Truth About Computer Security Hysteria

SCADA Al Qaeda

NO DOUBT ABOUT it. The media displays a very strong fetish for stories about Al Qaeda cyber-terrorism. You could see it in the recent PBS Frontline "Cyber War!" episode.

Perhaps the Washing­ton Post will do a follow-up story about the utter lack of SCADA cyber-terrorism. But I won't hold my breath.

Seriously. You can't steal cable or read a fishwrapper without seeing references to "cyber-war" and "cyber-terrorism." And you can't listen to a fearmonger without hearing a breathless reference to the dire threat of "SCADA." (For those of you who don't recognize the acronym, SCADA stands for "Speculating Creatively About Dastardly Attacks.")

Say what? You can't find breathless stories about Osama bin Virus in your own fishwrapper? Just look for the stories about a sniper's latest victim. The cyber-terrorism story is two inches above and one column to the right. The headline of the story gives it away:

PBS Frontline's recent hullabaloo about SCADA cyber-terrorism leads me to point out a pre-Iraq war story in the Washington Post. "Cyber-Attacks by Al Qaeda Feared," the headline screamed. "Terrorists at Threshold of Using Internet as Tool of Bloodshed," it went on to say. You'll recognize the journalist who filed the story: Barton Gellman made a prominent appearance in the PBS Frontline "Cyber War!" episode I bashed.

Gellman's story sounded the alarm over the dire SCADA threat. Perhaps he'll do a follow-up story to explain why those much-feared SCADA Al Qaeda attacks didn't occur? Perhaps Gellman will explain why Al Qaeda remained oh-so-quiet during Gulf War v2.0 and why they used archaic methods (e.g. suicide bombings) in the recent Riyadh and Casablanca attacks?

Yeah, perhaps Gellman will do a follow-up story about the utter lack of SCADA cyber-terrorism. But I won't hold my breath.

Former White House fearmonger Richard Clarke also made a prominent appearance in the PBS Frontline special. I tell you, the man loves to talk about scary acronyms like SCADA. No joke: this guy would do anything short of dismantling the Internet just to save us from SCADA Al Qaeda. As the Frontline special drew to a close, Clarke mused:

After Pearl Harbor, we did a tremendous job of defeating the Nazis and the Japanese. After Sputnik showed that the Russians were winning the space race, we did a pretty good job of national mobilization and we beat the Russians to the moon. After September 11th, Al Qaeda's little sanctuary in Afghanistan was gone in a couple of months. And we're now doing a very good job of rounding terrorists up around the world. "After the fact." Wouldn't it be nice for once, when we have the experts telling us we have a big risk — wouldn't it be nice for once to get ahead of the power curve, solve the problem, so there never is the big [SCADA et al.] disaster?

Every single time throughout recorded history, without a single exception, mankind learned its lessons the hard way numerous times about the dangers of every single technological advancement. I want mankind to learn just once, the easy way about the horrifying dangers of the Internet while I'm still alive so I can take ex post facto credit for saving a third of humanity from those cyber-terrorists and cyber-wars I constantly screamed about before 9/11.

" 'They’re now starting to put their money into direct fiber-optics wiring with sol­dered con­nec­tions,' said one indus­try source." Now, I don't know if you ever tried to solder a fiber-optic cable, but — let's just say it gets a little messy...

First: anytime you see the words "SCADA" and "terrorist" in a news story — which seems pretty common in [this mailing list] — you should rush over to [this page] for a refresher course.

Second: we've learned THE HARD WAY, EVERY TIME, about the dangers of technology. Seriously — why does anyone actually think we'll learn the easy way this time around?

We built boats. People died to teach us about the need for good boat-making. Even with the best materials, though, you still occasionally run into an iceberg. People died to teach us about the need for lifeboats. We long ago figured out how to use boats as weapons and our enemies sometimes explode 20x40' holes in our boats.

We built trains. People died to teach us about the need for good wheel-making. Even with the best materials, though, you still occasionally leap off the tracks. People died to teach us about the need for safe interiors. We long ago figured out how to use trains as weapons and the North won against the South in no small part because the rails ran smoothly.

We built cars. People died to teach us about the need for seatbelts. Even with straps, though, you still occasionally impale yourself on the steering column or bash your head on an unforgiving upper doorframe. People died or went into comas to teach us about the need for front- and side-deploy airbags. We long ago figured out how to use cars as weapons and we now even drive around in Jeeps for the fun of it.

We built airplanes. People died to teach us about the need for air safety. Then we shipped a gazillion planes to WWII. Airmen died to teach us about all sorts of things about safe airplanes. We long ago figured out how to use airplanes as weapons, and then 19 guys reminded us about using airplanes as weapons. (Can you say "kamikaze"?)

...Okay, now we build computers. Nothing bad happened yet, but that's just because computers don't really do critical things. (Like fly a plane. Or steer a boat. Or drive a car.) Yeah, a secretary's PC at a nuclear power plant got infected with a Word macro virus, but technicians scrammed the rods before the secretary's PC could do any real damage. A lot of experts want Congress to give them tax dollars so people never die at the hands of the Melissa virus...

Mark my words: we'll overcome Darwinism this time around. We've got technology on our side!

Now, I don't know if you ever tried to solder a fiber-optic cable, but — let's just say it gets a little messy. "Tommy, my soldering iron is covered with burning fiberglass! What should I do?"

Computer virus pio­neer Fred Cohen be­lieves every com­puter secu­rity specu­la­tion — no matter how absurd — "is valid sub­ject matter" worthy of expert attention.

I don't know who this "industry source" is but I can assure you he didn't wire my house.

YOU MIGHT RECOGNIZE the guy who moderates that information warfare mailing list.

It's Fred Cohen, the father of the modern computer virus. He loved to post hysterical cyber-terrorism stories on his mailing list. After he posted the "fiber-optic solder" story, I moaned about the need for a "bozo filter." Cohen rejected my plea. "I think that all information — whether hokey or not — is valid subject matter for information warfare fora," he insisted.

Oh, really?

So I asked Cohen a perfectly logical question. Would he finally start to post Vmyths columns on his mailing list? "I will be glad to review and post as appropriate," he replied. Yet the moment we got all the details worked out, Cohen decided to stop posting stories. Go figure.

But hey, at least he stopped wasting everyone's time with those bozo SCADA Al Qaeda stories. Now we just need to put a filter on bozo fetishists like Barton Gellman...