There is much consternation in the United States over Cyber attacks from China, Russia, and dissident groups with an agenda. Our paid Cyber-sleuths have the damning evidence in hand, and the political elements in the country are filled with fear and loathing and feel helpless to do anything substantial about it; the main reason being that we have conducted attacks ourselves. An example is the attack on the Iranian centrifuges that were whipping up near weapons-grade enriched Uranium. The problem is that the attacks recently conducted by Russian and Chinese hacker groups have damaged the integrity of our system of democracy and threatened the lives of ordinary citizens. When you add in the disclosures of Edward Snowden, the real-world effects are as big as those created by detonating nuclear weapons on the U.S. Government. Here is a link that supports my thesis: http://www.defenseone.com/threats/2015/06/5-chinese-cyber-attacks-might-be-even-worse-opm-hack/115321/?oref=d_brief_nl
The USA needs to retaliate in kind in a big way, and fast. We need to make it so painful to the parties involved that they never try it again. We also need to isolate North Korea even further by cutting off the access of their hackers to the Internet. The physical servers that connect them up are located in China, and the U.S. knows exactly where they are. We need to demand that the Chinese disconnect them immediately or suffer the consequences.
At the same time, the U.S. Government needs to ‘privatize’ its networks immediately from the inventors at DARPA to the IRS and the Pentagon. There must be no physical links to the Web, wired or optical. The sad truth is that there is NO Way to make the web secure. It is the nature of digital computing; where there are bit streams flowing in and out of a digital/analog processing system, the ‘doors’ in and out cannot be locked and any combination can be tricked into revealing itself and be subject to decoding. The Government network is vital and entrenched in everything the government does. The same applies for power plants, public utilities, and state/local government agencies, including local fire stations, hospitals, traffic lights, railroads, and mass transit systems.
All of these networks must be physically isolated from the world-wide web. The interconnecting wire or fiberoptic lines must be in steel jackets and Tempest-shielded; and they should be buried deeply in the earth. As soon as it is technically possible, such communications should take place via Quantum Entanglement. Until that time, the USA needs to tell the world in the strongest terms that we reserve the right to retaliate on future attacks with cruise missiles or space-based railguns that target the physical location of any hacker groups and network nodes identified by our Cyber Intelligence Corps (when we have one in place). No vital activities of any kind should be connected to either the Web or the Internet of Things.
Image courtesy of prepperbroadcasting.com
I’m all for a safe American-only nation-wide web (or multiple American-only nation-wide, isolated webs) for the protection of an individuals personal data. Now, how I would attach to it (or them) is something else. The source of an individuals request to enter or join a web for personal business would be critical to the safety issue. Other measures would also be needed. Save the bombs and bullying and start protesting.
Everyone would need their own personal key to unlock a web. The keys would be valid for a date and time. Browsers could be responsible for issuing daily use keys, free or otherwise.
Thanks for your comments, MoonDawg. It is a thorny issue and needs to be explored by experts, and I don’t mean the FCC. The current Commissioner of the FCC is attempting to exert government control (and taxation) over the Internet. The FCC was created to regulate the over-the air broadcasts in a crowded spectrum which made sense at the time. And, we must remember their disgusting foray into censorship of content. It was an obnoxious expansion of their authority and stifled creativity in programming. Imagine what they will do to the Internet of Things……….
Thank you very much for your insights and thought provoking opinions.
An additional insight on the way the Internet is being ‘weaponized’ as I write this can be found here:
http://www.rferl.org/content/how-to-guide-russian-trolling-trolls/26919999.html
“Do unto others, as you would have done to you”
“Retaliating” harder only ever makes things worse (looks cool on the NorseCorp map), and within hours the US will receive re-retaliatory attacks, to which they re-re-retaliate, and so on…
Attacking does not fix any of the problems suffered, it just makes things worse, as the exploits are fixed and you need new weapons, and more escalation.
“the more painful” you make it, the more they will hate and bring more pain in return, just as you are suggesting be done to them.
Weaponising the net is not an answer, unless you want to selfishly cripple it for everyone else that makes up the majority of the planet.
Make it bomb-proof is the answer. Fixing and removing any way for anyone to use the net in a malicious way is the answer (though difficult).
All government and private info systems should be isolated in all countries, no matter what is happening in the world.
This will require that companies stop outsourcing their IT departments, and managers are hired with IT real skills that can actually recognise a big-fat problem when it sits on their face.
Those that work in IT departments for large organisations, already know how difficult it is to get management to recognise issues that lead to catastrophe.
As long as managers outnumber workers (Sony pictures was a good example), and as long as they keep assuming an IT department can deal with all problems if you throw money at it, nothing will change.
“better to blame the hackers and cover our own mistakes”
That attitude also has to change. It should always be;
“We got hacked, where did we go wrong ?”
Management (and Politicians) demand easy and convenient access to systems so people with minimal training can use it.
Good security does not equals “easy and convenient”
Training your staff to a higher standard, so that they stop becoming the weak-link, makes better security.
At the very least you have more eyes capable of spotting something is not as it should be, instead of realising after a month of oblivious ignorance.
Hackers go for the weakest spot, so don’t have any weak spots.
As long as back-doors or access to keys by a third party is possible, you have a weakness with a giant blinking neon sign above it.
I like the suggestion of daily keys. Staff could get a new key when arriving which expires automatically at the time they are supposed to finish.
If they go over-time then they ask for another, or go home.
Importantly this would have to apply to all levels of a company, or the managers etc. keys become the ones you steal.
When I was head of IT at a company many years ago, I made sure that I restricted what the head of the company could do on the network.
I let him see areas he “thought he should see”, but no more, and he had no ability to change anything outside of his user profile.
I wanted to avoid any accidents yet still let him think he was in control.
If his laptop was stolen while he was away somewhere, I did not have to worry about what damage could be done.
Even with the username and password for the head of the company, you were not going to damage my network.
Most importantly, even if you walked on site with that info, it would not be any use.
You needed the 1 account that let you do anything. Mine.
When I left the company I instructed my successor to continue being the 1 holder of a useful login.
That is the difference between “Head of IT” and “Network God”.
If you have a Network God with OCD or Aspergers , then you have a secure network.
If you have an IT Manager that cannot even setup their own mail with PGP, then you have a serious problem.
Likewise, if you have people making decisions on IT (management and politicians), that cannot even setup IMAP email, then you have a serious problem.
It all boils down to this;
Which politician or head of a company would you take home IT advice from ?
You would obviously talk to the people they actually get to do it for them.
So why do we continue to let them make the decisions on important IT ?
Because we get fired for saying “but that is stupid, or impossible”, so we stay quiet.
Take for example, the idiots in the FBI asking for strong encryption that is also by-passable. In my opinion it does not need a reply, a “face-palm” says it all.
As long as people in power refuse to believe what they don’t want to hear, they will continue to hold us back and make things worse, by diverting and distracting from the important tasks that need doing.
Geeks should be in charge of the net and its infrastructure, not government departments.
Thanks for visiting my blog, Dr. Flay. I appreciate the multiple new dimensions of the problem that you introduced in your well-reasoned discussion. I can see that you have a lot of experience in the issues, and I enjoyed your dry sense of humor.:)
Thanks for your creative solutions, MoonDawg. I apologize for being tardy in responding to your remarks. I think a comment notification icon would be a useful addition for bloggers like me that seldom take the time to look at activity on a prior blog post. Perhaps it exists, but I am not aware of it.
I always like another point of view, be it far left or far right. Take care.