Security Basics mailing list archives
Re: military strike possible?
From: "Anders Reed-Mohn" <anders_rm () utepils com>
Date: Thu, 6 Nov 2003 12:15:28 +0100
Well, trying to keep this thread on-topic for the list, let's try to look at this: How likely are such disasters anyway? Can you really bring down the Internet at all? Is it worth considering such strikes? This got kinda long, so here's the short version first: Not very. No, not really. And if I am right, (but I'm often not), why would we bother (preemptively) striking against someone whose identity we can only guess at best, and whose potential for damage is manageable? Look at recent problems in critical infrastructure, specifically: electricity. Why does things like these fail? Well, as it turns out, nobodys managed to hack their way into systems critical enough for something really bad to happen. However, weather, over-consumption, and lack of maintenance have been shown to be far greater threats to the stability of this particular piece of infrastructure. While power companies have some systems that are internet connected, most of these are monitoring systems, and not control systems. And even if a control system was electronically knocked out, the supply of electricity can still be kept running manually. It is usually only for fine tuning that one needs electronic control systems. We computer nerds tend to forget that while 24x7 availability for us is right up there on the top shelf, next to the holy grail, power companies (and other suppliers of critical infrastructure) have run 24x7 operations since "the dawn of time". They know that reality beats the crap out of fiction, and they fight this battle everyday. And they have the experience, and systems, to avoid the ultimate disasters from a computer failure. As for chrashing the Internet, that is not as easy as it might seem. OK, so someone slowly spreads a worm to hundreds of thousands of computers. So what? Earlier attacks have shown that poor design makes worms choke themselves. Can worm authors avoid that? I don't think so. Yes, they will do damage. Big time. But the nice thing about computers, is that when they break, they don't physically break. Recovery time is therefore a lot shorter than after physical attacks. Also, it is practically impossible for a worm not to choke itself eventually. The reason is that the Internet is comprised of a set of central hubs (ISPs for instance). The hubs will necessarily give in before all other computers have, and the "disease" can be contained. The good thing is that all network connectivity will not disappear with the hubs. In fact, to prevent people, organisations etc. from communicating with each other, one would have to block the entire phone network. This is also true for physical attacks on critical Internet hubs. All the equipment, except for the ISPs that were bombed or whatever, will still be there, and a certain degree of recovery can be achieved in a short period of time. Think about it .. does your company really need to be able to communicate with every corner of the world, at all times? Some might, to work efficiently, but not to keep the basics running. Articles like the one the OP linked to only serve to fuel paranoia, which again fuels development of an artificial market for new security measures. Meanwhile, the real issues are just swept under carpet: 1. We aren't completely dependent on computers for critical infrastructure. Marketing only made us think we are. 2. Computer systems are generally poorly designed. Creating new stuff, that's just as poor, only in different ways, will not help us in the long run. And that completes todays rant&rave ... Cheers, Anders :) --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Re: military strike possible?, (continued)
- Re: military strike possible? Ansgar -59cobalt- Wiechers (Nov 04)
- Re: military strike possible? salgak (Nov 03)
- Re: military strike possible? Meritt James (Nov 03)
- Re: military strike possible? Jimi Thompson (Nov 03)
- Re: military strike possible? ~Kevin DavisĀ³ (Nov 03)
- Re: military strike possible? Gero Hesse (Nov 04)
- Re: military strike possible? Barry Fitzgerald (Nov 04)
- Re: military strike possible? Chris Boyd (Admin) (Nov 05)
- Re: military strike possible? J Kallberg (Nov 06)
- Re: military strike possible? Kelly Martin (Nov 05)
- Re: military strike possible? Anders Reed-Mohn (Nov 06)