This month’s Ostrich Award would have to go to Bruce Schneier for his opinion piece on CNN.com. In it, he states that he’s seeing a power struggle in the US government about who’s in charge of Cyber Security. In a surprizingly anti-establishment departure from his normally so levelheaded approach, he surmises that there’s some kind of goldrush going on that the Military is winning. By continuously beating the war drums, says Schneier, the Internet may become militarized and we can infer by this rhetoric that “citizens lose” when that happens. However: what he’s really seeing is the various branches of the armed forces rushing to finally defend the networks they were already supposed to be defending.
His article quotes people like Richard Clarke, General Keith Alexander and NSA Director Mike McConnell whom, according to Schneier, have all been actively hyping the dangers of cyber war just to get a leg up for their respective agencies. In a dangerous demonstration of sticking one’s head firmly in the sand, he goes on to point out that what we’ve seen so far is nothing but a little cyber espionage and little kids playing ‘hackerz’ on the internet. Sadly, by doing so he is dismissing the overwhelming evidence out there of the state-level involvement by multiple countries with the planting of logic bombs in national power grids (not just in the US) to what is seen by the military as ‘preparing the battlefield’. He also essentially dismisses cyber espionage being an act of war because we can’t properly attribute it, even though we’re seeing a massive exfiltration of data in virtually all fields (military, commercial and political). No reasonable person would consider it a minor infraction if this had been done by spies in the field – attributed or not. Apparently, the fact that its ‘only digital’ espionage makes it harmless.
Schneier concludes that this whole beating of the war drums reinforces the notion that we’re vulnerable. Well Yes Bruce, have you considered that this might be that its because you are? Really, you should do a little more research about discovered breaches into armed forces networks (SIPRNET et al) and critical infrastructure networks before writing this stuff. There are tons of articles out there that would further discredit your opinion piece on CNN. You could also go ahead and pick up a few books like Richard Stiennon’s Surviving Cyber War or Jeffrey Carr’s Inside Cyber Warfare. Hell, even Richard Clarke’s Cyber War contains some interesting stuff that you can actually go out and validate yourself.
If nothing else, you could go by the notion that if something is possible, you can bet that someone is doing it.