Feeds

back to article Forget the word 'cyberwar' says Marcus Ranum

Security veteran and CSO at Tenable Marcus Ranum has made a plea* for the world to stop using the expression “cyberwar”, for the very good reason that there's nearly no way in which it resembles war in the physical world. “How can you call something a domain of warfare when the most important properties of warfare cannot …

COMMENTS

This topic is closed for new posts.
Silver badge

An old story

“Anyone talking about cyberwar is trying to enlarge their influence,” he said.

That'd be the US then.

There are, he added, a lot of people in the US military concerned that “someone's going to ask 'why do you have all this expensive cyber security stuff, when you keep getting owned by 14-year-old kids?'”

The emperor has no clothes.

10
1
Silver badge

Re: An old story ..... but Nowadays in the Future, Clothed in a Cloak of many Covers

Quite so, Ole Juul, .... the stupid wannabe enemy is naked and has nothing to offer and be afeared of in the realm which he can only daydream of controlling and empowering with zeroday vulnerability exploitation and exports ..... for they be virtual intelligence light, and that be a crippling deficit in the smarts needed to lead with feed and seed in the Cdomain*/CyberSpace. Methinks though that the US has the UK and other westernised nation states/complicit and colluding allies keeping them company, but that would be cold comfort for them as systems collapse all around them for want of an Advanced Intelligence with Creative Command and Cyber Control in Alternate Reality Games Fields, which are not theories but the real thing.

Anybody who uses the word "cyber" in a supposedly serious conversation ...... can always be safely ignored as being someone completely clueless about how the nuts & bolts of computers & networking actually work. ....jake Posted Monday 27th May 2013 04:42 GMT

Beware and/or be aware, jake, that there be those who would choose to use the word "cyber" in a supposedly serious conversation to be safely ignored as being someone completely clued in about how the nuts & bolts of computers & networking actually work. And that be ...... well, Real Spooky Stealth is apt, methinks, and in an APT App, quite the SMARTR Bundle to Trundle and try to Rumble/Reverse Engineer. :-)

* And just what is the current Chief, Sir John Sawers, doing in the Cdomain ..... https://www.sis.gov.uk/about-us/the-chief.html? Anything useful and Great Game Changing or just the same old Tommy rot to match Parliamentary.Gov.UK and Team M's woeful performance?

Does one need to send them all an engraved formal invite for them to realise what needs to be done, with that which knows how to do what needs to be done, with IT and Media Manipulation of Reality? Are they really so slow and dim-witted/blinkered and brainwashed?

3
1
Silver badge

Re: An old story ..... but Nowadays in the Future, Clothed in a Cloak of many Covers

"And that be ...... well, Real Spooky Stealth is apt, methinks"

THAT paranoid isn't something that I aspire to.

0
0
Silver badge

Paranoia ...... That old story which renders the fool their enemies, and shadows to fight?

Methinks it be, Jake, in the SMARTR IT and Manipulating Media context in which it be shared and would be referring to, more euphoria than paranoia. I can, however, appreciate that others may be more than a little concerned and even seriously worried and bloody terrified about developments in the virtual realm and over which they have absolutely zero control or power input/output.

To such as those in the more traditional and conventional spheres of influence, who be now practically helpless and increasingly defenceless and in need of cyber intelligent security and virtual protection, can one only advise that they make valuable friends of that which, and those who, are SMARTR Enabled in, and in Cyber Command and IntelAIgent Control of EMPowering Systems. IT is not rocket science, such common sense, is it?

0
1
Silver badge
Pint

@amfM1 (was: Re: Paranoia ...... That old story which renders the fool their enemies ::snip::)

Bug in script ... Too much use of "be" where "are" would be more appropriate.

"IT is not rocket science, such common sense, is it?"

No, IT isn't rocket science, IT's the appropriate use of tools in the modern networking environment. "Common sense", however, is neither.

"Such" in this context looks like another bug in the script ... Shirley you meant "common sense, isn't it"?

You're fun to (try to) parse, amfM1 ... Carry on, and this round's on me :-)

(Sorry for the ::snip:: in your titlesubject line ... ElReg doesn't like long titlessubjects.)

1
0
Silver badge
Black Helicopters

Re: @amfM1 (was: Paranoia ...... That old story which renders the fool their enemies ::snip::)

I think the use of "be" instead of "are" indicates that AMFM1 is being a pirate this week - or s/he/it is somewhere in the West of England. Now, where might an AI be found in that neck of the woods?

Shit, helicopters are hovering ....

0
0
Silver badge

Anybody who uses the word "cyber" in a supposedly serious conversation ...

... can always be safely ignored as being someone completely clueless about how the nuts & bolts of computers & networking actually work.

6
0
Silver badge
Joke

@jake

Each to his own, but I'd rather not ignore the webmaster of the Doctor Who website when he's sharing new information about the cybermen ;-) I also don't think he's clueless.

1
0
Bronze badge
Gimp

Re: @jake

Cyber war...

Cybus Industries versus Mondas

0
0
Silver badge

He sounds like a very sensible man,

so he will be mostly ignored :(

5
0
Bronze badge

Re: He sounds like a very sensible man,

Par for the course sadly.

If you haven't checked out his site, do so. There are some good musings on topics all and sundry, an excellent debunking of the Kennedy conspiracy, and an extensive photo essay of a trip to Chernobyl.

1
0
Bronze badge

Re: He sounds like a very sensible man,

He's got a good point, and thus you're bang on the money.

0
0
FAIL

Oo yes, let's all become taxonomic experts

I can't figure out if this guy is a troll or actually believes this nonsense. No one consults a checklist of properties before calling something a 'War'.

It's called a War because the US is a martial society and calling something a War is an easy shorthand for 'an extended struggle that will take time, money and commitment from everyone'

1
6
Silver badge
Thumb Down

But... MUH Cubersecurity

'an extended struggle that will take time, money and commitment from everyone'

You mean an extended taxpayer-funded stupidity that will transfer wealth from the populace to military welfare queens and government-danger-close contractors who will deliver total bullshit for tons of dosh, sorry "monetized debt which we owe to ourselves".

You may also get boring cretins on the speechification circuit and even more boring books about cybergeddon, but that's par for the course.

Do you want freedom fried with that?

6
0
Anonymous Coward

Re: Oo yes, let's all become taxonomic experts

'an extended struggle that will take time, money and commitment from everyone'

"an extended pork fest that will convert tax funds into large incomes for a select few"

There, fixed that for you. Modern wars are mostly avoidable, but how else will you be able to grab deeply into any nation's coffers without too much scrutiny, steal resources of another to make even more and pass "emergency" laws that never would get a single vote in peace time?

5
0
Bronze badge
Facepalm

Re: Oo yes, let's all become taxonomic experts

> I can't figure out if this guy is a troll or actually believes this nonsense. No one consults a checklist of properties before calling something a 'War'.

You obviously have no clue about Ranum. He is one of the few actual security experts - to the point that when he disagrees with Bruce Schneier I take very careful note of what each has to say, it is no mistake that their site bookmarks are next to each other on my compy. I'd put my money on him knowing more about the history of warfare than most US generals. He apparently also knows a thing or two about networks (read this sentence very ironically).

His point is that by referring to it as warfare we mislead ourselves as to how to deal with it, particularly the FUD that allows know-nothings control the 'fight' against when the true issue is how we set up and operate our networks.

Perhaps your disdain comes from the fact that he is what most IT-geeks think themselves to be in their dreams, but this guy lives it. To wit, master hacker, gun enthusiast, photography hobby including but not limited to erotic nudes of seriously hot models... and people actually listen to what he has to say - at least people who know what's good for them.

3
0
Bronze badge
Flame

Re: But... MUH Cubersecurity

> Do you want freedom fried with that?

Do you mean "freedom fries"? Or are you actually referring to the frying of freedom?

0
0
Bronze badge

Alternatively...

could it not also be a war if your intent is to deprive the other side the use of some significant resource?

Seem to recall a few decades ago there was a 'Cod War' and before that a 'Cold War'.

4
0
Anonymous Coward

Re: Alternatively...

Funny that they always need new titles. Calling it "War on voter's rights and tax revenue" would cut down significantly on the stationery bill..

7
0
Silver badge
Thumb Up

This! (was Re: Alternatively...)

There is also 'Economic War', 'Resource Wars' and 'Water Wars'. The reasoning this guy uses is like saying that the term "Infantry War" shouldn't be used, as nowadays you can't win a war using just foot soldiers. As much as I dislike the term Cyber war, it comes handy to describe just another tool for waging war.

And it's a useful tool to boot. If you sabotage enemy transport and telecom networks, steal Intel or plant false information by subverting enemy computers and networks, you're probably saving on other resources, e.g. foot soldiers.

4
2
Silver badge

Re: This! (was Alternatively...)

I forgot to add that Ranum has a valid point -sort of-, in that there is a big difference between this and other tools for war and people in charge should treat them differently. But this is also obviously true for other 'XYZ War' concepts, something that becomes painfully obvious when a country doesn't know the differences between e.g. Infantry and Cavalry.

2
0
Bronze badge
Headmaster

Re: Alternatively...

I dunno - is it war if I steal your car? That's a 'significant resource', shirley?

I don't think war can be adequately defined by the intent of the instigator. You also need at least some consideration for the nature and organisation of the participants, the scope of the conflict, and the criteria that might allow you to decide when it starts and ends.

0
0
Bronze badge
Unhappy

Scared people will gladly give away their rights

Calling it a war creates an image in the sheeples' minds that makes greater government cyber-intrusion more palatable. Ditto the "Global War on Terror." Or the "War on Drugs" that preceded both.

6
0

Win?

Ironic, this, on the US Memorial Day (our version of Remembrance Day). "A land war, he said, includes the ability to win." that would describe the Great War, you know, the War to End All Wars, the War to Make the World Safe for Democracy. The one that led directly to WW II. Doesn't make it likely this will all end well, does it?

1
0
Silver badge
Coat

Goodbye to the Cybers

Cyber war is about the capacity to rid the other side of their Cybers. If you are not a Cyber then you have nothing to worry about.

Cybers and Cyberling should not panic, they should mearly head off to the closest Cyber shelter where they will be cared for by the RSPC. ( Royal Society for the Protection of Cybers)

0
0
Silver badge

War ... what is it good for?

> What does the concept of victory mean?

Same as it's always meant - to be able to impose your will on others.

This guy does seem to be on a bit of a rant - asking questions that any sixth-form debating team would have got bored with years ago. Cyber war, Economic war ... who cares? It's a conflict and the people in charge like to call it a "war" because that means they can suspend the usual civil liberties: "Don't you realise ... we're at WAR!" and not have to worry about due process, legality or any of the other attributes of civilised living that gets in the way of achieving their goals (whether those goals are worthy, just or desirable - or not).

As for who wins? Jeez, talk about asking the easy questions. The winners are the arms (or IT) suppliers, duh!

1
3
Silver badge

@Pete2

"> What does the concept of victory mean?

Same as it's always meant - to be able to impose your will on others."

Careful there; you make an awful lot of assumptions here. Because 'victory' could just as well mean successfully defending yourself against an oppressor.

2
0
Silver badge

Re: @Pete2

"Because 'victory' could just as well mean successfully defending yourself against an oppressor."

Thereby enabling the current ruler to continue imposing his will on the people who fought for him, instead of the would-be conqueror's will. The term "oppressor" is highly subjective, the more so the higher up the social ladder you look. War is, and has always been, about who gets to be boss. For the common serfs, who simply want to live their lives, till their fields, ply their trades and watch their football, war is an unwanted menace because for the most part they don't care who is boss so long as they can live their lives, till their fields...etc.

It reminds me of an Aesop's fable I read as a kid: A farmer had his horse hitched to the plough and was tilling the soil ready for planting, when he saw some enemy soldiers running across the field, shouting and waving swords. In a panic, he unhitched the horse, mounted, and told him to gallop for his life. But the horse refused to budge. "Tell me," he said, "if the enemy takes over this farm, do you think he would make me plough twice as long, or carry a double load?" "I shouldn't think so," answered the farmer. The horse then replied, "Then what matters it to me what master I work for, so long as I only have to bear my normal burden?"

I won't include the "moral" because in this case it's pretty self-explanatory.

0
0
Mushroom

Nonsense. It's not a war if no-one can LOSE

There have been many instances of wars which no-one could win.

What you can't have is a war in which no-one can LOSE.

"Winning" for the military meant any of three things when the fighting was done:

- Control of the field of battle

- Inflicting greater destruction on the enemy than he did on you

- Achieving your war aims and frustrating those of the enemy.

Suppose the fighting just petered out over centuries, or didn't stop before a third force squashed both sides, or no-one controlled the field of battle (usually because a truce held), and destruction was equal on both sides, and no-one achieved their war aims.

Try the Quasi-war, or perhaps the War of 1812. The US started it, the Canadians say they won it (US troops were kicked out of Canada), the Americans say they won it (the British attacks on the US, however successful and damaging, were just raids), the British say no-one won it (the last battle gained by the US didn't happen till after the Treaty of Ghent ending hostilities, because it took months to get word to the forces in the field) and anyway they had bigger fish to fry.

2
0
Mushroom

Greetings Dr. Falken...

A strange game. The only winning move is not to play. How about a nice game of chess?

2
0
FAIL

BOLLOCKS

When I come with my F16, send a 3,5 Watt powered pulse train* into your SA-300 and from that point on your S-300 is as blind as a mole, then Cyberwarfare does exist. Because I can then fly at 3000 meters over your nice S-300 and drop a dumb bomb on it and your air defence mole can do absolutely nothing about it. It will be a fragmented air-defence mole after the explosion of my dumb bomb. Something (though not exactly) like this happened some time ago and I leave it as an exercise to the reader to look up where.

Some other guys had a nice little device mounted on their F4s, which would break the opposing side's crypto and inject a false message into their air defence/control systems to label itself a friendly Mig21. The guys even tried their system with success by an excursion to Dresden instead of going to Spain, as commanded.

* Think of a buffer overflow, dangling pointer or something equivalent. Modern radars are essentially highly complex algorithms which easily rival things like PDF parsers. Plenty of "attack surface".

0
2
Anonymous Coward

Ramblings of an idiot

Biggest load of drivel I've read of here in a long time.

“How can you call something a domain of warfare when the most important properties of warfare cannot properly be applied to it?” - I would point you to a very well presented presentation from BlackHat 2013 "Legal Aspects of Cyberspace Operations by Robert Clark"

“What does 'winning' even mean in cyberspace? - Depriving or disruption of a countries critical national infrastructure or resources

“The dymanics of warfare simply do not apply in cyberspace" - The dynamics of TRADITONAL warfare do not apply. This adds nothing to his argument.

"You cannot cost your attacker so much that they can never come back,” - So what? This cannot be done in traditonal warfare. Countries can rebuild and recoup resources. Have you not heard of world war 2?

0
1
Bronze badge
Holmes

Re: Ramblings of an idiot

> Depriving or disruption of a countries critical national infrastructure or resources

Yet to be done on a consistent and persistent scale - see Iran, many experts believe that Stuxnet may have helped them in the long run by pointing out holes in their defences and by investigating they will have learned more about the disrupted systems.

>The dynamics of TRADITONAL warfare do not apply. This adds nothing to his argument.

Nor do the dynamics of guerila warfare which is the most pervasive form of warfare throughout human history.

>So what? This cannot be done in traditonal warfare. Countries can rebuild and recoup resources. Have you not heard of world war 2?

Have you not heard of the Marshall Plan? Strike 3, your outta here.

1
0
Bronze badge

Interesting article. By the definitions outlined in the article, one can say that a nuclear war is not a war for the very same reason.

So, by definition, a nuclear war does not exist. Hence, dropping a nuke isn't an act of war.

Or something.

2
0

This post has been deleted by its author

Terminator

It's war

The guy is a twat.

One primary aspect of warfare is that it causes damage. If played according to the rules then that damage affects only the military of the other side. If played not according to the rules (as happened in every war that has ever occurred) then it affects civilians too.

It's warfare. Doesn't matter whether it fucks up the SCADA of electricity generators or fucks up bank accounts, it's warfare. Here's a big fucking clue: whether you demolish essential infrastructure with a cruise missile or a virus, the effects are the same.

1
1
Bronze badge

Re: It's war

I agree about the electricity infrastructure, but no one has successfully owned a bank in such a way as to do more than cause some irritation, most of us can wait a week for balances to get sorted out. And if attacks are not persistent and damaging, then it is more akin to vandalism or theft - ie: crime, not war.

1
0
Bronze badge
Thumb Up

Sounds like a helluvan idea...

...as long as we can also stop the media from trying to sound cool by sticking the prefix "cyber" in front of everything.

Still, you have to admit that "cyberwar" sounds a helluva lot less cheesy than "Electronic Pearl Harbor".

0
0
Bronze badge
Big Brother

Re: Sounds like a helluvan idea...

And more sexy to electronics (semi)power-users and pundits than Computerized Smash and Grab or Digital Delinquency. On second thought, maybe I have a future in media fear-mongering.

0
0

Of course somebody can win

The bad guys are winning because they are stealing billions of dollars in money and goods, stealing other people's identities and personal info., disrupting business and government ops, etc. So yes the Crims are winning the war and everyone with a clue should be outraged and supporting all efforts to convict these cyber crims.

0
1
Bronze badge
WTF?

"topological"? Really?

If any battle realm is going to be called "topological", surely it would be networks, not our fair hills and dales, mills and swales. Maybe he means "topographical"?

1
0
STZ
Stop

Ivory tower: "Cyberwar is no war ..."

To the promoters of funny thougths from the ivory tower:

If an enemy suceeds in blocking/destroying most of the infrastructure of a nation, then that nation cannot go to war. Does this mean that then there will be no war ? No.

Quite contrary, it means that then war comes to that nation, and it also means that this nation has already lost that war.

How can a nation survive and defend itself without electricity ?

And how come that we have so much Windows and plain vanilla Linux, each having thousands of known vulnerabilities, in our most critical IT infrastructures ? Are we just fools ?

1
0
Devil

Not war

When you use the means at your disposal to attack civilians rather than soldiers, we usually call this terrorism rather than war.

So cyberterrorism would be a better term than cyberwar. Now it's for the Americans to justify their budgets and resources dedicated to terrorism.

0
0
Devil

Ok, I will agree that the term Cyber War is nonsense. But the correct term is cyber warFARE, and can do a heck of a lot more than what is let on.

First step in any war, especially modern war, is to engage is degrading the command and control communications necessary to confuse and cut off the enemy's capabilities to communicate sith troops on the ground, coordination of artillery strikes, air strikes, naval strikes, missile strikes, etc. Do we use the telegraph today? Tin cans and string? Or are the modern armies of the world using something more sophisticated?

Next degrade the capabilities to resupply. Certainly causing havoc via hacking or malware in the enemy's electrical grid, oil production, even factory assembly line processes would foot the bill for that, right?

How about satellite signal disruption? GPS trickery? Intercepting sensitive communications via malware?

This is not Cyber War, as no such thing exists. However, as a part of war, cyber warfare is becoming an increasingly important element of a military arsenal. Why drop bombs on RADAR installations when you can screw ball the RADAR network and field communications for a fraction of the cost, and at immense speed?

Yes, costs are involved in attempting to secure critical networks to assure a military can effectively communicate and track enemy movements, while the civilian factories can produce replacement weaponry, et al. As we evolve technically, costs will be incurred there too.

0
0
Bronze badge

Marcus is full of fail.

Maneuverability is a requirement? Really? So, if the US launches 100 warheads and obliterates some country, would that not be considered a war?

War has many faces. The typical goal being to force your opponent to take (or stop) some action. In other words, it is a political tool. Usually the acts in war are to deny certain resources to your opponent. For example, taking away access to the ocean to create hardships in transferring goods.

Is it possible to "win" a cyberwar? Absolutely. If you can deny use of computer resources to a reasonably advanced foreign entity then you can bring them to their knees.

Regarding defenses that work: sorry, but I'm sure the Indians had few defenses when the conquistadors went to south america on their boats and shot them. Does that mean a war didn't take place? No. Did those same attackers have defenses against guns? Not really.

Straw man argument all the way through and total fail.

0
0
Bronze badge
Facepalm

>Straw man argument all the way through and total fail.

Glad you recognize the holes in your thesis.

>If you can deny use of computer resources...

If... you fail to comprehend metaphor, you may... use weasel words instead of making a coherent point.

So as soon as that advanced country shuts off internet access to the outside, how does the enemy now deliver their payload. Stuxnet was some serious programming planning and involved some human assets. They will never again pull this type of attack off so cheaply, either in terms of code or men on the ground. And that was the US and Israel vs. Iran. Now how likely is it when the tables are turned? Most the targets can be taken offline by the operators quite quickly and continue to operate.

0
0
This topic is closed for new posts.