Source: www.schneier.com – Author: Bruce Schneier
&ers •
@ALL
Just for the record – it isn’t yet all good with Kyivstar.
hxxps://english.nv.ua/business/ukraine-mobile-operator-kyivstar-fa
ces-new-network-outage-50378025.html
And those wasn’t hacktivists.
Clive Robinson •
@ Bruce,
A couple of things to note with regards the “physicality” of the cyber attacks so far in this war,
1, They don’t appear to do much if any permanant damage.
2, Most of the damage was only possible due to poor design, manufacture and implemementation.
Which means there are some valuable lessons to be learned by others.
Firstly it’s obvious we are still turning out crap component systems and failing to implement over all systems securely.
Secondly the attacks can mostly be cleaned up after a short period of time.
Thirdly the lack of perminance means the effectivness of the attacks is not so much in what they do, but how they are coordinated with more physical attacks that do do physical damage.
That is not ment to minimise the seriousness of what could be achieved with cyber attacks, but point out their utility is transitory at best, thus should be carefully timed as part of an overall military objective.
From the defence point of view, there is a lot that could and should be done that is not being done.
As an industry ICT is shipping mostly deffective goods riddled with avoidable issues thus vulnerabilities. We are building fragile components that lead to fragile systems, thus fragile infrastructure.
There was a couple of lessons pack in the old POTS system with “Phone Phreeking” which was,
1, In-band signalling will fail.
2, Trust for conveniance (SS7) will fail.
There are known solutions to these issues that have been known for more than a third of a century if not longer.
Yet because we’ve “gone digital” the lessons have been ignored and mainly forgotten for “convebiance”.
Various analyses suggest we are moving out of a period of peace and stability into a period of war, instability thus increased insecurity.
Our ability to deal with this increasing insecurity is based almost entirely on the instability of the underlying if not foundational infrastructure systems.
Thus there is a lesson that all should take onboard. Whilst a plethora of mostly unusefull features might please the point scorers in marketing, they are rather more than a waste of time and resources, they are actually a danger in the form of vulnarabilities.
There was a reason the old POTS system appeared stable and slow to move forward, whilst digital is unstable and progress looks fast.
Maybe we should stop,
“Moving fast to break things”
And consider what that could mean in these times of increasing political and social instability that is costing us very deeply. Not just in the lost opportunities conflict inflicts significantly, but the disaster capitalists profiting from, mostly meaninglessly at humanities expense.
Something we all should give some thought to.
Sidebar photo of Bruce Schneier by Joe MacInnis.
Original Post URL: https://www.schneier.com/blog/archives/2023/12/cyberattack-on-ukraines-kyivstar-seems-to-be-russian-hacktivists.html
Category & Tags: Uncategorized,cyberattack,cyberwar,hacking,Russia,telecom,Ukraine – Uncategorized,cyberattack,cyberwar,hacking,Russia,telecom,Ukraine
