Justin Foster, a fellow Canadian infosec guy, brought up an interesting point today in a tweet he sent out:

I remember the good old days when a cloud was something we drew to represent the Internet between two points. *Sigh*

He’s also responsible for the following diagram for those of you who are visual people:

“Cloud” is one of those marketing terms that I can’t stand because it is now applied to absolutely everything out on the Internet AND in data centers. In my day we called those areas DMZ and those vendors Application Service Providers (ASPs)…..consarnit!

I honestly believe that my circle of friends are smart enough to recognize a bad thing when it comes up. That being said, I have always had my doubts about the average person. Luckily my faith has been somewhat restored based on this article stating that someone has been sending unsolicited laptops around to to United States Governors whose offices, as detailed in the article, have promptly contacted the FBI to investigate. As I’m sure you would expect the FBI isn’t too happy about it. From the article:

The mystery began in West Virginia earlier this month when Gov. Joe Manchin’s office received five Compaq computers on Aug. 5. A week later, Manchin’s office received a sixth notebook, a Hewlett-Packard model.

The Charleston Gazette, which first reported the story, said Manchin’s office didn’t turn on the machines for security reasons. West Virginia state police said HP confirmed the notebooks were ordered online for delivery to the governor’s office, but didn’t reveal who made the purchase.

Wyoming and Vermont have also reported similar incidents, which has led to the FBI investigation.

If opened up your mail box and noticed a package, addressed to you, containing a laptop…would you use it or would you first ask yourself “I wonder who sent me this?” or would you treat it as the “bank error in your favor, collect a new laptop” card a la monopoly? I have a sneaking suspicion that even the most non-technical of people, on average, would think something was wrong and contact either the post office, the police, or maybe even their “techie friend” to take a look. That being said, I wonder how many people would react similarly if they were to receive a small gadget, such as a shiny new iPhone 3Gs, in the mail? I have a sneaking suspicion that people would be more likely to open the box, move their SIM card over, and see if their new free toy worked.

Thoughts?

Ever since the Iranian election demonstrators turned to social media applications, such as Twitter and Facebook, it appears as though every media outlet is calling anything that happens to touch, or think about touching, the Internet, “cyberwar”.

Being of the Jerry Springer and “One of these three soft drinks are poison, tune in at 11pm and we’ll tell you which one” generation, I understand why using an eye catching headline is used. Obviously you, the dirty media, want to drive people to your program/story/blog/cause but, in doing so, you’re perpetuating false information. If my father, who is retired Navy, heard the term “cyberwar” he’d immediately think of words like: military, attack, etc. and not words like: rally, demonstration, and so on.

Now, don’t get me wrong, I understand that the demonstrators in Iran are being brutalized. What people need to know, however, is that the demonstrations, support, or response cannot, and should not, be classified as “cyberwar”. If anything, the online support that is demonizing the election results should be classified as psychological warfare that, although a component of war, is not an immediate physical response.

The Wikipedia definition of psychological warfare hits the nail right on the head:

The U.S. Department of Defense defines psychological warfare (PSYWAR) as: “The planned use of propaganda and other psychological actions having the primary purpose of influencing the opinions, emotions, attitudes, and behavior of hostile foreign groups in such a way as to support the achievement of national objectives.”

Does this not more closely match what is happening right now? I think it does. Even though Wikipedia defines cyber-warfare as having a propaganda component, which can loosely be tied to psywar, I fear that too much emphasis is being placed on it.

True cyberwar, which has yet to be let slip, is still in its infancy stage. Just like cavalry warfare, trench warfare, and armored warfare, it has to be perfected – but that’s not to say that it isn’t being tested and polished on the worlds electronic battlefields.

For any media types who are thinking of using “cyberwar” as the basis for an article on what is obviously social dissidence and believers in democracy leveraging technology to spread information please, think of the cringing security professionals trying not to vomit or have an aneurysm reading your story.

P.S. If you want to understand what true cyberwar is going to be, check out the information on the new US Cyber Command being formed.