Dailydave mailing list archives
Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki
From: Val Smith <valsmith () attackresearch com>
Date: Mon, 21 Mar 2011 19:43:23 -0600
There is a fundamental problem with this discussion. Those who actually work in the field of cyber-war (if it exists ;) can't comment, or can only comment in a vague way or one which disinforms. At least in this country and probably the others. Those who can and do comment generally have no actual 1st hand experience with cyber-war, and so really don't know what they are talking about (more or less). But if one were to guess, perhaps the cyber "weapon" is a component to a larger layered attack and that the existence of stuxnet doesn't indicate a singular event but a hint at something larger we really know nothing about. Kinda reminds me of blackhats and the rest of the worlds semi-lack of knowledge about them, with the occasional hint (zf0, h0n0, pr0j3ktm3yh3m, etc.) V. Who is the cyber-von-clauswitz ? On Mon, 2011-03-21 at 13:48 -0400, Ron Gula wrote:
I'm not sure I agree. Technically, sure, you can hack into things and take them out. However, comparing hacking to a cruise missile is a stretch. I can patch my systems today and your cyber-attack tomorrow is foiled. Or maybe I switch from Mac to Windows. A Tomahawk cruise missile is just as effective against a Russian radar system or a French one. Don't get me wrong - hacking, backdoors, denial of service, altering messages, decrypting sensitive messages .etc all have their place. I just think the categories are cyber intelligence, terrorism, espionage, sabotage or crime but not "warfare". We've been doing intel, terror, spying, sabotage and crime for a long time and the tools have just changed with the introduction of hyper-connected computers and targets. -- Ron Gula, CEO Tenable Network Security http://www.tenable.com On 3/20/2011 10:52 PM, greg hoglund wrote:I agree with you Dave. Cyberwar is technical. Granted, like any war, it must be backed by intel and psyops. But, like any war, the kills people see in the press are kinetic. Cruise missiles are technical, and kinetic. But, everything is backed by intel. Even missiles. In cyber, the importance of HUMINT far outweighs that of kinetic damage. The technology is new and different, but the classic principle applies. This war is not new. -Greg On Sunday, March 20, 2011, Dave Aitel <dave.aitel () gmail com> wrote:Paper Review Cyberwar as a Confidence Game Martin C. Libicki http://www.au.af.mil/au/ssq/2011/spring/libicki.pdf Here's the last line, which sums it up nicely: """ Building up our offensive capabilities is a confidence game. It says to those who wouldcompete inour league: are you confident enough in your cyberwar skills thatyou canbuild your military to rely on information systems and themachines thattake their orders? """ One thing missing from this paper is any evidence that this kind of logic (aka, Fear Uncertainty and Doubt in military information systems as applied to network centric warfare) has any real-world effect. Militaries (including our own) simply don't take these things into account when deploying new systems. But the main anomaly in the paper is simple: He treats Stuxnet as an aberration, rather than the tip of the iceberg that finally made the newspapers. And this leads him (and most other strategic analysts) to conclude that hacking does not have real world effects. I have to assume this is the WWII legacy of Enigma - where in order to take advantage of intelligence you had to go out and order your sub killers to go sink a boat. But just because hacking is tied to intelligence bodies in most countries, and staffed with people who look and act a lot like intelligence officers, does not make it the same thing. Hacking is as kinetic as a cruise missile when you do it right. -dave (This is a first in a series of posts where-in we all get to review the Strategic Studies Quarterly's Spring Cyber-War papers - http://www.au.af.mil/au/ssq/ ). _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Ron Gula (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Val Smith (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Yiorgos Adamopoulos (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dave Aitel (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki dave (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 25)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dominique Brezinski (Mar 25)
- Message not available
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Dominique Brezinski (Mar 27)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Michal Zalewski (Mar 27)
- Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki Val Smith (Mar 25)