
Panetta Warns of Dire Threat of Cyberattack on U.S. - 001sky
http://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html
======
drzaiusapelord
The money wasted on these pork bills and civil rights violations that will
probably pass with flying colors regardless of who wins the election could be
better spent buying every 0day for sale. Imagine a few billion in a fund just
for buying zero days for sale and forcing the companies with the vulnerable
product to tell its customers that it had vulnerabilities and that they've now
been patched. Heck, tax companies that write insecure software more.

Instead, we'll see some federal guidelines that do nothing but enrich
connected defense IT contractors milking the endless cow of defense spending.

~~~
001sky
relevant > [http://www.washingtonpost.com/wp-
srv/special/local/highest-i...](http://www.washingtonpost.com/wp-
srv/special/local/highest-income-counties/)

------
chunkyslink
> They could derail passenger trains, or even more dangerous, derail passenger
> trains loaded with lethal chemicals.

Why are passenger trains loaded with lethal chemicals in the first place?

~~~
pav3l
Even worse! They could derail passenger trains loaded with lethal chemicals
and nuclear weapons!

~~~
mturmon
Mock him if you must.

Panetta raises the issue that a combination of attacks could cause loss of
life and a new sense of vulnerability among the public. (From the article:
"...would cause physical destruction and the loss of life, an attack that
would paralyze and shock the nation and create a profound new sense of
vulnerability.")

The last time the public had that sudden sense of vulnerability, on 9/11 of
course, there was a tremendous and partly counterproductive reaction that
we're still dealing with.

It could be smarter to put in place laws to force private companies to report
cyberattacks, so the government can understand the scope of the problem, than
to pay for the reactive spasms that would follow a successful attack.

~~~
Vivtek
The last time the public had that sudden sense of vulnerability, the
government did everything in their power to stoke those anaphylactic fires.
Panetta wants more money, pure and simple, and he knows that fear of the
unknown is the best way to get sound bites and the Congressional ear.

They don't _want_ smart - otherwise we'd already be doing the smart thing.

~~~
mturmon
"government ... stoked": yes, I agree. It's a shame.

I think Panetta partly wants money, but even more, wants laws changed so that
privately-operated infrastructure has to have certain security provisions. His
agency can't compel it without a law.

History has shown that market forces are not always sufficient to guard
against catastrophic events.

~~~
001sky
He Can always testify before congress...No? Every political fundraising memo
is form of "Guy X warns of Doom...Act Now...send your $$$" Where was he for
Bhengazi?

------
pseingatl
I have a friend who works for Saudi Aramco. They tried to play down the
effects of the attack, but they had to replace 30,000 hard drives. My friend's
work for the past year was wiped out. The only people who were saved were
those who made local back-ups on USB drives which were not connected. In most
large companies, there are strict rules about connecting personal hard drives
to the company's network, but in this case, those who violated the rules were
able to survive the attack best. Back-ups were compromised as well. It is not
clear why Aramco did not have back-ups which were offline and accessible.

------
DigitalSea
I have a genius plan to protect computers and networks from cyber attacks, I
plan on selling it to the Government I really think it's a good idea. My
asking price will be at least $1.2 billion for a minimum 10 year contract, but
I'd be willing to negotiate a little bit to stay competitive with competitors
like Lockheed.

1) Disconnect any computer from the Internet that controls anything that can
be compromised.

2) Keep the computers disconnected.

BAM! no Internet connection, no cyber-security threat. Now if you'll excuse
me, I'm just going to fire up my Ubuntu terminal and derail a passenger train
full of chemicals whilst simultaneously breaking down a dam wall in another
terminal window.

Seriously though, I think we're all doomed if dams, nuclear reactors, airports
and passenger train networks are as accessible from the Internet as Panetta
says they are in the first place...

~~~
fictorial
I wonder if autonomous Internet surveillance understands sarcasm. You're
probably on some watch list now, sad as that may be.

~~~
DigitalSea
I thought the exact same thing as you after posting and re-reading my comment.
If they come after me, I guess I'll have to open up another terminal window
and hack into their car computer system and make them drive in the wrong
direction, after I hack all traffic lights to slow them down of course ;)

------
ynniv
What the hell is a "defensive" "cyberweapon"? Are we going to shoot down an
incoming SSH session? Poison a compromised SSL session? Like screaming
aircraft in space, these people have no idea what cyber warfare looks like.

How do they expect to defend against it?

~~~
mtgx
If you look closely at what they are proposing, the new bills and the new
budgets almost always go into "offensive cyber capabilities" not defensive
ones. So while they keep the fearmongering about cyber attacks, all they are
doing is building better weapons to attack others themselves, and has nothing
to do with protection, which also creates a loop where if the US does get
attack because the networks are not protected, they get to demand for even
more funding, and continue the cycle.

~~~
ynniv
Exactly. This is a ploy to spend money building our offensive weapons. Pork
for a campaign contributor, sharp sticks for the intelligence agencies.

------
OldSchool
I think we can safely assume that these bureaucrats know nothing at all about
Cyber-anything. I don't think we even need to ask where this statement
ultimately leads. It leads to a total loss of internet anonymity. It may take
a generation for that to be a given, but that's clearly the goal. That goal
provides about as much value to the nation as the "war on terror." The end of
the cold war sure left quite a vacuum. It took about a decade to find
something to take its place.

------
aidenn0
Good thing we didn't provoke Iran by attacking with cyber-warfare.

------
rsync
I wish that every headline of this type had windows in parentheses ...
"Panetta Warns of Dire Threat of (Windows) Cyberattack on U.S."

How many years ago were we up on that stage at defcon while bo2k was demoed ?
And 12 years later nation states (Iran) are getting owned by the same old
autorun.inf.

~~~
ohashi
Humans are still humans. Software security can increase but people are still
weak and convenience versus security is a common trade off.

------
haspoken
This article appears to expose a serious violation against the International
Olympic Committed by the inappropriate use of "Olympic Games".

While it is possible that a proper license was obtained, it seems extremely
unlikely that the IOC would permit there trademark to be used for an operation
instigating a terrorist attack against one of its members countries and I am
currently unaware of the IOC adopting hacking as a completive sport.

The article states "Mr. Obama ordered sophisticated attacks on the computer
systems that run Iran’s main nuclear enrichment plants, according to
participants in the program. He decided to accelerate the attacks, which were
begun in the Bush administration and code-named Olympic Games,"

------
mcantelon
Modern witch doctor has things he wants.

------
crayola
Since when is it ok for a US official to talk about China and Russia as
"adversaries"?

------
capex
Probably spoken for the law makers.

------
ck2
Well then take those systems off the internet. Problem 100% solved.

Why the heck are they on the internet in the first place?

~~~
catshirt
unfortunately i think 100% is quite an overstatement. (given that we're
talking about people dying, and all).

~~~
catshirt
i'm sorry. the downvotes would suggest when your network is not connected to
the internet you are invulnerable to cyber attacks? lol

------
ktizo
_“I’m not sure they’re going to volunteer if they don’t feel that they’re
protected legally in terms of sharing information. So our hope is that
ultimately we can get Congress to adopt that kind of legislation,”_

Translation: Before we loot their databases, we have to reassure them that
they are not liable.

