----- Forwarded message from Phillip Hallam-Baker <hallam@gmail.com> ----- Date: Wed, 9 Oct 2013 08:44:05 -0400 From: Phillip Hallam-Baker <hallam@gmail.com> To: Tim Newsham <tim.newsham@gmail.com> Cc: John Kelsey <crypto.jmk@gmail.com>, "cryptography@metzdowd.com" <cryptography@metzdowd.com>, "James A. Donald" <jamesd@echeque.com> Subject: Re: [Cryptography] Iran and murder Message-ID: <CAMm+LwiYZfYAYU_r97B3WhWjbgSr8=W7-rC5HWHRCY3+p9qRfw@mail.gmail.com> On Wed, Oct 9, 2013 at 12:44 AM, Tim Newsham <tim.newsham@gmail.com> wrote:
We are more vulnerable to widespread acceptance of these bad principles than almost anyone, ultimately, But doing all these things has won larger budgets and temporary successes for specific people and agencies today, whereas the costs of all this will land on us all in the future.
The same could be (and has been) said about offensive cyber warfare.
I said the same thing in the launch issue of cyber-defense. Unfortunately the editor took it into his head to conflate inventing the HTTP referer field etc. with rather more and so I can't point people at the article as they refuse to correct it. I see cyber-sabotage as being similar to use of chemical or biological weapons: It is going to be banned because the military consequences fall far short of being decisive, are unpredictable and the barriers to entry are low. STUXNET has been relaunched with different payloads countless times. So we are throwing stones the other side can throw back with greater force. We have a big problem in crypto because we cannot now be sure that the help received from the US government in the past has been well intentioned or not. And so a great deal of time is being wasted right now (though we will waste orders of magnitude more of their time). At the moment we have a bunch of generals and contractors telling us that we must spend billions on the ability to attack China's power system in case they attack ours. If we accept that project then we can't share technology that might help them defend their power system which cripples our ability to defend our own. So a purely hypothetical attack promoted for the personal enrichment of a few makes us less secure, not safer. And the power systems are open to attack by sufficiently motivated individuals. The sophistication of STUXNET lay in its ability to discriminate the intended target from others. The opponents we face simply don't care about collateral damage. So I am not impressed by people boasting about the ability of some country (not an ally of my country BTW) to perform targeted murder overlooks the fact that they can and likely will retaliate with indiscriminate murder in return. I bet people are less fond of drones when they start to realize other countries have them as well. Lets just stick to defense and make the NATO civilian infrastructure secure against cyber attack regardless of what making that technology public might do for what some people insist we should consider enemies. -- Website: http://hallambaker.com/ _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5