Movie Suggestion: Zero Days

Started by deanwebb, November 19, 2016, 07:39:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

deanwebb

November 19, 2016, 07:39:43 AM
Watching it now, about a half-hour into it. It's about Stuxnet... and, man, is it some intense stuff.

Just before starting it, I watched a documentary on Amazon Prime about a red team that physically 0wn3d a power substation. Documentary is called "Hacking the Grid", and it's 15 minutes of fun... unless you do defensive security, in the which case it's more terrifying than Blair Witch Project.

:matrix:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

deanwebb

#1
November 19, 2016, 04:18:05 PM
Finished "Zero Days"... wow... Because the potential for a devastating cyberattack is pervasive, defenses must also be pervasive. But, because the defenses cannot be properly informed of *what* to defend against because of the intense secrecy surrounding cyberweapons, we cannot count on those defenses being sufficient.

Swords, firearms, chemical, biological, and even nuclear weapons all emerged from either tradition or science, where people could see at least the capabilities and effects of those weapons, even if their exact workings escaped them. Everyone knows what is implied if a person sneezes or points the barrel of a shotgun at a target. But what is in the code of the game you just downloaded? What can it do to you?

Beyond that, how many national actors have their hands, essentially, on the killswitches for other nations' power grids and communications networks? How many have a proper handle on their own grids and networks? Not only do we not know, we really have no way of knowing because the very nature of cyberwarfare is that it succeeds because of secrecy. While a military spokesperson could say that if an adversary launches nuclear weapons at us that we will respond within minutes of our own high-alert weapons for a mutually assured destruction, and that such a discussion can lead the adversaries to stand each other off and eye each other warily without using nuclear weapons, we can't have the same in the case of cyberweapons.

I say this because if a nuclear weapon detonates, the world knows about it very easily. One cannot hide a nuclear explosion. But what if the entire power grid goes down in Israel? Is that the result of a faulty power relay substation, or a cyberattack? It could be either cause. What if it was an accident, but attributed to a cyberattack? What if the cyberattack was launched by one group using systems residing in a completely different nation that itself was hostile to Israel - possibly in the hope that Israel would destroy a mutual enemy? And what if Israel went forward in a retaliatory measure without first consulting with its major ally, the USA, but still expected the USA to back up its retaliatory measure? All we see is the lights go dark in Israel and, soon afterward, some other country has a key systems failure of its own. We, as outsiders, have no idea if the events are unrelated or are part of an actual, ongoing war.

What are the weak points of a nation's economy? That's where an adversary could strike. It makes no difference if those weaknesses are domestic or in the form of a vital resource that must be imported from a neutral 3rd-party country. Shut down access to rare earth metals and there goes the ability to replace key parts of a telecommunications network.

Or another example: imagine a disruption that kills off phosphate mining in Morocco, Algeria, and Tunisia, and 20% of the global production of that vital material is gone - think of what that does to the price of fertilizer and, by extension, food. China produces 36% of the world's phosphates - what if it kept its production off the market at the same time? Would that be in reaction to global events and a hope to stockpile the valuable resource, or would that be in coordination with a cyberattack designed to put the rest of the world into a food crisis, with knock-on unrest and possible rioting? Russia produces 6% of the world's phosphates - if it withholds from global markets, is it, too, being prudent or is it in collusion with China in suddenly depriving the world of three-fifths of its fertilizer?

And if this is all a cyberattack done in conjunction with a trade war, what is the proper response? We simply don't know... This film raises lots of questions that we need to seriously think about...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

NetworkGroover

#2
November 21, 2016, 10:45:16 AM
Yeah I thought it was a cool movie as well.
Engineer by day, DJ by night, family first always
Print
Go Up Pages1
User actions