Saturday, November 12, 2011

Cyverjaw - The Real Challenges

Yesterday I went to a fascinating event organised by the CSAP and students organisation, Conenctions - at

In the talks, the speakers outlined their various views of the challenges - current mainstream dogma is split between the view that cyberwarfare takes place in a new dimension (not just land, sea or air), and the view that it is an additional aspect to the existing dimensions. This is real naval gazing (pun intended). For me, you need to consider the real, potential attacks, countermeasures, and whether you can even recognize cyberwar as such at all - so for example:...

You finally realized the fact that we are in the midst of World War III, and its a Cyberwar - the characteristic signature of a cyberwar is that you can't identify the assailant, and you probably wont get a chance to retaliate. So who bought down the government of iceland,force portugal, italty and gree to form governments of unity against the wish of the democratic peoples' majorities, imposed austerity...its budgets on half of the richest area of the world (the EU) causing unemployment to rise (hence wages to fall) at no risk to themselves? persons unknown in the IMF and the international globalized financial services community are running roughshod over sovereign states. This has all the hallmarks of warfare. so why aren't nation states fighting back? well, the Icelandic people did, but that's it. the Greeks tried, and failed. Not too big to fail: democracy. you know, communism fell before capitalism. Now we are all Chinese.

Some more thoughts:

1. you wake up tomorrow and your phone, radio, tv, internet dont work.
what are you going to do? what is your backup net? what is your reboot
plan? have you even tested how you would cold start everything safely.

2. what if the chinese already launched a cyberwar on Europe, and
bought down the Icelandic, Greek and Italian government by economic
market manipulation? how would you tell? who would you pin it on? how
would you retaliate (if at all)? Globalization trumps democracy, and allows a few small non-accountable agencies to override nation states' populations wishes.

3. the interconnectedness of everything (pace, douglas adams and dirk gently)
means that we live in ahypergrap$a(the hypernet, if you like) -

Once we had separate networks, now we have
information systems all connected to communications systems and to
banking systems. Now what if we connect them to things (sensors+
actuators) - for example, heating, lighting/ac systems are connected
to the net. energy systems are connected to the net. we have a
hypergraph where information and action flows over the system -we
understand how software and content update, and viruses flow over
the internet. we under stand how power flows from generators to
consumers via the grid. we understand how vehicles flow over
transport networks. Now link them. what do we understand? how
Frank Kelly's models of the internet interact with David Mackay's
models of the energy systems, interact with road systems and food
chains? I don't think so. this would represent several PhDs efforts

The body of network science (aka internet science, or web science) now is quite large and provides a tool chain from graph theory, diffusion/percolation/edpidemic/gossip processes, control theory, and other modelling, and a plethora of papers that show practical application of these models, not just to describe and understand processes in graphs (including games/markets/opinion dyanmics, graph growth/shrinkage) but also to design rules (e.g. agent behaviours) to achieve goals (viral marketting, distributed, reactive innoculation of software against malware, analysis of week spots, etc etc)...

We'd need economists and epidemiolgists in the loop too....

Some other thoughts from the meeting:
1. we should have a law requiring reporting of attachs similar to the notion of "Notifiable diseases" (highly infections, high mortailty)
2.We need a treaty that controls selling people weapons (e.g. population surveillance tools) but allows selling defensive measures (firewalls, IDS, and anonymizer technology like TOR).
3. We need treaties immediately that tell our allies, if they are attacked and turn off their external Internet, please don't turn off our defnses (e.g. Windows, Apple IOS, Cisco IOS, Linux, Blackberry and other software updates all run over CDNs rooted in the US - if the US was to disable external access (and it could easily do this at Internet Exchange Points), we'd cease to get bug fixes at the moment when we most need them - the UK (and anyone else, but thats there problem) should factor this in to the NATO (or the UK-US special relationship) immediately.

Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home