blog Oh dear. The ABC’s Chris Uhlmann might be a fantastic political reporter, but there’s no doubt he’s a bit out of his depth when reporting on technology matters, as evidenced by a fascinating conversation he held yesterday on ABC News 24 with Defence Minister Stephen Smith. The topic: How the US and Australia are working together on cyber-security matters.
Says Uhlmann:
“Is it just defensive, or would you be looking at weapons for cyber space?”
The good Defence Minister replies:
“We’re looking at very much the defensive, to use the jargon, a defensive posture here.”
And then from Uhlmann again:
“And if you were looking at weapons you probably wouldn’t tell me?”
To which Smith replied:
“Well, I would certainly respond appropriately to any such question, but we’re looking at this as a defensive posture.”
Frankly, I’ve been working in and covering the technology industry for a decade now, and even I wouldn’t have any idea of what a “cyber space weapon” would look like or how you would develop one. The closest thing I can think of is the ping flooding bot which we used to knock my year 10 Computer Studies teacher’s dial-up connection off the internet. Or maybe he just disconnected because it had become useless.
Sure, there’s trojans, bots and so on — but can they really be classified as a “weapon”? It’s the same in terms of defence. Is it really useful for the US and Australia to talk about “cyber space defence”? Doesn’t this really just mean better intrusion prevention, firewalls, anti-spam and anti-virus and so on?
Somebody, please won’t somebody think of the routers??!
Image credit: Jorge Vicente, royalty free
Botnets are a weapon, absolutely.
Also worms – consider Stuxnet.
Yes, the USA considers some cyber “things” as weapons, or munitions.
Frankly, calling a piece of computer software a “weapon” is hyperbole.
What about a piece of software which gives you access to the enemy’s weapons? Remember the reports of Iraqi insurgents gaining access to live video feeds from Predator drones? That was an enormous oversight, obviously, but it doesn’t give me much confidence that the command & control comms are completely safe…
A botnet can be used to deny access to just about anything, assuming it can talk to the network you need to target. You can use it to target servers, end users, or intermediate infrastructure. A device (including software) which gives you the ability to deny the enemy access to their own communications, or to intercept an enemy’s communications sounds like a weapon to me.
These things are not “weapons”. They are “hacks” or even “surveillance”. “Weapon” makes them sound ridiculous. Nobody carrying a gun is going to look at a script and think “what a cool weapon”.
A weapon is something you can build and then “launch” in times of war. But you cannot build a botnet and “launch” it when the war begins: you would have to start building the botnet *now* (and remember, “building” a botnet means infecting ordinary citizens computers with software that they have not authorized) so that it’s big enough to have an effect when the war begins. I certainly HOPE our government never contemplates something like that.
Perhaps by “weapon”, you could be referring to the actual people. Perhaps you could have people working on ways to exploit existing botnets for the purposes of warfare. But I would suggest that it would be better to have those people working on ways to *shut down* the botnet, than to somehow exploit it. But that would be a defensive policy…
Also, I just want to say I hate the phrase “cyber security”. Puts in my mind images of mechanical men screeching “You will be upgraded!” Can’t we just call it “security”?
Yes there are can be and are ICT based offensive and defencing systems.
These specialised systems and other systems can be employed as weapons, to damage, disrupt and disable adversaries, by state and non-state actors on networks and in other digital contexts.
That you don’t recognise they exist doesn’t matter because you are wrong.
The attacks on Estonia and Georgia were real.
The access the Stuxnet had/has to SCADA systems is real.
Vulnerabilities in ECUs in our cars are real.
A bottle or a rock or a chair can be weapons, the definition of ‘a weapon’ is and has always been about context and intent as well as potential.
Two Boeing passenger aircraft are probably the most notorious weapons used by anyone so far in the twenty-first century.
As you’ve implied that you think militaries make decisions about desirable capabilities based on thinking “what a cool weapon”, there’s really no wonder that you fail to grok the full scale of infosec today.
Yes it does go all the way down to IDS, firewalls and anti-malware and goes all the way up to NSA and the US Cyber-command.
Why would a botnet used for defensive, or offensive, or for that matter censorship (a la the Conroy model) need to run of the PC of ‘Ordinary Citizens’.
Surely there’d already be enough PC’s within government dept’s that could have a botnet running in the background day in day out.
It’s the sort of thing that the Defense Dept could slip in to the OS install on every PC bought with government money.
Comments are closed.