Bruce Schneier, Marcus Ranum debate the realities of cyberwar - Information Security Magazine - Page 1

Bruce Schneier, Marcus Ranum debate the realities of cyberwar

Cyberwar: Myth or Reality?


Marcus Ranum

Point Ever since Winn Schwartau's science fiction novel Information Warfare accidentally wound up on the nonfiction shelves in 1994, cyberwar and cyberterror have been embedded in the security zeitgeist. I used to ridicule the idea--and mostly still do--but it's becoming clear we are on a trajectory in which: 1) the security of governments remains truly bad and, 2) we rely on that security more and more.

As we saw in Estonia, a concerted attack can easily disrupt a government's systems. The question is whether an all-out cyberwar is becoming practical. Ten years ago I'd have laughed at the idea, but today I'm less sure. When you hear of someone (allegedly the Chinese) accessing 10 to 20 TB of sensitive but unclassified data from the Department of Defense's NIPRnet, it's clear there's potential for huge problems. What really has me on the fence, though, is the poor security I've seen in SCADA systems. It would be possible to do tremendous damage by attacking civilian infrastructure.

That is the high-value target for a cyberattack, and proponents have always talked of a cyberattack acting as a force multiplier--a way of confusing and degrading command and control, paving the way for a conventional attack. But here's the problem: that's state-sponsored cyberterror,

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

not cyberwarfare.

I don't care how much you pretty it up; you can't crash someone's power grid, kill their phone system and ground their aircraft without causing civilian casualties and damage. I'm still idealistic enough to think it's immoral to first target civilians. In fact, I suspect if a nation-state were to cyber-attack the U.S., Washington would bang the terrorism drum. Cyberwarfare is kept as a gray area, and I worry it's one where our administration considers it appropriate to do unto others what we'd never tolerate being done to us.

This was first published in November 2007

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top