Posts Tagged Network World
Stuxnet cyberattack by US a ‘destabilizing and dangerous’ course of action, security expert Bruce Schneier says
Stuxnet cyberattack by USA ‘destabilizing and dangerous’ course of action, security expert Bruce Schneier says
Schneier calls Stuxnet ‘mistake’ for US, argues world needs to tackle cyber-arms control
By Ellen Messmer, Network World
June 18, 2012
Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran’s uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S. solve geopolitical problems or actually making things worse?
Bruce Schneier, noted security expert and author, whose most recent book is “Liars and Outliers,” argues the U.S. made a mistake with Stuxnet, and he discusses why it’s important for the world to tackle cyber-arms control now in an interview with Network World senior editor Ellen Messmer.
SLIDESHOW: Worst data breaches of 2012 — so far
The question is going to be debated whether Stuxnet was a good tactic to stop Iran from developing a nuclear weapon by sabotaging its facility through a malware attack in a covert action that was ultimately discovered. In an interview with Chris Wallace on Fox News last night, former National Security Agency director, retired Gen. Michael Hayden, said he thought it amounted to “taunting Iran.” Based on the mix of military leadership, governmental leadership and ethical questions it raises, is Stuxnet a suitable approach?
There are two parts to this analysis. The first is tactical: Is a cyber-weapon more or less suitable than a conventional weapon? In 2007 Israel attacked a Syrian nuclear facility; it was a conventional attack with warplanes and bombs. Comparing the two, Stuxnet seems far more humane — even though it damaged networks outside of Iran. The other part to the analysis is more strategic. Stuxnet didn’t just damage the Natanz nuclear facility; it damaged the U.S.’s credibility as a fair arbiter and force for peace in cyberspace. Its effects will be felt as other countries ramp up their offensive cyberspace capabilities in response. For that reason, Stuxnet was a destabilizing and dangerous course of action.
David Sanger’s NY Times article of June 1, headlined “Obama order sped up wave of cyberattacks against Iran,” offers a vivid account of how President Obama decided cyberattacks against Iran should proceed through cooperation with Israel through use of the Stuxnet malware. However effective this might have been in stopping Iran from developing a nuclear weapon, it’s now widely thought that the Stuxnet malware got out of control, spreading in the wild. What’s your view on this, assuming the Times article is fully accurate?
It seems to be correct.
Sanger’s article was very interesting, and it is worth reading, but it basically confirmed everything we all knew. We knew that Stuxnet was the work of Israel and the United States. We knew that it was intended as a pinpoint attack, and spread beyond its intended target. Other investigative journalists uncovered these truths already. What Sanger’s article added to the discussion was detail about the program from inside both the Obama and the Bush administrations.
Richard Clarke’s book “Cyber War” draws the distinction between cyber-espionage and cyberattacks. He argues cyber-espionage should basically be considered a routine, acceptable practice of any country as part of government intelligence operations. But he argues other state-sponsored operations, such as putting malware secretly into a power grid for example, or launching an actual attack, is distinctly different, and has to be considered in the realm of offensive weapons. Clarke suggests cyberweapons should be subject to arms control agreements of various sorts much as other types of weapons that can be used in war are today. Do you draw the distinction between cyber-espionage and cyberweapons along these lines? And should there be an effort by the U.S. and others to craft treaties related to cyber-arms?
Of course there’s a difference between intelligence gathering and offensive military actions. Throughout history, there has been a bright line between the two. And what’s true in the geopolitics of the physical world is no different in cyberspace. This same distinction also exists in computer security more generally. There is a fundamental difference between passive eavesdropping attacks and more active attacks that delete or overwrite data. As to arms control agreements, I think it is vital for both society and cyberspace that we begin these discussions now. We’re in the early years of a cyberwar arms race, an arms race that will be expensive, destabilizing, and dangerously damaging. It will lead to the militarization of cyberspace, and the transformation of the Internet into something much less free and open. Perhaps it’s too late to reverse this trend — certainly you can argue that military grade cyberweapons like Stuxnet and Flame have already destroyed the U.S.’s credibility as a leader for a free and open Internet — but the only chance we have are cyberweapons treaties.
If so, how do you think that should proceed?
I’m not an idealist. I know that cyberwar treaties will be difficult to negotiate and even more difficult to enforce. Given how easy it is for a country to hide a chemical weapons plant, I know that it will be even easier to hide a cyberweapons plant. I also know that there is a lot of money and power trying to sow cyberwar fears.
But even with all of this, I think there is enormous value in the treaty process — and in the treaties themselves. I think we need to proceed by starting the dialogue. We made a mistake with Stuxnet: We traded a small short-term gain for a large longer-term loss. We can’t undo that, but we can do better in the future.
- Schneier Calls US Stuxnet Cyberattack a ‘Destabilizing and Dangerous’ Action (politics.slashdot.org)
- Stuxnet cyberattack by US a ‘destabilising and dangerous’ course of action, security expert Bruce Schneier says (computerworld.co.nz)
- An International Cyberwar Treaty Is the Only Way to Stem the Threat (usnews.com)
- Bruce Schneier: Liars and outliers @ Infosec 2012 (blog.bt.com)
- Stuxnet on the Loose (counterpunch.org)
- Flame Steals Data Even When Computers Are Not Connected to the Internet (blacklistednews.com)
- Bruce Schneier explains security to a neurologist who believes in profiling Muslims at airports (boingboing.net)
- Barack Obama ‘ordered Stuxnet cyber attack on Iran’ (telegraph.co.uk)
- FBI Investigating Stuxnet Leak (dailywireless.org)
- Stuxnet: Anatomy of a Computer Virus (brasschecktv.com)
Big news for IPv6: Akamai to launch service in April
World’s largest CDN to offer IPv4-to-IPv6 translation and dual-stack to all customers
By Carolyn Duffy Marsan, Network World
March 26, 2012 09:17 AM ET
Carrying between 20% and 30% of the Internet’s Web traffic on any given day, Akamai is the world’s largest content delivery network (CDN). Akamai’s engineering team has been working for two years to upgrade its 95,000 servers in 71 countries connected by 1,900 networks to support IPv6.
“We’re highly supportive of IPv6,” says Mike Cucchi, director of product marketing for Akamai. “We’re a large consumer of IP addresses as well, so there are internal drivers. We need and want IPv6 addresses as well as just supporting the Internet community as it migrates to IPv6.”
IPv6 is an upgrade to the Internet’s main communications protocol, which is called IPv4.
IPv6 features an expanded addressing scheme that can support billions of devices connected directly to the Internet. But IPv6 is not backward compatible with IPv4, which is running out of addresses. Network operators can either support both protocols in what’s called dual-stack mode or translate between IPv4 and IPv6.
In April, Akamai will announce built-in support for IPv6 in its three major product lines: Aqua for consumer-oriented services, Terra for enterprises and Sola for media companies. Companies will be able to upgrade to these application-as-a-service offerings in a matter of days, rather than spending weeks or months upgrading their own Web servers to support IPv6.
“We know IPv6 is part of doing business on the Internet, and we’re going to include it on all of our platforms,” Cucchi says.
Akamai hoped to release its production-grade IPv6 services by the end of 2011, but the task proved more difficult than originally anticipated. Akamai has been beta testing its IPv6 services with key customers since last fall.
Akamai’s support for IPv6 will make it easier for its media and enterprise customers to serve up Web content to Internet users that have IPv6-only addresses, which is increasingly common in Asia and Europe. Among Akamai’s customers are Apple, Lands’ End, Ticketmaster, Travelocity and XM Satellite Radio. Akamai delivers more than 5 terabits/sec of Web traffic per day.
We want to act as a translator,” Cucchi says. “Our customers can leverage Akamai through these transitional times. … We can terminate IPv6 requests at the edge and send forth IPv4 to the data center environment. Our future roadmap will have a two-way translation that occurs.”
Akamai’s timing is ideal for U.S. federal agencies, which are required by an Obama administration mandate to support IPv6 on their public-facing websites and Web services by Sept. 30. Akamai’s federal customers include the Department of Defense, the Food and Drug Administration and the Federal Emergency Management Administration.
:We’ve had a number of government sites transition to being dual-stacked at Akamai,” says Eric Nygren, chief architect for Akamai. “We’re working with the rest of our government customers to help them” with the September deadline.
RELATED: White House issues IPv6 directive
Akamai says its April launch of commercial-grade IPv6 services is on target for when its government and enterprise customers will deploy IPv6.
“2012 is the year for the design-and-build phases around the world,” Cucchi says. “We’ve been getting ready for this. Now the market is starting to take IPv6 seriously. … By the end of 2012, we’re going to see some real uptick in the percent of IPv6 traffic we see out there.”
Today, only 0.5% of the Internet traffic that Akamai carries is IPv6. However, that will change come April, when Akamai moves out of its beta test program and announces full availability of its IPv6 services.
Akamai says it has run into some difficulty deploying IPv6 because IPv6 services are not available from all ISPs around the globe. Also, several major ISP networks are not peering with each other over IPv6, causing backbone routing issues.
“We’re seeing a lot more backbone brokenness on the IPv6 Internet than on the IPv4 Internet. We’re doing a lot to try to help,” Nygren says, adding that some data center locations don’t have IPv6 connectivity at all. “Using Akamai for IPv6 will be extremely valuable to [our customers] to help them deal with the brokenness. Their users will have a better chance of getting to that content if we’re serving it up near them versus going halfway around the world.”
Another problem that Akamai has run into is malware that takes advantage of IPv6.
“You can go make your website dual stack and add Quad-A records, and now malware will follow that Quad-A record,” Nygren says. “It will start port-scanning your site or spidering your site and start attacking you over IPv6 if your [intrusion detection system] or firewall aren’t set up for IPv6. We can help mitigate this threat by being between customers and IPv6-based attacks.”
Akamai says its IPv6-based services will help protect customers from IPv6-based malware as well as IPv6 floods and distributed denial of service (DDOS) attacks.
“On our platform, we have this nice benefit of being a huge shock absorber,” Cucchi says. “We not only translate IPv6 requests, but we only forward well-formed HTTP requests. Synfloods and IPv6 floods are all dropped at the edge of our network.”
In related news, Akamai has committed to participate in World IPv6 Launch Day, a June 6 deadline for network operators to enable IPv6 on their public-facing websites and leave it on for good. Other Internet companies that have committed to launch IPv6 on June 6 include Google, Facebook, Yahoo and Microsoft. Akamai says its April launch of commercial IPv6 services will help companies and government agencies that want to participate in the June 6 event, which is being sponsored by the Internet Society.
- Akamai to launch IPv6 service in April (infoworld.com)
- What is IPv6 and Why Does My Website I Need It? (css.dzone.com)
- Security Challenges Emerge With IPv6 Launch (fortinet.com)
- The Journey of IPv6 Implementation 9 Months Later (circleid.com)
- ARIN Talks IPv6 (geeknewscentral.com)
- Eurid Rolling Out IPv6 On Production Services (internetnews.me)
- Growth in IPv6-Capable DNS Infrastructure (circleid.com)
- Networks Announcing IPv6 – One Year Later (circleid.com)
- How to Make a Seamless Switch to IPv6 (datacenterknowledge.com)
- IPv6 and MacOS X Lion – “Hampered Eyeballs” (thuktun.wordpress.com)