Sunday, June 24, 2007

Close your eyes and make cyberwar go away

The New York Times today published an incredibly bad piece on cyberwar. Entitled 'When Computers Attack,' its entire purpose seems to be to allow reporter John Schwartz to wave his hands, make vague assertions, and explain how there's nothing to see here.

I am a big fan of the writing of military expert John Robb, so perhaps I am particularly sensitive to the fragility of complex technical systems and the real risk of their disruption. But even with that discount factored in, the Pollyanna attitude of the piece is incredible. Here's an early paragraph:
"But how bad would a cyberwar really be — especially when compared with the blood-and-guts genuine article? And is there really a chance it would happen at all?"
I'm just guessing here, but it appears that the two main claims of the piece will be, "It won't happen," and "If it does, it won't be bad." Hmmm. Kind of reminds me of our government response to a certain famous memo.

Yes, Virginia, terrorism happens, and yes, it can be bad.

The meat of the article supports the possibility of cyberwar being a big deal:
* "China, security experts believe, has long probed United States networks."
* "The United States is arming up, as well. Robert Elder, commander of the Air Force Cyberspace Command, told reporters"
* "An all-out cyberconflict could “could have huge impacts,” said Danny McPherson, an expert with Arbor Networks."
Sounds pretty serious, right? But that's before Schwartz dismisses the experts.
"Whatever form cyberwar might take, most experts have concluded that what happened in Estonia earlier this month was not an example."
Wait a minute! Estonia is a particularly wired place, and pissed-off persons unknown brought key infrastructure of the country to its knees by blocking access -- to banks, to government websites, to overseas consulting gigs. How is this not cyberwar? A blockade is an act of war. This was a blockade. Just because the harbors and ports are digital doesn't make it any less harmful, or any less aggressive.

Schwartz then makes assertions that net out to, "it wasn't cyberwar because the Russian government wasn't involved, just sympathetic Russian hackers." Come on. When the United States was funding the Contras in Nicaragua, using convenient irregulars to mask our role, was it any less warlike of us?

Then we get to the most breathtaking dismissal of all, especially for a writer in New York:
...the technologies and techniques used in the attacks were hardly new, nor were they the kind of thing that only a powerful government would have in its digital armamentarium.
Perhaps Schwartz's clever uses of obscure synonyms for 'arsenal' dazzled him so much that he forgot a certain incident carried out by a non-powerful-government with non-new-technology that had some slight consequences for world history:



I'm afraid it may be worse than bad memory -- other parts of Schwartz's brain also appear to be functioning poorly. Next, he argues that since war bears risks, no one will enter into it:
In fact, an attack would have borne real risks for Russia, or any aggressor nation, said Ross Stapleton-Gray, a security consultant in Berkeley, Calif. “The downside consequence of getting caught doing something more could well be a military escalation,” he said. That’s too great a risk for a government to want to engage in what amounts to high-tech harassment, Mr. Lewis said. “The Russians are not dumb,” he said.
Yeah, right. Those attacks that result in escalation never happen.

So Schwartz doesn't understand war. But he can still go out with a bang: he doesn't understand economics, either!
...Kevin Poulsen, a writer on security issues at Wired News, said that he had difficulty envisioning the threat that others see from an overseas attack by electrons and photons alone. “They unleash their deadly viruses and then they land on the beaches and sweep across our country without resistance because we’re rebooting our P.C.’s?” he asked...
...Down on earth, by comparison, this correspondent found himself near the Kennedy Space Center in a convenience store without cash and with the credit card network unavailable. “The satellite’s down,” the clerk said. “It’s the rain.” And so the purchase of jerky and soda had to wait. At the center’s visitor complex, a sales clerk dealt with the same problem by pulling out paper sales slips.

People, after all, are not computers. When something goes wrong, we do not crash. Instead, we find another way: we improvise; we fix. We pull out the slips.
This is breathtakingly bad fluff.

Does Schwartz not understand why we bombed the crap out of Germany and firebombed Japan during WWII? It wasn't because the Germans couldn't "pull out the slips" and build airplanes underground. It wasn't because the Japanese couldn't "pull out the slips" and rebuild their small workshop factories. It's because total war is economic war, and a good way to win an economic war is destroying the efficiency of your competitor.

No silly "Red Dawn" style invasion is necessary. Economic blackmail -- or economic destruction -- is plenty good enough.

Our entire society rests on fragile, difficult-to-defend infrastructure. At a basic level, our survival depends on systems of distribution for food, water, and energy which might easily be disrupted. At a more elevated level, our prosperity and happiness as a nation depends on those systems, and others -- such as international trade, the media, the financial markets -- not just working, but working flawlessly and efficiently. Any attack which reduces that efficiency has real economic consequences to us, whether we "pull out the slips" or not.

Cyberwar can impact those systems, and thus it is a real threat, a real risk, and something that deserves being taken seriously. Bin Laden understood this. It's a shame that John Schwartz doesn't.

No comments: