JT: How feasible is it though to say, right, we’re a commerce-only zone, no warfare is going to happen here? MS: That’s one of the biggest problems because there are political forces that want it to be a conflict area.
HN: So if that’s a continuum, where do you think we are now?
MS: In the middle because we haven’t thought about what we want this to be?
HN: Which direction is it going?
MS: Towards the conflict side – because of political overtures.
HN: Are there going to be specific changes?
MS: In militarising it? We’ve already had a few examples – Stuxnet, WikiLleaks. While I don’t like to point to Georgia and Estonia as being warlike, others do.
HN: Right, but those seem like specific abuses of the system, not someone reshaping the system. Are there things happening that will change the system?
MS: BGP redirection – hijack a route or hijack a country and bring all that information cell by cell, filter it, change it, give it all back, change the TTLs so you don’t see that it happened. We know that, we see that happening.
JT: China did it recently didn’t they? MS: Yes, they did, so have other countries – China gets caught at it.
HN: Has the political climate enabled more of this so it can’t happen?
MS: Correct – because we don’t have the science mindset of how to research thinking of networks to network and to come up with ways to build cyberspace.
GI: It’s always nice to have the battlefield without civilians and out of the cities where the war process slows. On the internet you can’t avoid that; one of the political issues is collateral damage.
MS: What’s very irritating to my friends at Fort Meade is I’ll point out that the internet is private property and can detect evil. If a nation is warlike, machines detect it as crime and we know about it. The private sector can prevent countries from conducting cyberwar – where else does that ever happen?
TS: Information stolen is an aspect of computer-network operations, or cyber warfare – so computer- network defence, attack where people are denying, destroying, degrading, disrupting a system and the one we’ve seen for years is exploitation. A concern is funds given to government are weighted to the Defence Signals Directorate.
AM: The only ones in the debate are very well-funded defence and intelligence establishment, who hijacked it, and/or IT security people. And yet it’s a social and a policy issue and we failed
GI: Is cyber warfare declared or a guerrilla war and espionage, the Cold War that’s on the internet?
TS: If government builds an armed force it will prepare for war even though it might not happen for 20 years. Is computer-network exploitation or cyber espionage warfare? No. Has warfare been engaged? Yes – Estonia, Georgia. The second or third time Estonia was attacked it got over it by rerouting to US servers. But if we focus on cyber warfare it will be the militaries of the world that dominate the internet.
GI: The Estonian defence people didn’t get involved because they didn’t know what to do. It was the ISP CERTs that brought Cisco in. The military is fighting network engineers defending companies’ profits. Network engineers around the world come together and say, “we’re going to stop it”.
EB: Stuxnet probably was an offensive worm, if what everybody guesses or assumes that it was directed at the towns on the nuclear site; it was an alternative to a cruise missile. I’m not sure we don’t have some low-level undeclared warfare going on right now.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
