Sacrificing liberty for cyber-security

On 04/07/2011, in Security, by Norman Dean

“Those Who Sacrifice Liberty For [Cyber] Security Deserve Neither” – Ben Franklin

 

The media had a field day when the Egyptian government terminated broadband internet access for most of its citizens a few months back. On the heels of the weaponized worm know as Stuxnet, Congress wishes to give the President the power to kill the internet in the event of a cyber attack on our nations infrastructure.  Unlike Egypt congress wishes the US government to have an actual mechanism in place to terminate internet access across the board to prevent access to key infrastructure targets during a cyber attack. Read about it here. Congress and the White House have also thrown around the idea to control the internet not only with a kill switch but also by requiring a internet ID card, the foreseen implications and sheer expansion of infrastructure to control such a system is mind boggling to say the least.

 

 

What started the whole thing is the emergence of Stuxnet, a worm specifically designed as a cyber weapon created for one purpose… disable Iran’s nuclear enrichment facilities. This worm is not a creature of the internet, it was discovered first in Iran and it is believed to have been planted. Only when the worm found a specific target would it really come alive to complete its goal. Its goal was to jump from a infected Windows PC to a PIC controller, hijack it then give fake feedback data to the controllers operator while messing with the equipment until it fails usually catastrophically. What is really causing all the hoopla is that other controllers of the same type are vulnerable. These controllers are all over the place in power plants and factories. Most of the countries infrastructure and military control systems are quarantined from the internet to protect from just such attacks, and always have been.  The only way any systems quarantined from the internet is for the worm to be introduced to a network physically on a USB key or a portable computer that has already been infected.

So why try to control the internet when these systems are not connected to it? That is the real question.

Norman Dean  7/4/2011

 

 

 

 

 

 

Comments are closed.