10.12.12
Digital 9/11 Gall
This morning I was on the phone for an interview with Voice of America on Leon Panetta’s digital 9/11 warning at a “National Security Dinner” for business executives in NYC.
The mainstream news blotter on my PC had followed the usual script, dutifully repeating all the warnings about an infrastructure vulnerable to — potential Iranian cyberattack!
Ten years ago it was mostly always China that was named. And China is still a very favorite country to mention in Cult of Cyberwar news.
But as I’ve pointed out before, it takes a lot of gall to paint Iran as plotting to launch cyberattacks — the Shamoon virus being the star of this show, since it infected Saudi Arabian Aramco installations — when you’re the party who started the cyberwar.
While the US government has not acknowledged it, it’s no longer a secret that it has been quietly hard at work attacking Iranian infrastructure, and the networks of other Middle Eastern nations deemed unfriendly, with malware.
And it would come as no surprise if it had touched off a cyber-arms race and a retaliating clandestine war.
So since we’ve been poking Iran with pointed sticks in cyberspace for awhile, we’re really not in any position to summon outrage over malware on Saudi Arabian oil terminal networks.
We had to go and shit the bed so now we must live with it.
Look — it’s simple. Have good back-ups. Root, hog or die.
It’s worth adding, that the implication that Americans will wake up one morning and find the country, or portions of it, a smoking dysfunctional ruin due to Iranian cyberattack is about as disingenuous as can be imagined.
However, this type of rhetorical/political maneuvering is not new and Panetta’s speech is one in a historical continuum of warnings about digital Pearl Harbor that go back well over fifteen years. In fact, many American cyberwarriors, and computer security workers, were in rubber pants when they were first cranked up. We furnish the enemy of convenience, according to the time and conditions. The rest of the stuff about what they can do, embellished with the seasoning of computer malware incidents chosen from current news, follows automatically.
From the Wall Street Journal, on the Panetta thing:
Here in the U.S., attacks on large financial institutions during the last two months have delayed or disrupted services on customer Web sites. Secretary Panetta said the scale and speed of those attacks was “unprecedented??? …
While recent attacks concern defense officials, the worry is that there could be even more destructive scenarios. “We know that foreign cyber actors are probing America’s critical infrastructure networks,??? said Secretary Panetta. Those hackers are trying to access computer control systems that operate chemical, electricity and water plants as well as those that guide transportation systems, he said. “We know of specific instances where intruders have successfully gained access to these control systems,??? he said.
Secretary Panetta said the Department of Defense is finalizing the most comprehensive change to the rules of engagement in cyberspace in seven years. “The new rules will make clear that the Department has a responsibility not only to defend DoD’s networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace,??? he said.
What’s not explained here is that networked computers have been everywhere for a good long time. And that trouble-makers and malware invariably always get into them, sooner or later. Well over a decade ago, malware was found on a space shuttle computer, for instance.
And to catalog it all might fill the Library of Congress.
As for the attack-the-water meme, no a requirement of every story on the issue, DD blog has dealt with it decisively, many times. Most recently, here.
And, the “unprecedented” attacks on US giant banks, which made their web pages run slow or inconvenienced some doing on-line banking, a digital Pearl Harbor that somehow failed to bring the nation low, here.
Due to the continued abuse of public news on the issue by US national security men, the now constant use of fearful scenarios and predictions, the public is primed to react badly to even the most trivial incidents. People believe the country could be ruined through cyberspace because they have been told so many times by the Leon Panettas.
One understands fully why the Leon Panettas of our nation do this. They must. Since 9/11, everything must be described in terms of how it could be a potential American civilization-destroying catastrophe, or you are not doing proper due diligence. Many others would say there’s quite a bit of rote CYA-ism to it.
Trouble via the Internet daily will always be with us. It’s a risk that must be managed and, to a large extent, is — with great labor and struggle. But it has not been served by unleashing a state-sponsored malware attack on foes and then hypocritically complaining when someone has aimed a clumsy attack in kind back at you or an “ally.”
“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,??? said Leon Panetta, as conveyed by the Wall Street Journal.
But Iranian computers, or those in other countries caught in the splatter campaign by the Stuxnet program and its brethren somehow have gone missing in this calculation. Because they’re the bad guys and deserve it, right?
In the world of global network security, what you see depends on where you’re standing.
“The Shamoon virus attacked 30,000 Saudi ARAMCO workstations and replaced crucial system files with an image of a burning U.S. flag … That virus added false information that overwrote all of the real data on those machines,” reads the Journal.
Viruses that corrupt the disk. Hmmm, seems … old.
Restore from back-up. Pot, kettle, black. Resist primitive urges to increase hysteria on cyberwar and potential retaliations.
user_hostile said,
October 12, 2012 at 11:08 am
…”malware was found on a space shuttle computer…”
You might want to clarify that–I think you mean the laptops that were brought along the Space Shuttle or other ancillary computers.
I find it highly unlikely that the Shuttle flight computers would have been infected by a virus. The code had been written more or less in the 70’s and 80’s, and had a requirement of being bug free. AFAIK, the flight computers never encountered a single glitch that could be attributed to the software (the FC’s suffered a few hiccups: a bad solder joint and a clock hardware problem; another fault that occurred was never really satisfactory resolved, but then again, never reoccurred–but none could be pointed at the code).
Let’s remember too, how primitive the computer was: the original memory type was [I]iron core[\I], used a language called HAL/S (a derivative of PL/1) which was unlikely to be in a virus writers arsenal of tools, and that the code more or less had to be loaded by hand (again, AFAIK).
George Smith said,
October 12, 2012 at 11:37 am
Yeah. Oh, this was before laptops, anyway. It was probably a standalone PC, as I remember might have been a Word virus.
I could have mentioned the stink about the run-of-the-mill malware that wound up on the drone installation networks a year or so ago.
The larger point is fairly obvious, I think. If a very important person wanted to report a virus or malware on computers in infrastructure business or at government installations, it could be his only job.