Feeds

Cyber B52 strikes mooted as response to Chinese infowar

PHP is our profession...

Top three mobile application threats

But back to the National Journal. It had published an article entitled "China's Cyber Militia," one which fueled the paranoia of Dr. Strangelove crazies. The facts were all there for everyone to see, implied the magazine, and the Chinese "had possibly triggered two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts."

"Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention," reported the magazine. And then came the procession of private sector consultants, stating things were otherwise. The magazine's report was lengthy, working through the logic that the truth of a thing is determined by the number of Americans who can be found to assert it. In another manner of speaking, if one can fill a room with bull, hearsay and gossip, there's always a magic tipping point where it transforms into fact, like lead turns into gold when touched by the Philosopher’s Stone in alchemy.

To spend too much time arguing details is to be drawn into the deranged world of the American way of threat description. Absence of proof is not proof of absence, goes the slogan, and before you know it, you're off to war.

But long-time readers know how the cyberwar game has played for close to a decade.

By way of example, in November of 1999 the Washington Times published a front page story entitled "China Plots Winning Role in Cyberspace."

The hypothetical scenario of catastrophe was produced.

"China could launch a devastating computer-run sabotage operation by attacking U.S. oil refineries, many of which are grouped closely together in areas of Texas, New Jersey and California... A [Chinese] computer attacker could penetrate the electronic 'gate' that controls refinery operations and cause fires or toxic chemical spills," it was said.

For close to ten years, there has been a constant parade of characters peddling this manner of paranoid threat-assessment. Older names like John Hamre, Richard Clarke, James Adams or Michael Vatis have drifted away, replaced by younger characters, functionally equivalent. It has always been apparent that many were and are involved in a process which included fear-mongering and shakedowns for funding. It was a bipartisan activity, a constant small collective of experts and officials more accurately, if impolitely, described as mischief-makers and eccentrics massaging a part of the government/private sector security collaborative. The mainstream media has generally been a compliant enabler of them.

But what if in the space of ten years, it has just been a coincidence that we've been plagued by whispering pests from the professional doom industry? What if China actually has stolen a march and made fantasy into reality? Let's conduct a thought excursion and pretend it's all real, every last word, and the infrastructure is in danger of being torched, the lights turned out.

The cyber bomber gap

What would the United States do? Start carpet-bombing? Carpet-bombing, in this case, means having a force of cybermen and their own vast military botnet to launch DDOS attacks.

In "Carpet-bombing in Cyberspace," an article from the Armed Forces Journal, Col. Charles W. Williamson III writes "America needs the ability to carpet bomb in cyberspace to create the deterrent we lack."

There is a carpet-bombing gap in cyberspace, it is said. "We are in [a new arms race] and we are losing," asserts Williamson. China has the greatest capability for cyber carpet-bombing because "analysts think China has the world’s largest denial-of-service capability."

The US can offset this by investing in its own military botnet, sort of like not allowing the Russkis to take the lead in mineshaft digging in Dr. Strangelove.

When it comes to carpet-bombing a foreign country's cyberspatial infrastructure, the proper intelligence will be important, reasons Williamson. But no capability should be particularly restricted by details. If the US blows some puny country off the Internet and it turns out that their computers were only being used by others, the retaliation will have had, in any case, a warning effect. After all, a weapon has no deterrence if you keep it a secret. And besides, they'll probably have had it coming.

"Brute force has an elegance all its own," the man says.

Script fragment from a hypothetical remake of Strangelove: "Now, if we can speak freely, sirs, we think the Chinese flash a big game but, frankly, they're short on know-how. You can't take a bunch of ignorant peasants and expect them to understand a machine like one of our boys. If you see one of our cybermen from the Air Force - their slogan's "Above All" - they're really sharp. They'll barrel our DDOS attack in so low, you've just got to see it sometime!" (Manic stare, chomps cigar) ®

George Smith is a senior fellow at GlobalSecurity.org, a defense affairs think tank and public information group. At Dick Destiny, he blogs his way through chemical, biological, and nuclear terror hysteria, often by way of the contents of neighbourhood hardware stores.

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.