Hi, I happened to see your recent posting, and since I'm interested in the cyberwar issue (including having served as co-chair of the DOE "Human Factors" breakout group charged with considering cyberwar and cyber terrorism for the DOE Cyber Security Research Needs for Open Science meeting, see session 4 of http://cybersecurity.colostate.edu/ panels/ ). With that for context... I'm not sure folks fully understand how strategic cyberwar might/will actually be waged. In my opinion, cyberwar will not rely primarily on malware-based attacks. :-; That process is too uncertain, too slow, too-readily thwarted and would have insufficient penetration or coverage. So how might cyberwar happen? Let me give you three examples: 1) We are already experiencing a sort of cyberwar, although because it began gradually, and has become a chronic phenomenon, no one acknowledges the negative impact and damage it continually causes to our economy -- and that is spam. What a perfect attack eh? How much time is wasted filtering and deleting spam? How many business-critical messages get blocked or overlooked? How many resources are diverted from other potentially productive uses? What a great way of promoting illegal use of controlled substances, too, thereby helping to subvert the nation's war on drugs. And yet, because this is an attack of a trillion mosquitos rather than a frontal attack by a roaring bear, we don't even acknowledge it as an attack, and there's no way to definitively tie this attack to a hostile government -- absolute deniability! 2) Tactical cyberwar would certainly include attacks against control systems; if you're interested you can see my take on this issue at http://www.uoregon.edu/~joe/scadaig/infraguard-scada.ppt (or .pdf) 3) Full-blown strategic cyberwar, worst case, would involve things like high altitude electromagnetic pulse-induced damage to terrestrial networks and power distribution grids, while simultaneously degrading or destroying non-radiation-hardened satellites aloft. If you're interested, please also feel free to see my talk, "Planning for Certain High Risk Security Incidents," http://www.uoregon.edu/~joe/highrisk/high-risk.ppt (or .pdf) from the fall 2007 Internet2 Member Meeting in San Diego, where I urge adoption of a program of hardening critical assets to resist H-EMP. Feel free to drop me a note if you have any questions, Regards, Joe St Sauver, Ph.D. (joe@oregon.uoregon.edu) http://www.uoregon.edu/~joe/ ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE