The internet has been mercifully quiet the last few days c/o Thanksgiving, so this is a necessarily short selection of recent stories. I love Thanksgiving – an annual four-day hiatus for Anglophone internet users. Should happen more often.

The Dark Side of the Internet – Andy Beckett, The Guardian [h/t The Strategist]

US Military Cyber Forces On the Defensive in Network Battle – Lewis Page, The Register

Maps of Cyberspace – William Drenttel, Observatory

Keeping Cyberspace Open to the Public – Bill Thompson, BBC

Either a lot or little has happened since the UK’s Cyber Security Strategy was launched in June 2009, which largely depends on your perspective. Cath Everett at InfoSecurity has an excellent run-down of the story so far. What’s particularly interesting about this piece is its focus on the UK military, which is often overlooked in discussions of this type, except when ‘cyberwar!’ is writ large across the headlines. Well worth reading. Securing the Defence – Information Security and the Defence (27 Nov 2009).

Report: Countries prepping for cyberwar – CNN.com: “CNN

Report: Countries prepping for cyberwar
By Elinor Mills
November 17, 2009 — Updated 1611 GMT (0011 HKT)

Threats of cyberwarfare have been hyped for decades but a McAfee report shows cyberattack preparation is happening.
STORY HIGHLIGHTS
McAfee: Countries are amassing cyberweapons, conducting espionage
Report based on interviews with experts in international relations, security
Experts are seeing increased intelligence gathering, according to report
Threats of cyberwarfare have been debated for decades
RELATED TOPICS
Internet
Computer Security
(CNET) — Major countries and nation-states are engaged in a ‘Cyber Cold War,’ amassing cyberweapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee.
In”

(Via .)

There’s not much substance to this story but it gives me an excuse to use the title. Spotted in the spectacularly parochial Epsom Guardian:

Reigate and Banstead MP Crispin Blunt Goes to Washington Over Cyber Warfare Threat

Reigate and Banstead MP Crispin Blunt has been out in Washington to help set up a framework to defeat cyber warfare and cyber terrorism.

Mr Blunt, shadow minister for home affairs and counter terrorismn, went there to work on an international legal framework on cyber warfare with US policy makers and academics. Among others, he met White House and State Department officials.

Cyber warfare involves attacks on vital computer networks involved in defence, infrastructure and running essential services.

A recent report says that politically motivated cyber attacks have increased and five countries – the United States, Russia, France, Israel and China – are now armed with cyber weapons.

Before leaving for Washington Mr Blunt said: “We have seen an increase in the use of cyber warfare by states in recent years and are aware of the development of offensive cyber weapons capability by a growing number of states.

“This necessitates an urgent response from the international community, which must think through and set out the rules of the ‘game’ before it is too late.”

Mr Blunt was presumably deputising for Baroness Neville-Jones, the flagbearer of the Conservative’s pre-election security agenda.  Poor bastard – he’s probably just been handed this and told to get on with it. His website says,

Crispin Blunt is currently in Washington to discuss possibilities for an international legal framework on cyber warfare with US policy makers and academics. Amongst others he will meet White House and State Department officials and James Lewis the Director of the CSIS report ‘Securing Cyberspace for the 44th Presidency.’

He’s also read the recent McAfee report:

McAfee’s report into the Age of Cyber Warfare is timely, raising the debate on an issue of ever growing importance to the security of the UK. I particularly welcome the debate about an international legal framework on the use of cyber weapons. We have seen an increase in the use of cyber warfare by states in recent years and are aware of the development of offensive cyber weapons capability by a growing number of states. This necessitates an urgent response from the international community, which must think through and set out the rules of the ‘game’ before it is too late. If the Conservative Party is elected to government next year we will ensure that the UK takes a lead on this.

Well, he read the abstract anyway. Anyone else get the feeling that our (probable) next government really aren’t saying much about anything? I’ll be interested to see whether Blunt returns from Washington with anything new to say. Oh, btw, he voted strongly for the Iraq war but against Labour’s counterterrorism laws, so he sounds like a company man; probably explains why he used to be a Tory whip. Expect politics.

L’editore del sito web del Ministero della Difesa Nazionale cinese, ha affermato che il sito internet da lui diretto è stato vittima di oltre 2.300.000 attacchi hacker in un solo mese.

Lo stesso Ji Guilin fa  notare come il sito ministeriale ha già registrato oltre 1.250.000.000 di visite a partire dal suo lancio avvenuto lo scorso agosto, e, pur confermando che tutti gli attacchi sono stati sventati, mette in evidenza come gli attacchi hanno conosciuto un’intensità superiore ogni qualvolta veniva implementato il contenuto di natura militare e che il maggior numero di visitatori esterni si connetteva dagli Stati Uniti. Un caso?

Continua a leggere “Come la Cina imparò ad usare Internet e ad amare la cyberwar”

Computer World reports the following:

Cyberattacks on the U.S. Department of Defense – many of them coming from China – have jumped sharply in 2009, a U.S. congressional committee reported Thursday.

Citing data provided by the U.S. Strategic Command, the U.S.-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That’s a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, they will jump 60% this year.

I’d be interested to know what definition of ‘attack’ is being used across DoD. Reason being that it wasn’t so long ago that DoD were claiming millions of daily ‘probes’ and ’scans’, which were often referred to as ‘attacks’. The commission report [pdf] defines ‘computer network attacks’ as:

Actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (p.170)

That’s a broad definition but since concerns expressed in the report seem mainly to be about data exfiltration rather than attempts to subvert command-and-control, these would fall under the heading of ‘computer network exploitation’:

Enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks. (p.170)

Not ‘attacks’ as defined at all, and selectively quoted in the media. Not entirely unreasonable, as the commission figures don’t differentiate between attacks and exploitation. The commission concedes that attribution is difficult, and the figures quoted above appear to be total numbers of ‘malicious cyber operations’ against DoD networks, implying that China alone is not responsible.

Does this matter? No, if all DoD want to do is prevent network compromises, but yes, if they want to develop strategies for evaluating and ultimately deterring state-sponsored incidents originating from China. The latter obviously applies, so DoD would do well to make their case backed by more careful presentation of the evidence. Their statement that ‘a thorough description of the [forensic] techniques used is not publicly available’ (p.169) is nearly irrelevant as it’s the results of those investigations that matter for policy purposes. They don’t seem to be properly presented here but I’m quite willing to be proven wrong if anyone else can point out the errors in my reasoning.

Is going to be the last one in this format, i.e. daily or nearly so. It has served well as a ’scrapbook’ of cyber-related links but doesn’t really have enough focus. Starting next week, I’ll be producing a more rounded weekly round-up rather than just a list of links. This will be better for me, as it will clarify things in my own mind, and better for the reader, as it will give you a fuller contextualised picture of the week’s stories.

I frequently ‘mine’ my own blog for info and links but have found that my searches for material almost always lead to the more substantive posts rather than the links posts. They also don’t get enough click-throughs to warrant the work they entail and, believe me, my time is at a premium at the moment and getting scarcer by the week. Far better then to produce less frequent and better quality summaries that will include comment as well as just the links. Escaping Virilio’s ‘tyranny of real time’ will be a positive move too.

Anyway, on with the last set, and I hope the new and improved versions will serve all of us better …

U.S. is Striking Back in the Global Cyberwar – Alex Kingsbury, Anna Mulrine, US News

Cyberwarfare: The Issue China Won’t Touch – Simon Elegant, TIME

Defense Asks Industry for Help to Cut Its Communications Cord – Bob Brewin, NextGov

US Cyber Defenses Full of Holes – Colin Clark, DoD Buzz

As Smart Grid Expands, So Does Vulnerability to Cyber Attacks – Peter Behr, New York Times

House Committee Passes Cyber R&D, Standards Bill – Angela Moscaritolo, SC Magazine

Federal Agencies: Online Collaboration, Cyber Terrorism, Mobility, Web 2.0 Their Biggest Security Threats – Kelly Jackson Higgins, DarkReading

Cyber Thugs: Gang Members Use Facebook, Twitter to Network – KTLA News

200 Web Sites Spread al-Qaida’s Message in English – Donna Abu-Nasr and Lee Keath, Associated Press

National Cyber Incident Response Plan Coming – J. Nicholas Hoover, InformationWeek

3 Basic Steps Can Thwart Most Cyberattacks, NSA Security Official Says – Ben Bain, Government Computer News

Senate Panel: 80 Percent of Cyber Attacks Preventable – Kim Zetter, Threat Level

FBI Suspects Terrorists Are Exploring Cyber Attacks – Siobhan Gorman, Wall Street Journal [testimony here]

Cyber Personal Hygiene Isn’t Sexy, But It Works! – Steven Bucci, Security Debrief

Brazil’s Next Battlefield: Cyberspace – Michael Mylrea, Foreign Policy Journal

Debate Continues Over Cyber Protection, NSA Role – William Matthews, Defense News

Talks Among World Experts About What Constitutes Cyberwar Grow Cold – Jill R. Aitoro, NextGov

Cyber Agencies Mum On How They Try to Identify Cyberattackers – Jill R. Aitoro, NextGov -

So, McAfee have released their fifth Virtual Criminology Report for 2009, Virtually Here: The Age of Cyber Warfare [pdf]. It’s kicking up a huge stink across the wires, largely because of the ‘age of cyberwar is here!’ headlines just begging to be used by editors and screaming bloggers everywhere.

It’s not a big report but it’s not a bad one either. It manages to steer a level-headed line through the discursive melee that is anything to do with cybersecurity these days. It’s core mission is to ‘encourage and frame a global dialogue on protecting our digital resources from the scourge of cyber war’. That last clause is a little dramatic as the report makes it clear that the ’scourge’ is purely a potential one at present, despite its possible precursors in Estonia, Georgia, etc. Its global remit is fulfilled by its contributors, drawn from the US, China, Japan, Australia, UK and South America.

It makes some sensible points about using criminal laws to pursue and prosecute offenders but acknowledges those limits. It addresses the problems with deterrence regimes and international treaties governing use of ‘cyber weapons’, and attempts to parse some of the difficulties in determining between cyber espionage and warfare. Whilst there is an implicit focus on business interests, these are linked to the economic case for cybersecurity. It makes a curious statement about proactive cybersecurity measures avoiding ‘the need for governments to ever contemplate a Big Brother appraoch to cyber security’. I’d rather they just came out straight with saying that was a priori a bad idea.

The central theme is to encourage cross-sector dialogue, particularly in public. It is critical of the current behind-closed-doors mentality, as am I. I don’t hold out much hope for it achieving that goal but it’s one I support.

Don’t read too much into the cover. Cooling towers in a wintry landscape: is that smoke meant to be there? The nuclear accident overtones are fairly clear, although you have to ask what else they could have put on the cover. The infrastructure meltdown theme is continued on page 2 as handsome control-systems-man covers his face with his hand, presumably in despair as the latest SCADA hack releases noxious effluent upon a previously green-and-pleasant land, or some such nasty side-effect of poor cybersecurity. Anyway, that’s just the visuals and I’m not going to criticise them, as there’s not a mushroom cloud anywhere in the report.

In fact, the whole thing’s quite restrained. This is a bit of a surprise, given it was funded by McAfee – huge security vendor – and written by Good Harbor – big consultancy player. I’m sure people better-informed than me will find points to challenge but it’s not a bad document in my view.

Web security firm McAfee released a report warning of a “cyber space race,” with countries like U.S., Israel, Russia, China, and France gearing up for cyber offensives.

The McAfee report was prepared by cybersecurity expert Paul Kurtz, a former White House adviser. It said cyberattacks were on the rise and “cyberwarfare is a reality.”

“Over the past year, the increase in politically motivated cyberattacks has raised alarm and caution, with targets including the White House, Department of Homeland Security, US Secret Service and Department of Defense in the US alone.

“Nation-states are actively developing cyberwarfare capabilities and involved in the cyber arms race, targeting government networks and critical infrastructures,” the report said.

The Web security company said critical infrastructure such as power grids, transportation, telecommunication, finance and water supplies was particularly vulnerable.

“In most developed countries, critical infrastructure is connected to the Internet and lacks proper security functions, leaving these installations vulnerable to attacks,” McAfee said.

(CNET) – Major countries and nation-states are engaged in a “Cyber Cold War,” amassing cyberweapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee.

In particular, countries gearing up for cyberoffensives are the U.S., Israel, Russia, China, and France, the says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 experts in international relations, national security and Internet security.

“We don’t believe we’ve seen cases of cyberwarfare,” said Dmitri Alperovitch, vice president of threat research at McAfee. “Nations have been reluctant to use those capabilities because of the likelihood that [a big cyberattack] could do harm to their own country. The world is so interconnected these days.”

Threats of cyberwarfare have been hyped for decades. There have been unauthorized penetrations into government systems since the early ARPANET days and it has long been known that the U.S. critical infrastructure is vulnerable.

However, experts are putting dots together and seeing patterns that indicate that there is increasing intelligence gathering and building of sophisticated cyberattack capabilities, according to the report titled “Virtually Here: The Age of Cyber Warfare.”

“While we have not yet seen a ‘hot’ cyberwar between major powers, the efforts of nation-states to build increasingly sophisticated cyberattack capabilities, and in some cases demonstrate a willingness to use them, suggest that a ‘Cyber Cold War’ may have already begun,” the report says.

Because pinpointing the source of cyberattacks is usually difficult if not impossible, the motivations can only be speculated upon, making the whole cyberwar debate an intellectual exercise at this point. But the report offers some theories.

For instance, Alperovitch speculates that the July 4 attacks denial-of-service on Web sites in the U.S. and South Korea could have been a test by an foreign entity to see if flooding South Korean networks and the transcontinental communications between the U.S. and South Korea would disrupt the ability of the U.S. military in South Korea to communicate with military leaders in Washington, D.C., and the Pacific Command in Hawaii.

“The ability of the North Koreans to disable cybercommunications between the U.S. and South Korea would give them a huge strategic advantage” if they were to attack South Korea, he said.

There have been earlier attacks that smack of cyberwarfare too. Estonian government and commercial sites suffered debilitating denial-of-service attacks in 2007, and last year sites in Georgia were attacked during the South Ossetia war, orchestrated by civilian attackers, the report says.

The report concludes that if we aren’t seeing it already, cyberwarfare will be a reality soon enough.

“Over the next 20 to 30 years, cyberattacks will increasingly become a component of war,” William Crowell, a former NSA deputy director, is quoted as saying. “What I can’t foresee is whether networks will be so pervasive and unprotected that cyberwar operations will stand alone.”

I haven’t got time to go into this now but I really can’t tell from a brief shufti whether this is news or not:

Cyber war has moved from fiction to fact, says a report.

Compiled by security firm McAfee, it bases its conclusion on analysis of recent net-based attacks. Analysis of the motives of the actors behind many attacks carried out via the internet showed that many were mounted with a explicitly political aim. It said that many nations were now arming to defend themselves in a cyber war and readying forces to conduct their own attacks.

While definitions of what constitutes cyber war are not shared, it was clear that many nations were preparing for a future in which conflict was partly conducted via the net. “There are at least five countries known to be arming themselves for this kind of conflict,” said Greg Day, primary analyst for security at McAfee Europe. The UK, Germany, France, China and North Korea are known to be developing their own capabilities.

Etc, etc…

More on this at Welt Online, CNet and Network World. Cue nonsense all over the net by lunchtime.

Cyber Warfare – Asghar Javed, The Nation

The Counter Intuitiveness of Cyber Security – JD, al Sahwa

Cyber War Technology – Mobashir Ahmed, Techno Platforms

The Real Hustle and the Psychology of Scam Victims – Frank Stajano, Light Blue Touchpaper

NZ Interloper to Commercialise UK Internet Blocking – John Ozimek, The Register

Iraq Cyber Attack and the DigiSEALs – Kevin Coleman, Defense Tech

U.S. Struggles with ‘Electronic Fratricide’ in Afghanistan – Nathan Hodge, Danger Room

Never Understimate The Power Of A Botnet – Gadi Evron, Dark Reading

Obama Said to Be Close Again to Naming Cybersecurity Chief – Jaikumar Vijayan, ComputerWorld

In the 2006 Quadrennial Defense Review there is a very useful graphic threat/capability matrix which I often use in lectures and seminars.

Usually what I like to do is illustrate each element of the matrix with a photo overlay which I hope captures the character of the threat–you know, Osama bin Laden in the upper left square, something big and metallic bristling with firepower in the lower left, the Twin Towers collapsing in the upper right. But to be honest I always struggle with what to put in the lower right quadrant. What exactly does the Pentagon mean by a ‘Disruptive’ threat? It’s not exactly clear in the QDR itself and I’ve long assumed it to mean, more or less, some form of cyber attack. And how does one illustrate a cyber attack? Well, since a shot of a microchip isn’t really all that visually exciting, I have tended to use the movie poster below from Die Hard 4.0 (the crappiest of the Die Hards but at least it purports to be about cyberwar–sorta).

Which is kind of stupid because, as my friend and coilleague and PhD student Tim Stevens writes in today’s Guardian. ‘Keeping ‘digital 911′ fears in check‘ Die Hard 4.0 is pretty much exactly the opposite of a helpful illustration of the concept.* The reality:

Apocalyptic visions of “cybergeddon” or a “digital 9/11” are overblown but there is little doubt that the digital networks on which British innovation and economic growth have relied over the last decade are as much an achilles heel as they are its foundation. 

Tim talks a lot of good sense about Cyberwar. If this issue is on your research agenda too you would do well to read his article and hang around his excellent blog ubiwar too.

*Which isn’t to say that this isn’t how the Pentagon conceives of the disruptive threat/cyberwar.

Cult of Cyberattack – George Smith, Global Security

Twitter and Iran: First Get the Data, Then Talk – Patrick Philippe Meier, iRevolution

The Cyberwar Plan – Shane Harris, National Journal

Kung Fu Shrine Under Attack – People’s Daily Online

How Your Brain Sees Virtual You – Ewen Callaway, New Scientist

U.S. Deputy Defense Secretary Says Battlefield Success Depends on Technology Development – defpro.news

Fort Hood and Social Media: Between Two Extremes – Adam Elkus, Huffington Post

Consumed: The Hype Around Augmented Reality – Rob Walker, New York Times

Email Surveillance: Ditch It For Good – Simon Davies, The Guardian

Words To the Wise – CyberSec.eu

GAO: Los Alamos National Lab’s Cybersecurity Lacking – Grant Gross, PC World

Lawmakers Set to Probe Broadband, Privacy, Cybersecurity – Kenneth Corbin, InternetNews.com

CDW-G Issues Federal Cybersecurity Report – TMC News

A Web of Lone Wolves – Evan Kohlmann, Foreign Policy

Introduction: Ubiquitous Human Computing – The Future of the Internet

Grossbritannien will bis zum März 2010 ein Cyber Security Operations Centre (CSOC) einrichten, das zunächst aus 19 Leuten bestehen soll. Das Team soll Angriffe auf die IT-Infrastruktur Großbritanniens erkennen und abwehren. Ausserdem sollen die „Cyber-Krieger“ gegebenenfalls auch Gegenangriffe durchführen. Neben dem CSOC will die britische Regierung auch das sogenannte Office of Cyber Security einrichten, das die Kriegsführung im Cyberwar strategisch planen soll.

Wie die Mitarbeiter für das CSOC ausgewählt wurden ist nicht genau bekannt. Allerdings gab es ein Talentwettbewerb, bei dem junge “Hacker” ihre Fähigkeiten unter Beweis stellen Konnten. Es ist jedoch auch eine Kooperation mit Unternehmen oder Hochschulen bei der Auswahl geeigneter Kandidaten möglich.

Neben Grossbritannien gibt es immer mehr Länder, die sich am Cyberwar beteiligen wollen und entsprechende Einrichtungen errichten. Auf der anderen Seite werden Hacking und Cyberkriminalität immer härter bestraft. Ein aktuelles Beispiel ist die geplante Auslieferung des „NASA-Hackers“ Gary McKinnon, die in der Hacker-Szene auf Entrüstung stösst.

Cyber Chinese! – Helmut, Phronesisaical

Cyber Warfare: The Corporate Community – Sam Liles, Selil Blog

But Is It Art? Modern Warfare 2, Computer Games and Morality – Paul Raven, Futurismic

Content vs. Context – Internet Haganah

Internet ‘As Dangerous As Letting Children Go Out Into the Street’ Says Prof Tanya Byron – Stephen Adams, Daily Telegraph

Pak Cyber Criminals Deface 50 Indian Websites a Day – TMC News

Rise of the Cyber Wingman: 10 Principles Airmen Must Know – Air Force Space Command

Iran to Set Up Cyber Police to Counter Web Crimes – Xinhua

China Proves to be an Aggressive Foe in Cyberspace – Ellen Nakashima & John Pomfret, Washington Post

Augmented Reality Security Considerations – Doug Crescenzi, MetaSecurity [also at SecureMetaverse - cheers for the link, Doug!]

The $9m World-Wide Bank Robbery – Gary Warner, CyberCrime & Doing Time

A Primer on DDoS – Richard Stiennon, ThreatChaos

Cyber Warfare: The Intelligence Community – Sam Liles, Selil Blog

The Big Impact of Small Footprints – Thomas Hegghammer, AfPak Channel

On the Eve of E-Destruction – Terry Sweeney, Internet Evolution

Spam Laws Around the World – Amir Lev, ComputerWorld

Lockheed Martin to Open NexGen Cyber Innovation & Technology Center, Technology Cyber Security Alliance to be Announced – RTT News

Third of Agency Report Daily Cyber Incidents – Eric Chabrow, GovInfoSecurity

Reports on Non-Kinetic Weapons Mixed – David A. Fulghum & Douglas Barrie, Aviation Week

How to DDoS a Federal Wiretap – Robert McMillan, ComputerWorld

Ten Geeky Laws That Ought to Exist, But Don’t – Matt Blum, Geek Dad

Conventional War Strategy Doesn’t Work in Cyberspace: Interview with Martin Libicki – Eric Chabrow, GovInfoSecurity

Cyber Warfare: The Military Community – Sam Liles, Selil Blog

Cyber Defense Spending in the 2010 Defense Authorization Act – Richard Stiennon, ThreatChaos

Modern Warfare 2: ‘No link Between Video Games and Adult Violence’ – Emma Barnett, Daily Telegraph

Australian Minister of Defence Releases Defence ICT Strategy – defpro.news

Pentagon Chiefs Buy Net-Security Early Warning System – Lewis Page, The Register

Cyber Warfare: The New Nuclear Scare? – Perspectives on Global Issues

Terrorism in the Age of Technology: Profs Discuss Biothreats and Cyber Warfare – Erin Szulman, Cornell Daily Sun

Report: Globalization of Malware Production – Simon Heron, Information Security Resources

Department Of Interior Fails Cybersecurity Audit – J. Nicholas Hoover, InformationWeek

Cyber Security, Or What You Will – Jean Gordon Kocienda, Cisco Blog

Breaking the Botnet Code – Robert Lemos, MIT Technology Review

An FBI Cybercrime Agent’s Tales From the Trenches – Renay San Miguel, E-Commerce News

If I Can Measure It, It’s Information – Liz Losh, Virtual Politik

The CBS 60 Minutes special, Cyberwar: Sabotaging the System, has been all over the internet since it was first shown last weekend, so I’m behind the response curve here. I was really hoping for an honest piece of illuminating journalism but I’m afraid that’s not what we got.

I don’t know if this is an endemic failing of major US news outlets – rest assured, we have our problems in the UK too; I’m not Yank-bashing – but if you’re going to broadcast pieces as documentaries, then you need dissenting voices to balance your case. Without them there is no dialogue, and you end up with a polemic, which is how this film comes across. It is low on facts and high on unsubstantiated speculation and scaremongering. Worse, it feels like an institutional attempt to shame big business into action. They may need a kick up the ass but portraying them solely as entities who, I quote, “lied to Congress” is unlikely to foster the sort of partnership an integrated strategy requires.

The film was also dishonestly edited in at least one place and, overall, the film just doesn’t cut the journalistic mustard. Let me qualify my comments a bit though and in so doing reiterate what have unintentionally become central themes of this blog:

1. Threats exist.

2. A small number of these threats are potentially serious.

3. Most of these threats are not really threats.

4. Strategic planning relies in part on consideration of worst-case scenarios.

5. Worst-case scenarios should not be the sole pivot of public debate.

6. Hyperbole should be avoided in serious debate.

7. Serious and public debate is necessary.

8. Media have a responsibility to portray the real debate, and in its proper context.

9. Manichean views of cybersecurity are unhelpful and inaccurate: you are not either ‘against us’, or ‘with us’.

10. Concerted and responsible action is required.

When you put it like that, life doesn’t seem quite so hysterical, does it? I would also add a last point:

11. Who are you?

What is your position in this debate, and whose interests are you serving? I would suggest that if you’re not actually focused on your neighbourhood and your fellow humans, wherever they may be, then you may need to recalibrate your view of the world. Sam Liles has just kicked off a new series on community biases and I look forward to his comments. This is also something that I’m going to be looking at over the next year or so, although my ontological approach differs from Sam’s epistemological one. Both are valid and the results may help to clarify what exactly we’re all talking about.

If you get your ideas from programs like this CBS one, I’m sorry. I’m sorry also that CBS got its ideas from a small corner of the security establishment, and failed to acknowledge this. Worst of all, they failed to capture the nature of the environment satisfactorily. Poor show.

Update: John Robb agrees, admittedly for slightly different reasons than I’ve outlined above:

60 Minutes on cyberwarfare.  Sensationalist.  Based on a comprehensive misunderstanding of the dynamics of warfare driving this.  The $17 billion that is slated to be spent on US “cyber security” will almost certainly be ineffectual.  The consultants in the show are so far behind the powercurve, they aren’t even in the game.  They are only a small part of phalanx of contractors now pushing cyber security — a process akin to the sale of the Maginot line…

Another offering from the BBC’s Digital Revolution project. Ross Anderson is Professor in Security Engineering at Cambridge University, and an author and blogger specialising in computer security and cryptology. The BBC interviewed him about cyberwar and the possibilities of cyber attacks on the UK. His responses are curt, well-reasoned, and suggest that there is a lot of hype about cyber threats that isn’t borne out by the facts. Build your defences well and you won’t have a problem. Sound familiar? Watch it here.

The engaging and erudite Thoomas Ilves, President of Estonia, is interviewed by the BBC’s Digital Revolution project. He is inevitably asked about the 2007 attacks, Estonia’s relationship with Russia, and his country’s measures since then, but he’s most interesting on the role of NATO and his very sound summarising of the problems of tracing and responding to cyber attacks. Watch here. Recommended.

27 Billion Hours Were Spent on the Internet Globally in Sept 2009 – Watching YouTube

Securing the Cyber Supply Chain – J. Nicholas Hoover, Information Week

Cyber Attacks Caused Brazil Power Outages – 60 Minutes, CBS News

Opinion: Cyber Boot Camp – Robert Knake, Government Security News

US Marine Corps & Cyberwar – TechNet Asia

Cyber Vandal Hits Police Website – BBC News

Virtual Computer Museum – Russian Cyberspace

Cyber Warfare: Communities – Sam Liles

The Digital Fog of War – Tim Hsia, New York Times