Monday, November 16, 2009


Often Brit opinion writers are as bad and boring as newsmen in the United States. Finding they have little to say for a Monday morning, they read something written on the other side of the pond and copy it, only with a slant intended to make it seem more reassuring and balanced.

So today we have at the Guardian, one dude who takes DD's shtick and waters it down into nothingness for the masses:

"Last weekend US television viewers were treated to a CBS 60 Minutes special on cyber attacks that presented a doomsday scenario familiar to anyone who has seen Die Hard 4.0: an enemy of the state gains control over national computer networks, plunging citizens into cold and darkness and starving them of food and water. They hold the country to ransom by downloading the entire financial and intelligence records of a highly wired modern country, and remotely manipulate security forces unable to prevent subsequent breakdowns in social order."

Ahem. A little too lazy and close for comfort, I think.

DD referenced Die Hard and has in the past. As a joke.

Tim Stevens fails to note for UK readers that Live Free of Die Hard was such a campy movie it could not, in any way, be taken seriously. The highpoints of it are few -- all Bruce Willis's McClane character beating the stuffing from or killing various evil henchmen. All the bad computer hackers go down hard, their faces punched and broken, their necks thoroughly wrung by movie's end. At one point, Willis even shoots down a superfighter jet, one that has just destroyed much of the freeway infrastructure of Washington, DC, in trying to get him. (McClane also flings his car at a hovering helicopter, destroying it. That's pretty cyberwar, don't you think?)

DD's favorite part of the movie comes when McClane duels with a kick-boxing dominatrix in a black suit, eventually tossing her down an elevator shaft and throwing an SUV on top of her. She was so tough, she needed special treatment.

But I digress.

"In the UK, large-scale cyber attacks could affect the networks that provide power, water and food, disrupt emergency services and communications, and hit the financial system," writes Stevens although he has no way of knowing this.

"One can imagine the chaos caused if the ATM network stopped dispensing cash, or if business email systems failed, or if domestic gas supplies dried up. What really keeps security bosses awake at night is the 'cascading failure' of multiple systems: as one fails, so does the next, and the next ... The list of potential aggressors is long too: states, terrorists, hackers, criminals, the curious and the insane."

Yes, one can imagine. As thousands have done before since, oh -- about 1994.

"Apocalyptic visions of 'cybergeddon' or a 'digital 9/11' are overblown ... "

You hack. Yes, I'm speaking to you.

"The challenge to government is how to harness the skills and capabilities of a wide range of stakeholders to defend against cyber attacks: military, intelligence, law enforcement, industry, privacy advocates, lawyers, civil servants, and you and me, the average and largely pacific internet-using public."

How reasonable and wise. I bet it took every bit of thirty seconds to formulate.

"At present we simply do not know how well-prepared the UK is to withstand a concerted cyber attack, nor how resilient our critical infrastructures are if large chunks of computer network go offline," the commenter continues.

"We may get some clues shortly, as the multi-agency Operation White Noise simulates the total loss of our mobile and fixed-line telephone networks. Such red-team exercises, and broad consultation, will better inform the next strategic defence review and the cybersecurity policies that will be a focus for whichever party wins the spring election."

DD will tell you what you'll get in the way of 'clues.'

No clues. Not designed to work that way.

It will be another in a long list of exercises rigged to take no account of human resilience or the iffy-ness of the real world, with the attacks made jumped-up and steroidal on the virtual table-top until attention-riveting Biblical catastrophe and confusion are delivered unto your doorstep. And then all the good jounalists will act as reporters and commenters, to tell all how fragile [your/our] networked civilization is to the numerous and all powerful bad guys lurking out there in the dark.

We can hardly wait.


Blogger ubiwar said...

Well, DD, you didn't exactly get the point of my article, did you? And just to head you off at the pass about self-Googling, I actually subscribe to your blog.

Before I tackle you on a couple of specific points, you might be interested to check the archives at my blog to see how consistent I have been in my criticism of most of what you criticise too. See my critique of the 60 Minutes special, for example.

The speculative scenarios were exactly that, as consistently spouted by those who have other fish to fry in terms of institutional identity building, commercial interests, etc. The Die Hard 4.0 reference was deliberately deployed to flag up how ludicrous most of these claims are - an irony you unfortunately missed - hence the fact they are 'overblown'.

That said, some concerns are valid, and I in no way was getting
"jumped-up and steroidal on the virtual table-top", etc. Again, check my pedigree at the blog.

Perhaps the point could have been made more explicitly re fear-mongering, etc. As an academic - not a hack; again, please do your homework - I have been very careful to not swallow the hype that surrounds this issue. Hype that principally exists in the US, but is making its way over here to the UK.

The piece makes the point that there has been no public debate in the UK about this. At the same time, government and its agencies are busy preparing for something as 'overblown' as Die Hard 4.0, with little consideration sometimes of the reality of the situation. Basing policy on the back of the obviously hypothetical scenarios I clearly signposted as ludicrous is no way to improve network security, particularly in the absence of public information about what they're up to.

Your point re red-teaming is probably broadly correct. However, my careful choice of 'better inform' is a deliberately hedged assessment of how useful they will be.

In the final assessment, there are problems with cyber security that need to be addressed, and I'm unapologetic about that. I have in no way suggested that this should inevitably lead to a lockdown involving military, intel, law enforcement, etc, that your tone seems to imply. Quite the opposite, in fact. Cyber - whether you like it or not - is an issue for national security, but not national security alone. It cuts across sectors and it involves all sorts of actors. I think what you're hung up on is so-called 'cyberwar', not something I mention, and deliberately so.

One final point: what is your problem with something being 'balanced'? I read your stuff on EMPS, and I agree that the 'crazies' are just that. I would have thought you'd welcome a more reasonable voice when it comes to redressing the discursive imbalance as regards 'cyber'. Apparently not.

Anyway, thanks for your comments.

12:43 PM  
Blogger ubiwar said...

Oh, and just to clear up one further point, the one you started with. Your slanderous accusation of plagiarism is entirely unfounded and unnecessary. If you feel you have the necessary wherewithal to kickstart a public debate in the UK via a national newspaper, I suggest you contact The Guardian.



12:53 PM  
Blogger George Smith said...

'Jumped up and steroidal' was my description of how exercises of this nture have generally gone down.

Your comment reads that you took my tone to mean I thought you were suggesting some manner of lockdown. No, that wasn't part of the thought. But if you got that impression, considering the comments and objections you've raised, OK. I see where you might think that.

What's my problem with being 'balanced'?

'Balanced' in this subject means presenting all the horror stories and scenarios which have been repeated over and over and over alongside gentle crticism. That has been what's defined the outer limit of the debate in the mainstream news for, well, a long long time. Often the gentle criticism doesn't make it to the mat at all. So from my point of view, 'balance' isn't so much that.

In the US, once again the hype on the matter is cranking up. It does so cyclically, mostly, it seems when an administration is seen as not to be throwing enough money to security contractors leasing their employees and advice to the government.

And so one is able to track, in my case -- through the Google news aggregator -- the result. And that is dreadfully familiar.

1:30 PM  
Blogger George Smith said...

And considering the exchange here, the title of the post seems to have now been overrun.

1:35 PM  
Blogger ubiwar said...

Hi George,

Well, I certainly agree with you re aggregators - a litany of doom and gloom indeed. Your comment re budget cycles is also true, as insiders will tell you.

On balance, I would ask you to consider the UK situation. There has not been any real public debate on these issues outside of my blog and a couple of news outlets. As a well-respected left-of-centre newspaper it would profit The Guardian nothing to have someone weighing in in 'unbalanced' fashion on this subject. The last thing, frankly, I want is a repeat of what passes for constructive discussion Stateside on cyber issues. With that in mind, you can hopefully see why the tone of the piece is appropriate.

On your second comment, I didn't really understand - 'overrun'? Does that mean I'm as bad and boring as you initially suggest, or have we managed to find some common ground?

Yours in penmanship,

A. Hack

1:52 PM  
Blogger George Smith said...

The latter of course, common ground.

Not so intransigently,


1:59 PM  
Blogger ubiwar said...

Fair dos, as we say in Blighty!

2:17 PM  

Post a Comment

<< Home