Charlie Rose

UlysessThompson  10/05/2011 11:30 PM Report

According Mr. Rose, the U.S. is more dependent on its network infrastructure than any other nation, which makes us a much more lucrative target for cyber-criminals both foreign and domestic. This should serve as a wake-up call for U.S. citizens as well as foreigners that hold major investments in our infrastructure and/or currency.

One point mentioned by Adm. McDonnell is the division of authority within government. He feels there is a need by the current administration to integrate the components of national defense from a cyber-security standpoint. In this regard, I feel that establishing a cooperation of power would be a much more practical first step. In my opinion, consolidation of power is too risky and could function as a double-edged sword. Though it could improve the reaction time in the event of a major security breach, it could also serve to consolidate the vulnerabilities of the decision-making body into a single target for actors of espionage.

Regardless of how we as a nation respond to this issue, the fact that we're discussing cyber-security is a sign of promise.

matcheydj  10/05/2011 04:18 PM Report

Several important points were made during this conversation about the classification of Cyberwarfare, especially into categories of attack and espionage, as Mr. McConnell stated, and the further classification, made by Mr. Lewis, of espionage into traditional and economic categories. When evaluating Cyberwarfare, you do have to consider the possible motivations of a nation conducting a cyber attack. While the destruction of information by an intruder may cause the most damage to a system using those resources, as Mr. McConnell said about the banking system, the greatest common threat still lies in espionage. A nation like China, from where many cyber attacks originate, actually benefits from economic stability the world market, so it is unlikely they will sponsor a destructive cyber attack on another large economy in the world market. Even when considering the motivations of terrorists, they are more likely to concentrate on affecting human life instead of the flow of information, and they would probably use the channels of communication rather than disrupt them.

For a system that is based on the exhange of information, the internet is obviously more prone to espionage and the theft of sensitive information rather than its destruction. Also, it would seem that the key to gaining the secrets of another nation also lies in keeping the secret that you have gained that information. In both security (such as wartime communications) and economic circles, information stolen from the enemy gives you an advantage. If the enemy knows that you have stolen that information, they can prepare accordingly. If they don't know that you have stolen that information, they might continue to act as originally planned and give you the opportunity to use that information to your advantage. Sensitive systems need to be protected, not only by those versed in cyber security, but the people who have access to sensitive systems also need to be vigilant and ensure they don't make simple mistakes like picking up a USB drive of unknown origin and plugging it in to their work computer. Education is key, and possible methods of attack should be studied and known by all involved.

Colarik  07/03/2009 12:48 PM Report

Some points (and I have many more) that are missing from this discussion:

The first is the use of computer system attacks as a force multiplier. Collapsing the telephone/cellular/satellite networks just prior to a physical attack would cause panic and untold casualties by limiting the communication and coordination of emergency responders and civil defense authorities.

The second is that a unique identity on the internet or in the real world is NOT required to secure cyberspace. Instead, we need to secure everyone’s data. The only way this is going to happen is by NOT collecting and storing it indefinitely in the first place. This is contrary to these guy’s argument. Also, the communication channels between systems are not encrypted tunnels so the data in many cases is being sent in the open. The vast majority of breaches occurred when data was improperly stored or the communication channel was insecure. Securing data and infrastructure properly also eliminates most of the privacy issues at the time.

The third is if a country wants cyber warfare capabilities and is also in charge of securing the infrastructure of both public and private networks, the efforts will be in doubt because of split directives. Creating/encouraging infrastructures that let one perform warfare will ultimately undermine building an idea secure environment. It’s not a balancing act but a decision to secure all systems from everyone regardless of organization (business or government).

It seems to me that after 5 years of these discussions of which I have been a part of, we are still saying and doing the same things. With over a trillion dollars invested in the US telecommunication industry alone, it is not hard to see that our infrastructure is very close to becoming an unchanging superstructure.

We need to act now and act with everyone's interest or it will be too late to change anything.

thevoid  07/03/2009 02:09 AM Report

As a technologist myself I was very skeptical of this discussion. And to an extent my fears were confirmed. But a few good points were made. But there is one glaring misunderstanding, and it is certainly a generational thing. The whole premise was put in nationalistic terms. As nations attacking nations. Which I think does a disservice to anyone trying to understand the nature cyber security and the real threats. Does anyone really think that Microsoft cares where the threat comes from when trying to protect their site from the constant barrage of denial of service attacks they face daily. Is it really useful to know that an attack is coordinated from within a specific country? I don't think it has much material bearing on the problem.

No, the best strategy is to be coldly objective about security and the vectors of threat. To understand that threats are potentially everywhere. Granny's compromised PC probably is a node in a larger malicious botnet. To put this in terms of us versus them totally misses the boat. The threat can come from within and without. Real computer security is a matter of layers like an onion. We can't simply just put up a firewall at the border and think we are safe. The all nodes along the network are potential vectors of security threats. Real security experts understand this. To naively put this in terms of nationalism does a disservice to the monumental and important task of cyber security.

And Charlie, if you want to discuss cyber security you should get a real expert on to talk about the subject. I would start by inviting someone like Bruce Schneier.

What is interesting about t

nachtengel  07/02/2009 07:52 PM Report

The only safe computer, and computer that can remain safe, is one that is not plugged in. Period.

This was a quaint conversation with gentlemen that I am sure are aware of -historical- technology needs and initiatives, but I will address a few they mentioned...

Firstly, Even the NSA cannot break 128bit encryption easily with any speed of any kind, and even if they could figure this out in seconds, the backlog, like the backlog of tapes that warned of 9/11, would be so astronomical, it would not be feasible. We are now at a great divide (rich against the poor) where countries with very little infrastructure for us to destroy, are able to attack us at will with no recourse.

And this is all not just some "foreign" issue, in a deep dark basement of russia, this is an issue at home. What do you think the sons of the well known mobsters are doing these days? They are all on wall street, as investment bankers and so on, a fact that the SEC reported as one of their biggest concerns in the late 90s. They are also "cyber security" guys, who are well aware of the weaknesses of the americas aging infrastructure. I am sure a few years from now someone will do a wonderful documentary on it all.

Let me give you a story that I recently heard at a conference about how unstoppable this all is. As a promotion for a record release of a popular american band, a company left a single thumb drive in a bathroom on a urinal in Eastern Europe, with a very well obfuscated phone number and several codes, that you could only see if you did a few not so very obvious things with the single mp3 file that was on the drive. Within 3 weeks over 3 million people called the number. That number, and it's calls could have been set up to be a switch or catalyst for just about anything, from setting off IED's to sending sms's back to the phones, to charging $1000 a minute.

This example is one of a million creative ideas that frankly NSA/CIA/FBI could not think up in their wildest dreams, and could never in any way be pro active about. Needless to say with emerging and common technologies, like mesh networks, 128 or higher bit encryption as used in japan and elsewhere, and even older established things like Steganography and gigabit sized hard drives the size of a thumbnail, there is nothing this government could even begin to do for those who do not want to be seen or heard.

As or attacks, anyone can walk into any department store, library, or internet terminal in the country and set off viruses that would stop the internet in it's tracks. I was a sysadmin in a past life and their are thousands new of trojans, worms and other nasties everyday, constantly beckoning any single private companies firewalls or NOC, 24/7. And with more people toting around thumb drives, you don't even need internet access to launch these into a system these days.

REMant  07/02/2009 05:01 PM Report

I don't think you can discuss this usefully without getting into specifics, and I fear that there is a lot of room here for fear-mongering. It is not like nothing as been done. Means of cyberattack are discovered and countered daily by a very large community interested in preserving the Internet. In addition the govt is already spending enormous sums on private contractors to educate govt workers. Most likely, like intelligence in general, this will become less a matter of warfare, than a game.

ShalomFreedman  07/02/2009 04:19 PM Report

Michael McConnell revealed something here that I find astonishing. Perhaps those who know the Security world know this, but I did not i.e. The U.S. has a capability to know what is going on in the informational systems of every country in the world, to understand that is the military capabilities of every nation in the world. This is astonishing in part because it suggests that the U.S. does know where for instance Iran is in its nuclear program. It has broken the codes and has the Intelligence required to know what Iran is doing.

Another point. It suggests that the United States treats every nation in the world even its closest allies as potential adversaries.