Bruce Schneier is a twit
If terrorists bring down our phones, it will include phones used by banks, doctors, transports and who-knows-what. I would get pretty damned worried.
The head of the FBI warns that the threat to the US from online attacks will shortly become greater than that posed by terrorists. "In the not too distant future we anticipate that the cyber threat will pose the number one threat to our country," the FBI's director Robert Mueller told delegates at the RSA 2012 conference in …
I'd be interesting in hearing the context for that quotation. If it's what I think it was, Bruce continued by saying,“building tanks does not mean you fear you could be overrun by a military force right now. It pays to build tanks and it pays to prepare for cyberwar, but I don’t believe that’s a fear we should worry about right now...It’s very easy to invent scare scenarios but this does not mean we should actually be scared by them.”
The loss of phones is an inconvenience, yes it could impact ambulance support and have major economic effects, but it is not that big a worry.
Take down electricity grid and then you are talking serious problems - no heating (no gas pumping, and most gas boilers *need* electricity anyway), no fresh water (remember the electric pumps?), no petrol after a day or so as cars run out and the station's pumps are down, little hospital service once the local stock of diesel for the back-up generators runs out, shop food runs out due to transport fuel shortages, etc.
Now can we get back to the more pressing issue of muppets putting SCADA systems on-line (and mostly Windows-based with often unpatched/out of data software on them) in utilities to save costs and thus exposing essential infrastructure to on-line attacks?
Taking down the phones these day means a bit more than just not being able to call your mother or spouse for a chat. When they say "down" you have to assume that means more than a couple of hours, and "down" also means you've lost all or most of your cell coverage. Given the current integration into the internet, it's also going to take down a fair chunk of that as well. Now you are into the territory where problems start to arise. Couple it with a little coordinated direct action and it is a recipe for riots.
Is it as bad as setting of a nuke in downtown old Detroit? No, but it's not exactly only an annoyance either. The problem is, on one side we have the pols going all Chicken Little to pump up their funding, and on the other side they go all Little Orphan Annie about the real threat to compensate.
It seems reasonable to me for the FBI (or their local equivalent for your country) need to increase the number of people dedicated to fighting cyber-terrorists, possibly with an increase in overall funding as well. Whether it is some sort of attack on infrastructure or just as a recruiting tool, it is an environment that is too easy for them to access and leverage for them to ignore. So we shouldn't either.
And yeah, they need to do that at the same time they need to address the SCADA issues too.
I think I'd be a little worried, too, but he does have a point in that we should not be fearful. In all the time that the IRA and the latest brand of twats have been trying to terrorise the British population, they've only managed to terrorise the government (and that only in recent times, it seems). The general population sees it just as an inconvenience.
The same with on-line threats. We won't fear them, but the government should be concerned where national infrastructure is concerned.
But the big lesson from terrorism is that the best approach is to focus on the people who are a threat and on their methods, and to treat the general public as part of the solution, not as part of the problem.
"In the not too distant future we anticipate that the cyber threat will pose the number one threat to our country .. We need to take lessons learned from terrorism and apply them to cybercrime".
We want a bigger budget and we're using cyber terrorism as a pretext to spy even more on our own people, who are the real threat to the corpo-facist regime that's currently running the USA.
Strange as it may be, I'm with him on this one - cross border problems are typically the best getaway for any criminal activity.
Where you are right is that such a mechanism needs a much more transparent and deeper level of oversight so it doesn't get abused. A *lot* of law enforcement would get an easier ride if they enabled supervision and transparency. Any attempt to avoid that MUST be investigated - there is actually surprisingly little that truly deserves the "national security" disclaimer.
So, yes to the concept, but a harsh "no" to any implementation that doesn't enable the required transparency and accountability. Law enforcement has been accorded special privileges to do their job - it is important that they are never seen as rights. The good guys will have no problem with that, the sooner the bad guys in the system are exposed the better because trust in law enforcement has never been this low - and with reason.
Terrorism never quite was the threat it was purported to be, certainly not worth most of the security theatre, the worries and the money spent on it. If "cyber" (to use the "hello, I'm a nitwit from the government" term) is to be bigger than that in threat, it has to do but very little. And the IT security industry is mostly about holey cheese already anyway, still lagging in structural.
It's frightening how soon people'll feel they won't be able to live without the latest, be it twitter, facebook, or even just the old mobile phone. I've watched that from up close in horrified fascination when a fellow student had to call his friends for just about every little task he was to do... on a computer, with a fully-fledged internet connection at hand. That was now over a decade ago. The connectedness is worth quite a lot, but I'm with Schneier, if we lose it, we'll live and adapt. Most of us anyway.
In fact, I'd expect emergency services to be robust against that sort of loss of communication, and so they regularly should practice without electricity, with a simple paper shop. I recall the story of an army in WWII needing to pass some particularly imposing mountains, and for that had to load everything including administration on donkeys, and thus had to ditch everything but the most essential of essentials. The general didn't mind, it streamlined the paperwork wonderfully.
Just keep reading and over the next five years you will find out that cybercrime is so far ahead of the authorities there ain't a snowball chance in Hell of curbing it's growth in this lifetime. All authorities can do is prosecute and incarcerate as many cybercriminals as possible and employ new techniques to catch them faster.
Fighting cybercrime will create new jobs for forensic experts, prison construction, etc. and improve relations between authorities worldwide as they try to slow cybercrime that knows no boundaries.
Yes. I and others have known that we have been in a world war of cyber crime for at least the last ten years, and it is so far along now that the only way to win is to change sides.
Governments need to stop trying to jail everybody for exercising their RIGHTS, adn needs to stop blowing things out of perportion, such as calling simple web page defacements "Terrorism".
The more they tighten their grip, the more star systems will slip through their fingers.
The authorities should hire Sean Timarco Baggaley, the self-proclaimed expert who has been using Windows and Macs for decades without ever having had a virus, trojan, or any other form of malware on either.
Just ask him and he'll tell you - http://forums.theregister.co.uk/forum/1/2012/03/02/trojan_attack_tool_targets_hacktivists/
I agree with the head of the FBI but IT does offer them Great Opportunities in League with Logistical Support of Key Team Players ..... Immaculate Drivers of Perfection for that is the Future Search Path Way into a wholly different and certainly most engaging, holy interesting perspective atmosphere..... Virtually Real Space Place. ....... where Alternate Reality Games, Produced for urEdutainment and Passionate Enjoyment, Lead Reality Followers to Heavenly Lands Discovered with Separate Spaces United.
Nonetheless, they are the first attacks on the AES that have broken through the psychological 2100 complexity barrier, which may motivate cryptanalysts to pay increased attention to the AES in the coming years. ….. http://eprint.iacr.org/2011/710.pdf
Now that is what AI call a Disproportionate Misunderestimate of Quantum Legend Dimension/Virtually Infinite Scope.
From the paper "An organization able to spend one trillion US$ (which is roughly a single-
year defense budget of the US [38]) for designing and building a large-scale supercomputer based on such optimized processors could theoretically break the full 256-bit AES in a time frame of as little as one year when using RKC or another attack of similar complexity."
One key per year for US1T$?
Methinks it would be cheaper to buy-off/bribe practically any organisation (or small country)!
Methinks better value is rendered with the designing and building of large-scale supercomputer networks based on such optimised processors ....... although they are most probably autonomous self actuating and a Current Present Future Facility in Virtually Advanced NetworXXXX with World Wide Webs of Internetworking Sites Sharing Information for Intelligence Capture and Onward Processing into the Magic of Future Presentation ...... Live Streaming and Floating of Significant Resourceful and Relentless, as in Inevitable, Events/Quantum Episodes?
What page are you on, Paul? Are there any chapters missing? Have you reached that section yet? It is impossible to progress further into Total Virtual Reality without Virtual Flight Instruction for AIMaster Piloting ProgramMING.
"In the not too distant future we anticipate that the cyber threat will pose the number one threat to our country,"
Those damn cybercriminals with their cybertheft, cybercopyrightcontravention, cybertakingwithoutconsent, cyberloitering, cybergreviousbodilyharm and cyberhacking. And cybering. Going around kidnapping, torturing and killing innocents. And blowing up buildings. Sorry, cyberblowingupbuildings.
"We need to take lessons learned from terrorism and apply them to cybercrime."
Ah yes, the lessons... Illegal imprisonment. Illegal extradition. Extra-judical killing (with the joking and the laughing, don't forget them). Torture. Fun times!
He'd be annoyed (not terrified) if his phone stopped working.
But he wouldn't give a monkey's left testicle if his phone started funnelling all his private data and conversations, without his permission, through a third-party commercial entity run by known malware-peddlers.
Hell, he'd even go and work for the company the peddlers were paying to give them the data!