Home page logo
/

dailydave logo Dailydave mailing list archives

Re: The underlying structure is foamy
From: Pedro Hugo <phugo () highspeedweb net>
Date: Fri, 24 May 2013 15:08:20 +0100

Hello everyone,

The navy analogy is definitely very interesting and compelling. I am not
so sure if it is the best one to use in this case.
My issue is with the economics of the new navy. The old navy is essential
a natural monopoly due to its high costs and barriers to entry.
Very few countries can(could) afford to develop, deploy, and maintain an
effective navy. The Spanish and Portuguese split the world and its
richnesses, and still were unable to maintain their empire 500 years ago.

The economics of the new cyber-navy are very different. It is cheap to
develop, deploy, and maintain. Honestly, any country can build their
cyber-army if it wishes so.
What are the real barriers to entry? Very few! It is mostly knowledge,
which is freely available these days or can be acquired at a very low cost
- VUPEN CEO was joking(?) on Twitter that they could train a junior
"pwner" in a year. I think this changes the whole strategic scenario
compared to the real navy. There are no few dominant players but everyone
has the potential to be one. How sure are we that we can evaluate the
"cyber-firepower" of any given country?

The thing about the whole cyber-war discussion that I have most problems
with is its real effects.
The impact of a nuclear bomb can be rather easily measured - many
casualties, nasty long-term effects in the population and environment, etc.
How about the effects of a cyber-war? It definitely has the potential to
kill people, although I doubt not even close to a nuclear attack. It has
potential to disrupt markets, supply-chain, and our day-to-day lives, and
so on. 
But what is the real magnitude of these effects? It will be extremely
annoying to have no electricity for days or even months. Hell, I am afraid
of switching internet providers because I am not sure if the new one will
have the same service levels. Can we survive to these effects? Of course
we can. Latest natural disasters have shown us that it is definitely
annoying to our personal comfort but we can survive and recover, sometimes
faster than predicted.

We love predictions and hate the unpredictable (as a side note, future
babble by Dan Gardner is an interesting book about this subject!).
Everyone is commenting on this topic and making their predictions.
Remember the Y2K bug? Many were saying it would be a disaster; billions
and many hours of ours lives were spent evaluating and fixing it. No real
disaster happened and we kept going with our lives. Maybe those billions
were well spent after all.
Most predictions are too abstract and too generic to be useful to anything
else than a private agenda. There seems to be too many politics, business,
and power games that are blinding us to understand and try to evaluate the
real impacts of a cyber-war.

Just my 2 cents of random write or wrong thoughts.

Best,
Pedro


On 24/05/13 05:56, "Thomas Lim" <thomas () coseinc com> wrote:

Dave

Ben, like you and Halvar, are all iconoclasts. It's impossible to find
anyone else in this Universe that will come close to looking like the 3
of you and/or have the kind of cognitive "computing power" that you 3
possess. Unlike me who is a Chinese, common, prevalent (you cannot get
rid of us, can't you?) and who cannot read, write and pronounce properly
the lingua franca of planet Earth.

Ben is really a mystique. His train of thoughts is out of this world.
Which is why no one can explain why he, a brilliant mind, continues to
work in a tiny weeny company run by someone whose brainpower is
equivalent to a rubber duckie.

I believe yo are spot on when you said that moving of bits does not
affect his live. The Internet, no matter how powerful and pervasive,
will have great difficulty affecting someone's life when that someone
carries a phones that does not work when he leaves the mountain, when
electricity is a luxury and does not have a Facebook account. i mean
which earthlings do not have a Facebook account?

i kind of agree and disagree with you. i think the Internet will be the
new Navy. Its not quite there yet but its definitely moving in that
direction. Even when the Internet becomes the new Navy, it still will
not replace the Ocean as the main medium of commerce. Unless "beam me up
Scottie" becomes a reality. From what little i know of Physics and
Biology (yes coming from the guy who believes that it will not rain on a
full moon), that is not going to happen.

Nation-states are concerned about the effect of the Internet, especially
so with draconian regimes. It's (the Internet) catalytic effect on
change on almost all matters of our life is amazing or frightening,
depending on how you see it or accepting and leveraging it.

i, on the other hand, am not concern only about nation-states and the
Internet. i am also very concern about how enterprises/big corporations
are using the Internet to affect our life in ways that we never intend to.

i agree completely with you that Cyber will replace nuclear. What makes
it really scary is that nation-states postulates with nuclear but will
launch "cyber attack".



Thank you
Thomas Lim

On 24/5/2013 4:49 AM, Dave Aitel wrote:
So Ben Nagy, who is nothing if not an iconoclast, disagrees with my and
Halvar's general tenets that the easiest analogy to what is happening in
the cyber space is the creation of a new Navy (or set of Navy's). But he
refuses to argue with it when it's not words on paper. So I figured I'd
put down some words on paper.

The first and most basic premise is that the Internet has replaced the
oceans as the global Commons. While it's true if you're moving mercury
or steel or plastic rubber duckies from China to somewhere not-China,
and while it's also true that the very wires that are the Internet are
sitting across Ocean floors, deep down Commerce now largely moves over
the Internet.

I don't know if that's the part Ben disagrees with. I think the part he
disagrees with is that by moving bits around, you can effect him in Real
Life. Which brings us to the second part:

I believe that you can cause dramatic nation-state effecting things over
the Internet. I also believe you can do small things if you want. There
are graduated Booms available if you have true information dominance.
Ben lives in a house that has power only a minority of the hours of the
day, so it's hard sometimes to imagine how you would effect him
personally. But he also flies around in metal tubes running
lowest-bidder real time operating systems hooked up to the network
(occasionally, at least). Modern planes can only fly if a quorum if the
cyber attackers on their systems vote to let them fly.

I look at these physical<-->cyber connections as simple gateways, but I
find that if you go around postulating more ways to do this stuff in
public, people consider you a huge douchebag.

Basically Dvorak and Ben are "not scared". Which is fine. But the people
who really make these decisions in most nation-states ARE scared. And on
one end, that's all that you need for working Deterrence, which is the
next argument.

In other words - I believe that cyber can replace nuclear (and has, to
some extent already) as a military deterrent. If Iran turned around
tomorrow and said "Stop the financial blockade or every wall street firm
goes away forever" then what's the US response? I hope we know, because
that very well is the next step. "We don't believe you" is not the
probable reaction, I'm guessing.

How about this one? "We're going to take a random ship and fill its
ballast tanks completely with water in the next storm". How's that Navy
looking now? At a lot of code assessments and not a lot of sailing
around the world enforcing trade embargoes, I'm afraid.

And if you can replace ANYTHING as a deterrent, then you might as well
replace our aging, expensive, and dangerous fleet of ballistic
submarines. Each of which is TWO BILLION DOLLARS. That's almost real
money.

So that's the basic setup for the thesis, all of which annoys @RantyBen
AS PROMISED.

In case you're curious where all this comes from (other than phone calls
with Halvar), I've been working in my copious spare time on a Doctrine
for Cyberwar, which is essentially just game theory as applied to the
realities of what we do as hackers. This results in the three talks I've
given over the past year:


https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fall
acies
http://www.youtube.com/watch?v=vBQET68HHSg (Amateur hour on the Internet
aka what is and what is not a cyberweapon)
http://www.youtube.com/watch?v=X2M9nmqP6n0 (Everything Buffy the Vampire
Slayer Taught me about Cyberwar)

-dave
(Ben, you're up.)
(Also, for those of you who haven't noticed yet, there's a special ad in
Immunity Debugger right now that links you to a special video. :>)



_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]