hands. The world laughs and spits in our general direction.
If anyone has noticed, there has been a massive hacking attack under way in the USA Just this month. From compromising personal accounts to larger prey. I just don’t see it being reported as heavily.
The only food for thought to,take away from this is that corporate America does not care to staff/fun their IT departments.
It’s akin to the movies/TV shows where they show an Army Batallion only seconds away, when a nuke plant is being cases/attacked. There was just such a scene on the “Scorpions” TV show a couple weeks ago, but in reality, there is none.
In this case, corporations knowingly go super cheap on IT security. This could literally happen at EVERY company in the US, because companies would rather spend more on art for corporate buildings than devote the money to IT Security.
The more this stays in the news, the better chance for some CEO/President/Board of Directors/COO/etc... to actually ask the scary question of “How much are we spending on Cyber Security?” If the CTO has some balls, they would give the accurate answer - less than the price of your car, Mr CEO.
2. The computer programming culture is broken. Every couple of years or so a new computer language is created. This is great for young programmers and corporations, but bad for career programmers and consumers. New languages mean that no one can claim any real experience in programming with that language so young programmers are not at a disadvantage. Corporations can hire these young, inexperienced programmers at a lower cost.
However, these new languages all come with new bugs and gateways for viruses. Also, career programmers aren't just able to generate code quicker. They've also learned lessons about how to make more robust code that is harder to attack with viruses. Much of the code that is running the internet is written in crappy new languages riddled with flaws (e.g. Java) and written by young underpaid programmers who are lucky to know how to construct an efficient loop or IF THEN clause.
There is no reason why a program like C which was enhanced with Object Oriented features to become C++ couldn't have been continuously enhanced to support all of the features necessary to support web communications. If this had been the case, then career programmers would have been pivotal in either writing, or at least directing the writing, of much of the code that runs the internet. There would have been fewer flaws and holes for worms and viruses to squirm through.
There is often talk, and even some action, toward creating a programmer's guild which would recognize the skills of career programmers. However, there is always the fear that a guild will devolve into something like a trade union and lead to code written by lazy older programmers who haven't kept up with the latest enhancements.
I don't think there's any perfect solution, but if we want a more secure internet we need code written by professionals and we need people to pay for this quality.
If the people paying the coders are basically the advertising agencies, then you can bet that the code will be optimized for letting crap onto your computer rather than keeping it off.
I think it’s reasonable to note that several years ago Iran was hit by a cyber virus that created immense havoc in its nuclear and military fields.
This virus was almost certainly created and launched by Israel, with quite likely the assistance of the US.
So there’s nothing really all that new, here, except who might be attacked.
As more and more stuff is connected, it creates efficiencies and vulnerabilities. Very few people recognize that efficiency and vulnerability are in fact often closely related, and not just in cyberspace.
“Just in time” delivery, for example, prevents waste of the cost of labor, storage space and capital locked up by inventory, but it also presupposes a functioning delivery system, or whatever function should have been delivered just in time shuts down immediately.
Efficiency and robustness are usually, though perhaps not always, mortal enemies.
As with many tactical efforts some concentration of forces is needed to effect an attack. With the US management of a great deal of the internet we should be able to locate the perps. If the host country does not affect an immediate arrest of the perps then missile strikes on the data pipes takes place. All those affected by the interruption in service will have some motivation to self-police their close neighbors.
What is perplexing is how our vital domestic infrastructures continue to be plugged-into the internet. At this point a Battlestar Galactica policy should be in place where there is a physical quarantine of power stations and such from the internet with an absolute ban on USB drives and other potentially infectious devices from the core computer systems that manage these facilities. I am hoping these procedures are already implemented but from what I can glean from various reports it doesn't appear as such.
Thanks for taking the time to compose and post your thoughts, they are spot on. When I heard the Chief Propagandist say that there would be an appropriate measured response, whatever that is. I knew that we are in very deep kimchee. Pray for guidance.
Given the characteristics and staffing of the current regime I suspect that this cyber attack may have originated in NSA as an opening shot for general censorship of electronic communications and entertainment.
As usual, a well-reasoned analysis of some of the implications.
I would pose another question: why is it that these backward nations that can barely afford electricity keep beating us to the draw? Why don’t we have similar hacking capabilities to use as either offensive weapons or in a retaliatory capacity against aggressors? If a bunch of Nork starvlings can come up with these sophisticated intrusions, why can’t we?
Our enemies need to fear us more than we fear them.
Here is my thought posted on another thread but unmentioned among yours
“While it may have been an act of war , the attack was made on a Japanese company. The attack, actually a raid rather than an invasion, was to put the Japanese mega companies on notice of what is to come.
North Korea wants something from Japan and the movie in America is the leverage applied to get results at home in Japan. Toyota, Hitachi, Mitsui, Toshiba...... are being encouraged to assert their will on the Japanese government to attain what ever the Norks are wanting.
At base, it is ordinary blackmail, extortion”
I’ve been thinking about this a lot also, particularly about our power grid.
I think that we need to thank Sony and North Korea. Sony unintentionally goaded NK into revealing a lot of its cards, (assuming it was primarily NK). If not for this flap, we would still be asleep at the switch, at least at the national level. Many have been warning about a cyber-grid attack for years, but now it’s a leading story and everybody is paying attention.
The power grid is our exposed jugular vein. Computer networks and data systems have become the spinal cord and nervous system that controls the power grid. Think of the human muscle/skeletal system. “Just” taking out the spinal cord/nervous system renders the muscles (power grid) useless.
It my understanding that in many cases our grids are managed by almost antique “legacy” programs. Once hacked, our grid-controlling programs can be spoofed or made to destroy destroy themselves. Keep in mind this can also be very subtle and hard to detect, witness the Stuxxnet Virus inserted into Iran’s “super-secure” nuclear program. Stuxnet introduced tiny almost unrecognizable wobbles into their centrifuges, so that they would be destroyed before the damage was discovered.
And you could say that we fired the first cyber strike with Stuxnet, even if it was for a worthy cause.
All developed countries are extremely vulnerable to grid disruptions. If American cities are cut off from electricity for even a few weeks, they will explode at the social level, as people who are accustomed to “automatic” money showing up on EBT cards are left with no means to pay for food. This will lead to massive looting, and a cascade to mega-riots and anarchy.
The Sony-NK flap may even be revealing the existence of a new “MAD Doctrine” at the cyber level. No nation can be sure that its computer networks and critical infrastructure are safe from attack. The next “Pearl Harbor” might be an attack on our grid. And it might go on and on for weeks, as systems are restored and are hacked again. And grid-down for weeks may be enough to destroy America as we know it.
I think it’s imperative that we not only harden our computer infrastructure, but that we strive to achieve a dispersed grid structure that will not be as susceptible to a cascading grid failure. Where possible a “manual override option” must be put in place. Imagine a jetliner that flies only on autopilot, directed only by computer controls. What happens if the computer is hacked and the plane is commanded to dive and crash? That could be America, commanded to dive and crash.
Our grid needs a “manual override” option, and we need to get this running and begin testing it NOW.
Anybody who says “That can’t be done, our grid can only be operated by computers today,” is admitting that we are screwed.
The next Pearl Harbor is going to turn out our lights. And we might not even be sure of the return address, or whom to retaliate against. Disguising the return address of a major cyber attack will be SOP.
The satellites, unguided by their ground control stations, began to tumble into irretrievable orientations, experienced orbital decay, and eventually came back down to earth. Without satellites, modern communications of almost every kind faltered and failed, and the world was no longer sufficiently knitted together to conduct the necessary technological business of the modern global society.
Billions of people believed that Homo sapiens had achieved a permanent higher station since the retreat of the last great ice age. Unlike destruction by a slowly grinding ice sheet, however, all our technological modernity was swept away in a blink. The last live radio programming I’d heard had been from an AM station out of Knoxville that lasted for a few weeks after the power went out. And there was a canned FEMA broadcast alleging to be from the nation’s capital, but that radio frequency, too, had gone silent. How had it all happened so fast? I had a master’s degree in history, and I understood enough of it to come up with a few theories to explain what had happened, at least in the broad strokes.
Modern society was engineered for the maximum production of profits, providing the maximum comfort for the maximum population, using mankind’s most cutting-edge technical trickery and marketing magic for leverage. Maximum profits for producing maximum pleasures, and it would only get more maximum forever, as humanity’s greatest minds piled one technological miracle atop another, leading to ever-rising standards of living for most of the world’s billions of people. Onward and upward the towers of our modern cities soared into the sky as the suburbs spread outward and merged.
At least that’s how it was supposed to work. And it did work, for quite a while. But a few novelties unique to our time went almost unnoticed. Never before in history had so many been fed by so few, from so far away. By the end, our cities had grown into traps, with the easy creature comforts they promised as the bait. Billions of people moved into these technological beehives, where food, shelter, and (sometimes) work could be found in close proximity. City life was easier for the worker bees, and more profitable—and more controllable—for the queens.
That is, until the digital blood of the global communications network froze in all its infinite circuitry, and the machinery seized up and jammed in place. Suddenly left to their own nearly nonexistent devices, cut off from the food from distant agro-business farms, the inhabitants of our densely packed cities panicked and looted the stores and other food sources like locusts. After that, if the occasional travelers were to be believed, they literally consumed themselves. It was the modern consumer society’s final stage: Consumer, consume thyself. Did I, myself, see it? No. But what I saw with my own eyes in small-town and rural America left me in no doubt about what had taken place in the cities.
A popular historian from the end of the last century named Fukuyama had referred to the end of history, with an evolved mankind finally the master of the universe and his fate within it. Hardly the master, as it turned out. Instead, for decades we had lived inside an increasingly delicate techno-bubble, floating ever higher on digital money created from thin air, and we believed it was all as permanent as the pyramids!
Click the pic to the full-text Free Republic thread.
Wasn’t all this predicted by doom and gloomers in the Y2K laugher?
Yes, a gnat is exactly like an elephant.
I really do believe that the next Pearl Harbor will be a network/grid attack, and we might never know who did it. With the power down and (eventually) satellites tumbling, how will we get any reliable news? We might not even know if it was a cyber attack or a solar ejecta, if we wake up one morning with no power, and it stays out.
It cannot have been lost on terrorists, their nurturing states, as well as rogue nations like North Korea, that cyber warfare is a cheap means of waging asymmetrical warfare just begging to be used by economically and even technologically inferior players. Even North Korea can marshal assets enough to build a bomb, to build rockets, and to hack into America.
But why invest in all that hardware which leaves an unmistakable trail when you can do it from some undisclosed location in some Third World hellhole like Nigeria while sitting in your pajamas?
If we are confronted by a pathologically and ideologically distorted Islam, who are anyway indifferent to the pain to the expected in retribution if found out, we can only expect that they almost certainly will resort to cyber warfare. It has so many advantages, it is cheap, it does not have to be transported over oceans and passed through customs inspectors, it need not be safely assembled and detonated in the homeland homeland. All it takes is a few hackers who can be hired and a few keystrokes.
Even if no attack materializes, terrorists will have achieved many of their aims. They will have generated fear, they will have distorted the American system of individual liberty by requiring our government to spy on our own people. They will have caused us to build layer after layer of regulation, rendering us less efficient, increasing costs, and adding to inflation. They will cause us to mistrust one another. They will have increased the power of the state which is a Grail of the left and also of Islam which does not distinguish between Islam and the state. They will cause more and more Americans to look to appeasement. Many more powerful consequences are to be anticipated and they will all be visited upon us on cheap. Our costs mount, their costs remain relatively trifling.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.