Could the U.S. repel a cyberattack?

http://www.usatoday.com/tech/news/computersecurity/2007-06-07-us-cyberattack-preparation_N.htm?csp=34

Could the U.S. repel a cyberattack?
By Ben Arnoldy and Gordon Lubold, The Christian Science Monitor

Oakland and Washington — Evidence is mounting that cyberwarfare tactics are part of the 21st-century arsenals of powers like Russia and China, yet the United States has not made Internet defenses a major priority.

A two-week cyberattack on Estonia – which overloaded government websites, knocked a bank's overseas customers offline, and caused Internet service to slow to a crawl – has brought the issue to the fore for U.S. defense officials. While the tiny Baltic nation reacted well, experts say, the U.S. may be at greater risk for mass disruptions of banking, telecommunications, and government services. The reasons: a lack of coordination, funding, and centralized authority.

"Estonia didn't collapse, and we wouldn't collapse under this type of attack either," says James Lewis, a senior fellow and cybersecurity analyst at the Center for Strategic and International Studies, a think tank in Washington. "But it would be very disruptive."

Repelling major attacks on critical national networks requires enormous coordination inside and outside government, as well as expensive research and preparation. However, primary responsibility for this falls on a small group within the Department of Homeland Security that experts say operates on a tiny budget and with little clout.

"The part of the U.S. government that has responsibility for this doesn't have the authority to command attention from within other parts of the government, and it doesn't have the money to get the work done that is on its plate," says Bill Woodcock, a cybersecurity expert with the non-profit Packet Clearing House who also traveled to Estonia to lend his help.

more...

To deal with DOS attacks...

8th Air Force to become new cyber command

11/3/2006 - WASHINGTON (AFPN) -- During a media conference here Nov. 2, Secretary of the Air Force Michael W. Wynne said the 8th Air Force would become the new Air Force Cyberspace Command.

"I am announcing the steps the Air Force is taking towards establishing an Air Force Cyberspace Command," the secretary said. "The new Cyberspace Command is designated as the 8th Air Force... under the leadership of (Lt. Gen. Robert J. "Bob" Elder Jr.) He will develop the force by reaching across all Air Force commands to draw appropriate leaders and appropriate personnel."

Secretary Wynne said the 67th Network Warfare Wing, now under 8th Air Force, and other elements already within the 8th, would provide "the center of mass" for the nascent Cyberspace Command.

USAF Press Release

(AFCYBER) - wiki

USAF Draft Irregular Combat Doctrine: Cyberspace Allows for ‘Direct’ Strikes on Insurgents

"...“Our enemies are already operating , exploiting the low entry costs and minimal technological investment needed to inflict serious harm,” Moseley said during a speech last September. “We cannot allow them to expand a foothold in this critical strategic domain, much less find sanctuary.”
The service secretary, speaking at the same event, warned that because the military is increasingly dependent on network- and computer-based systems, all other aspects of war fighting could be hindered without an increased focus on cyberspace.
“This domain offers many unique opportunities and highlights a new inviolate principle: Without cyber-dominance, operations in all of the other domains are in fact placed at risk,” Wynne said..."

Defense News

I don't know anything about what kind of threats face us, if they do, etc. Could you elaborate? Why is this bullshit?:shrug: Share the knowledge!

Unless someone deliberately creates a bottleneck, there is no single point of failure, and even in that case it is only the traffic affected by the bottleneck that is "disrupted". This is rather like the Y2K issue, the danger is real, but it is not catastrophic, and it is being inflated far beyond it's true measure. The resources required to carry out something like a global or national attack on the internet are huge, and the remedies relatively straightforward. I am not saying that this or that site is not brought down or inconvenienced from time to time, I am saying that there is no global threat to the internet based on DOS or the like.

And lord knows the "software security" business is a great meal ticket these days ...

Of course the government habitually builds systems with poor security and lots of central points of failure, and I have no doubt that a concerted attack with inside information could bring some federal government systems to their knees, but that it no threat to the internet in general, or to me or you.

A two-week cyberattack on Estonia – which overloaded government websites, knocked a bank's overseas customers offline, and caused Internet service to slow to a crawl – has brought the issue to the fore for U.S. defense officials. While the tiny Baltic nation reacted well, experts say, the U.S. may be at greater risk for mass disruptions of banking, telecommunications, and government services. The reasons: a lack of coordination, funding, and centralized authority.

1.) Notice first that even so small an entity as Estonia, when "attacked" by Russia, was "inconvenienced".

2.) Next notice what was affected, government and business, which habitually centralize their systems to save costs. Possibly some form of DOS was applied to Estonian national network infrastructure as well, causing the slowdown, I can't tell from this. You could try to flood the DNS servers if there were not too many for example, causing a slowdown; or the routers, but I would expect that to be harder.

3.) Next notice the solution, even more "centralized authority", which will make the problem worse by creating bottlenecks, but from a central government point of view will also make it easier to meddle with people they don't like.

I don't think they even know what it is.

I can hear condi now, "who would have thought you could bring the country to it's knees, with a cyber-attack"