[147571] in cryptography@c2.net mail archive
Re: [Cryptography] Iran and murder
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Wed Oct 9 16:20:07 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAGSRWbjLYmZFY_FKO5qxWb_u1w8btMorX2sED5CdeofZS9RLnQ@mail.gmail.com>
Date: Wed, 9 Oct 2013 08:44:05 -0400
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tim Newsham <tim.newsham@gmail.com>
Cc: John Kelsey <crypto.jmk@gmail.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>,
"James A. Donald" <jamesd@echeque.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============6705325749218140244==
Content-Type: multipart/alternative; boundary=047d7b343ef29c236c04e84e3dc9
--047d7b343ef29c236c04e84e3dc9
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Oct 9, 2013 at 12:44 AM, Tim Newsham <tim.newsham@gmail.com> wrote:
> > We are more vulnerable to widespread acceptance of these bad principles
> than
> > almost anyone, ultimately, But doing all these things has won larger
> budgets
> > and temporary successes for specific people and agencies today, whereas
> > the costs of all this will land on us all in the future.
>
> The same could be (and has been) said about offensive cyber warfare.
>
I said the same thing in the launch issue of cyber-defense. Unfortunately
the editor took it into his head to conflate inventing the HTTP referer
field etc. with rather more and so I can't point people at the article as
they refuse to correct it.
I see cyber-sabotage as being similar to use of chemical or biological
weapons: It is going to be banned because the military consequences fall
far short of being decisive, are unpredictable and the barriers to entry
are low.
STUXNET has been relaunched with different payloads countless times. So we
are throwing stones the other side can throw back with greater force.
We have a big problem in crypto because we cannot now be sure that the help
received from the US government in the past has been well intentioned or
not. And so a great deal of time is being wasted right now (though we will
waste orders of magnitude more of their time).
At the moment we have a bunch of generals and contractors telling us that
we must spend billions on the ability to attack China's power system in
case they attack ours. If we accept that project then we can't share
technology that might help them defend their power system which cripples
our ability to defend our own.
So a purely hypothetical attack promoted for the personal enrichment of a
few makes us less secure, not safer. And the power systems are open to
attack by sufficiently motivated individuals.
The sophistication of STUXNET lay in its ability to discriminate the
intended target from others. The opponents we face simply don't care about
collateral damage. So I am not impressed by people boasting about the
ability of some country (not an ally of my country BTW) to perform targeted
murder overlooks the fact that they can and likely will retaliate with
indiscriminate murder in return.
I bet people are less fond of drones when they start to realize other
countries have them as well.
Lets just stick to defense and make the NATO civilian infrastructure secure
against cyber attack regardless of what making that technology public might
do for what some people insist we should consider enemies.
--
Website: http://hallambaker.com/
--047d7b343ef29c236c04e84e3dc9
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Wed, Oct 9, 2013 at 12:44 AM, Tim Newsham <span dir=3D"ltr"><=
<a href=3D"mailto:tim.newsham@gmail.com" target=3D"_blank">tim.newsham@gmai=
l.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">> We are more vulnerabl=
e to widespread acceptance of these bad principles than<br>
> almost anyone, ultimately, =A0But doing all these things has won large=
r budgets<br>
> and temporary successes for specific people and agencies today, wherea=
s<br>
> the costs of all this will land on us all in the future.<br>
<br>
</div>The same could be (and has been) said about offensive cyber warfare.<=
br></blockquote><div><br></div><div>I said the same thing in the launch iss=
ue of cyber-defense. Unfortunately the editor took it into his head to conf=
late inventing the HTTP referer field etc. with rather more and so I can=
9;t point people at the article as they refuse to correct it.</div>
<div><br></div><div><br></div><div>I see cyber-sabotage as being similar to=
use of chemical or biological weapons: It is going to be banned because th=
e military consequences fall far short of being decisive, are unpredictable=
and the barriers to entry are low.</div>
<div><br></div><div>STUXNET has been relaunched with different payloads cou=
ntless times. So we are throwing stones the other side can throw back with =
greater force.</div><div><br></div><div><br></div><div>We have a big proble=
m in crypto because we cannot now be sure that the help received from the U=
S government in the past has been well intentioned or not. And so a great d=
eal of time is being wasted right now (though we will waste orders of magni=
tude more of their time).</div>
<div><br></div><div>At the moment we have a bunch of generals and contracto=
rs telling us that we must spend billions on the ability to attack China=
9;s power system in case they attack ours. If we accept that project then w=
e can't share technology that might help them defend their power system=
which cripples our ability to defend our own.</div>
<div><br></div><div>So a purely hypothetical attack promoted for the person=
al enrichment of a few makes us less secure, not safer. And the power syste=
ms are open to attack by sufficiently motivated individuals.</div><div>
<br></div><div><br></div><div>The sophistication of STUXNET lay in its abil=
ity to discriminate the intended target from others. The opponents we face =
simply don't care about collateral damage. So =A0I am not impressed by =
people boasting about the ability of some country (not an ally of my countr=
y BTW) to perform targeted murder overlooks the fact that they can and like=
ly will retaliate with indiscriminate murder in return.</div>
<div><br></div><div>I bet people are less fond of drones when they start to=
realize other countries have them as well.</div><div>=A0</div></div><div><=
br></div><div>Lets just stick to defense and make the NATO civilian infrast=
ructure secure against cyber attack regardless of what making that technolo=
gy public might do for what some people insist we should consider enemies.<=
/div>
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>
--047d7b343ef29c236c04e84e3dc9--
--===============6705325749218140244==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6705325749218140244==--
