“The internet is inherently unsafe and should be replaced with a safer, re-architected alternative, says former White House cybersecurity advisor Richard Clarke.” (http://www.computerweekly.com/Articles/2010/10/13/243326/RSA-Europe-2010-Replace-internet-with-something-safer-urges-former-White-House.htm)
Consider that: totally replacing the Internet’s infrastructure as a cheaper alternative to our current hodge-podge of security. He’s talking about replacing every router (and the big daddies are very, very expensive), possibly every switch (since telco switching, not Ethernet switching, provides a lot of our backbone services), and likely all the other infrastructure that connects them. He’s telling us that’s cheaper than fighting our current battle, because that battle is doomed. Which is something to ponder, considering the potential scenario:
[H]e said, Iran was clearly a target of Stuxnet, described as the first known cyber weapon, and if tensions escalate, it is not impossible that Iran could retaliate in kind.
Remember what tiny Myanmar did to the Internet when it blocked YouTube in 2007: a simple (stupid) DNS (mis)configuration blocked not just Myanmar’s citizens from the site – but the most of the world’s as well. The scene: Iranian coders reverse-engineer Stuxnet and unleash it on, oh, every nuclear power plant on Earth. Whom would we nuke in response?
Maybe what we need are Rules of Engagement:
Establishing the rules of engagement around cyber war should be a top priority for governments, says Michael Chertoff, former US secretary of homeland security. (http://www.computerweekly.com/Articles/2010/10/14/243355/RSA-Europe-2010-Cyber-war-rules-of-engagement-39should-be-top.htm)
I chuckled when I heard about this idea, but after reading fuller discussion at the article linked above, I’m starting to see the sense of it. Rules of engagement? For war? Isn’t the idea to just blast the other guy? Well, yes. The idea is that you don’t bring an atom bomb to a knife fight.
Remember MAD? Mutual Assured Destruction? As in: if you bomb me I’ll bomb you too and we’ll all die. (Cue Dr. Stranglove laughter down an echoing hallway.) That was the Nuclear Doctrine. Don’t destroy us and we won’t destroy you.
It seems sensible to agree as gentlemen and scholars that we won’t take down your public infrastructure as part of warfare, as long as you don’t do it to us. Let’s not cause each other’s nuclear reactors to go hypercritical, shall we?
What I’m left wondering is, given a culture that specifically defines it as honorable to lie to an enemy, what are terrorists’ agreements worth anyway? They are neither gentlemen, nor scholars. In this game there is no Trust, But Verify. There is only Do, or Die.