- China pwns Britain?
- Britain's Snooper Charter to monitor social networking sites
- US Senate wants to regulate cyberspace
- Internet Fraud complaints up 33% in 2008
- PowerPoint zero-day in the wild
- Senator Nelson pwned (by China?)
- Multiple DNS providers under DDOS attack
- China pwns Australian Prime Minister (notice a pattern here?)
Saturday, April 4, 2009
Weekly Roundup
Subscribe to:
Post Comments (Atom)
4 comments:
As concerning as the possible repercussions on Britain that a deliberate Chinese cyber attack may have, perhaps as equally as disquieting is the lukewarm response on the part of British authorities to the potential threat. As the Times Online article points out, ministers in the British government failed to heed adequate attention to the dangers posed by China, regardless of continual warnings from the intelligence community. In fact, officials from the security and intelligence services have expressed their frustrations over their numerous threat warnings not being taken seriously by ministers in the time since the British government made its deal with Huawei in April 2005.
It is understandable that ministers may view the likelihood of an intentional cyber assault on Britain under the officially-sanctioned auspices of the Chinese government as being a remote possibility, given the current state of healthy Sino-British relations. However, a consideration of the probability of an official Chinese cyber attack should not undermine an appreciation for the weight of the ramifications if such an attack were to occur. Indeed, the fact that government, intelligence, and military departments, coupled with vital services like food distribution and water and power supplies are dependent on Huawei-installed equipment accentuates Britain’s vulnerability. Additionally, Huawei’s close ties to elements in the Chinese military, as evidenced by the fact that its head, Ren Zhengfei, was once the director of the telecoms research division of the People’s Liberation Army, should be cause for mild caution at a minimum, if not outright alarm.
Indeed, while fear-mongering and general distrust or antipathy towards Chinese companies like Huawei is certainly not the answer, British officials would be wise to at least note the potential security threat posed by China and hence should take plausible safeguards against a possible planned and prearranged Chinese cyber attack. Contemporary friendly relations between China and Britain does not change the fact that key facets of BT’s new network are comprised of Huawei parts that may have malicious components that could be activated by China at a future date. When any external force, even if it happens to be the closest of allies, is capable of wielding such an impact and consequent possible damage on the nation, it is cause for concern. Hence, the British government must begin to treat the apprehensions of its intelligence services with considerably greater seriousness.
Response to a Weekly Reading (4/6/09)
The article “Carpet bombing in Cyberspace” by Colonel Williamson presents an interesting examination of the potential development of Military Botnets for a distributed denial of service attack. Colonel Williamson raises convincing arguments as to why such a technology should be a goal for the United States going forward.
His use of the “fortress” metaphor was extremely successful in uniquely demonstrating the necessity for the United States to develop a more “pro-active” technique for coping with cyber terrorism. Just as stonewalls are obsolete to defend against modern weaponry, simple computer defenses such as firewalls and passwords will become ineffective as computer hacking techniques become more sophisticated and complex. Botnets are extremely difficult to resolve once they have infected a computer and therefore using a military botnet to disrupt an adversaries’ computer before they are able to render an attack seems to be the best approach.
Although I think Williamson makes a strong case for a military botnet there are definitely consequences and dangers of a military botnet, no matter how much safer they would make the United States. Safeguarding the military botnet after it is developed will be a monumental task. Creating a military botnet also creates the risk that a laptop with the military botnet could be lost or stolen. The security needs to be in place to make sure a scenario like this does not occur.
Overall, the issue of a military botnet illustrates the growing political importance of cyber-security. Whereas in the past international diplomacy centered on such things as territorial disputes and standards of treatments for prisons, the rapid development of modern technology warrants new agreements and protocol. The threat of cyber terrorism raises a host of new policies and debates, as Williamson states, “How do we explain to our best friends that we shut down their computers?”
This has been touched on by Arman and Brian, but it infuriates me so much how people interpret probabilities and statistics that I had to elaborate on this thread.
In the Sunday Times Article I would like to point out a quote that has led to many of the recent chatatrophic decisions of the past several years in the world of high finace.
The following was written:
"A Whitehall report is understood to warn that, although there is at present a “low” risk of China exploiting its capability, “the impact would be very high”."
Now, let's think about what this means. Statistically, one would assume that such an event is so low that it would be an overaction if the government was to take aggressive action when warned about this threat.
Unfortuatley, this mirrors what happened in the markets... and is talked about in great lenght in an amazing book called The Black Swan, by Nassim Taleb. If I told you that there was a 70% probablity that China would not attack,and therefore you could build your contries infrastructure 1% if it doesn't happen that leaves you with a (70% x 1%) expectation of .7
Then, I tell you that there is a 30% chance that China will attack you, but if they attack you China will damage 10% of your infrastrucutre. This leaves you with an expectation of (30% x -10%[negative 10 for the destruction part) or -3.00 expectation. Therefore, your total is -2.3...
You could do this all day with much more convincing statistics. I could say there is a 99% chance that they won't harm you, but if they did it would damage 25% of the infrastructure....
I think it's much wiser for the government to sacrafice a little money (Marconi should have received the contract, not Huawei), and "governent policy on competition" to protect the huge downside instead of betting that the extreme event with low probablity will never happen.
Remember when the probablity of the housing market and the stock market crashing was really low. Well, it still is, but is anyone going to want to wager a massive bet against that after many people have been wiped out in the past year?
Neglecting even the slightest chance of catastrophe is the recipe for demise. The Chinese and the British might have a strong relationship, but isn't it best to get to know our enemies before we attack?
The BBC news article Social Network Sites ‘monitored’ discusses controversy over the UK government’s desire to monitor social networking sites, such as Facebook, Bebo and MySpace, to further protect its citizens. A spokesperson for the Home Office of the UK claims, “The government has no interest in the content of people’s social network sites and this is not going to be part of our upcoming consultation.” However, any glance at history proves that governments just like people are apt to change their minds at anytime. In February 2’s reading No Place to Hide: Behind Scenes of Emerging Surveillance Society, Robert O’Harrow, a reporter for the Financial and Investigative staffs of the Post, highlighted many internet privacy harms including secondary use. Secondary use is precisely one of the things that make persons using social networking sites such as Facebook fear the UK’s desire to monitor the information they choose to put on their sites. In O’Harrow’s article, an example he gives of secondary use is the CAPS II airline passenger screening program. The original intent of this program was to screen passengers for terrorists only, but soon politicians and law enforcement authorities wanted to use the program to also screen for criminals and illegal immigrants. Yes, now the UK government claims to have “no interest in the content” but they might find that the information might be useful in some future endeavor, and if they already have the information, what is to stop them from using it? This is why Liberal Democrat MP Tom Brake is not comfortable with the government getting their hands on very personal information, such as “sexual orientation, religious beliefs, and political views,” that are very often chronicled on social networking sites.
I, however, believe that the government should have the right to monitor these social networking sites because they could use this information to protect me from terrorists and criminals, who are using these social networking sites with malicious intent. Even if the government did decide to take an “interest in the content” of my social networking page, I do not put anything on Facebook that is too personal because I realize that is already very easy for anyone to access by Facebook page even with the site’s security features. People should not put anything on social networking sites that they really do not want to be available to the public because it is general knowledge that the internet is not the safest place to store information.
Post a Comment