Bruce Schneier, Marcus Ranum debate the realities of cyberwar


This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."

Download it now to read this article plus other related content.

Cyberwar: Myth or Reality?

Marcus Ranum

Point Ever since Winn Schwartau's science fiction novel Information Warfare accidentally wound up on the nonfiction shelves in 1994, cyberwar and cyberterror have been embedded in the security zeitgeist. I used to ridicule the idea--and mostly still do--but it's becoming clear we are on a trajectory in which: 1) the security of governments remains truly bad and, 2) we rely on that security more and more.

As we saw in Estonia, a concerted attack can easily disrupt a government's systems. The question is whether an all-out cyberwar is becoming practical. Ten years ago I'd have laughed at the idea, but today I'm less sure. When you hear of someone (allegedly the Chinese) accessing 10 to 20 TB of sensitive but unclassified data from the Department of Defense's NIPRnet, it's clear there's potential for huge problems. What really has me on the fence, though, is the poor security I've seen in SCADA systems. It would be possible to do tremendous damage by attacking civilian infrastructure.

That is the high-value target for a cyberattack, and proponents have always talked of a cyberattack acting as a force multiplier--a way of confusing and degrading command and control, paving the way for a conventional attack. But here's the problem: that's state-sponsored cyberterror,

    Requires Free Membership to View

not cyberwarfare.

I don't care how much you pretty it up; you can't crash someone's power grid, kill their phone system and ground their aircraft without causing civilian casualties and damage. I'm still idealistic enough to think it's immoral to first target civilians. In fact, I suspect if a nation-state were to cyber-attack the U.S., Washington would bang the terrorism drum. Cyberwarfare is kept as a gray area, and I worry it's one where our administration considers it appropriate to do unto others what we'd never tolerate being done to us.

This was first published in November 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: