Two men, Robert Oppenheimer and Edward Teller, are usually called "the Fathers of the Bomb." That's Bomb with a capital B, which is followed by C, which is for Citykiller. Oppenheimer took the lead in developing the atom bomb. Teller then took Oppenheimer's work and did a very Spinal Tap, "turn–it–up–to–11," inventing the hydrogen bomb in the process.
Usually, Oppenheimer is portrayed as a humanitarian who was staunchly opposed to nuclear weapons, and Teller… well. Popular myth says Stanley Kubrick based Dr. Strangelove on him.
Of course, the reality isn't so simple.
I don't recall where I first read this, but I once read a compelling argument that Teller wasn't in favor of nuclear weapons. He was just in favor of reality. The reality was the hydrogen bomb could be built and the Soviets knew it. The question wasn't whether the hydrogen bomb would be built, but only who would have it: the Soviet Union alone, or the Soviet Union and the United States.
Teller looked at that bleak reality, made his bed, and laid down in it. So did Oppenheimer. Teller decided we needed the hydrogen bomb, and Oppenheimer decided the world had gone crazy and wanted no more of it. Ethicists today still argue over which one was right, and will still probably be arguing about it 100 years from now.
My colleague Ira Winkler has been writing about the MBTA hack in his last coupleof columns. I'm not going to weigh in on that one, at least not here. I'm only going to suggest that we are all becoming Tellers and Oppenheimers. The Tellers of the world say, "These flaws exist, they will be exploited, by bringing them to public light we are forcing people to fix them, by keeping them obscured we are allowing people to delay and temporize."
The Oppenheimers of the world say, "Expose them to light responsibly, which is to say slowly, if ever. Our world is too complex and fragile to have bricks thrown at such critical underpinnings."
Ira makes some good points when he talks about the ethical dimension of the MBTA hack. My disagreement with him stems not from what he says, but from what goes assumed: he seems to be an Oppenheimer, while I seem to be a Teller. There's no shame in being an Oppenheimer -- he was, by all accounts, a most rigorously ethical man -- but neither is there folly in being a Teller.
My point in talking about all of this is not to argue for either side. It's to point out the fact that our infrastructure is fragile and our attack surface is approaching infinity. Already, x–ray imagery is being sent to the operating room via the network. Voice over IP is increasingly replacing copper–wire phone service. SCADA systems are wired to the network for ease of monitoring. A single network outage can threaten the life of a patient on the operating table, a terrified homeowner calling 911, and our ability to run water treatment plants.
Before, it took a Teller, an Oppenheimer, and some top–drawer genius with access to millions of dollars in R&D funds to be able to mount attacks like these against a population. Today it just requires a few smart geeks with college degrees and a few years of experience at breaking systems.
Imagine what it will be like tomorrow.
I think the central ethical question facing security geeks is both very simple and very complex: Given the choice between being a Teller or an Oppenheimer, which should we be, and why?
— Robert J. Hansen, freelance hacker and computer science doctoral student at the University of Iowa
This blog is part of Internet Evolution’s Security Clan, which looks at the present and future threats to Internet security and the methods being used to defend and protect users and organizations. Register here to join the Security Clan, and you might become eligible to win one of our limited edition T-shirts.
For the most part, I agree with you. The older I get, the more I find myself agreeing with Celine's Laws -- a set of philosophical principles invented by Robert Anton Wilson and attributed to one of his fictional characters.
National security is the chief cause of national insecurity
Honest communication only happens in a non-punishing environment
An honest politician is a national calamity
#2 seems very appropriate to the Teller versus Oppenheimer debate. If we know that we can be punished for telling the truth, we suddenly have a vested interest in lying. I don't think that's any way for a society to be.
(read 'laws' here) <-- was that suppose to be a link?
"I believe in free speech, free information, freedom to say and do whatever we want"
That often gets me into social trouble in real life...especially when it comes to politics talk...I said loudly that I'm voting Republican this time around and that I thought Palin's acceptance speech was supercalifragilisticexpialidotious in front of Obama fanatic "friends"<--acquaintances really.
I am obviously not a politics "cheerleader" even in an election year...and if I were to 'freely' say 90% of all political 'promises' are hogwash and at the end of the day, no one wants our country to lose......
Publicize every flaw. Climb every mountain. (Where did that come from? My subconscious seems to be acting on its own...) Get everything out in the open and let the chips fall where they may. (Subconscious again. I'm talking in mixed metaphors today.)
I don't think network vulnerabilities are in exactly the same class as the hydrogen bomb. But what do I know?
I believe in free speech, free information, freedom to say and do whatever we want, and freedom of people. I don't believe in censorship, or in any sort of suppression of information. I don't want my government, or anyone else's for that matter, to protect me from myself or from the ideas of others.
I have little respect for secrecy, and none for aribitrary rules (read 'laws' here).
Security is vastly overrated and often presents more of a threat than the problem it is supposed to cure.
Insecurity is responsible for most security issues.
Destruction of information is far more serious than its dissemination.
Thanks for listening. I seem to be a bit radical today. (My knowledge of chemistry is not good enough to know where free radicals may fit into this discussion, though.)
Thanks for the excellent comparison you drawed from the history of the H-bomb. It perfectlyy fits two schools of thoughts in Enterprise Security. I made a "Teller's contribution" to Ira's Post in disagreeing with the ethical and /or legal issues surrounding the MBTA saga. Fron reading your post and other related references, Teller was a Pragmatist to the highest degree. I don't devalue the Oppenheimer's approach but i think it cannot get the job done for us. If as you said on your post that our attack surface is approaching infinity, then only a Teller's approach can realistically do the job for us.
Most Enterprises by taking an 'Oppenheimer" view on security have stifle innovative solutions and in the process hindering advances that will make us more safe. Some enterprises can not even report a breach of security in their systems lest alone have the audacity to conduct research on potential vulnerabilties. All this is been done to sort of safe guard the reputation of the enterprise. While this action would serve their selfish objectives very well, it stalls innovative measures that would otherwise would have remedy the vulnerabilities.
Let their communities know when they believe they're being ripped off. I believe that's what these students were doing; they saw another exepensive public works project that seemed like a contractor was taking advantage of public money by providing a substandard product, and they wanted to expose it. It's hard to say whether the contractor was negligent, incompetent, or just trying to get something "good enough" to beat the deadline, but the students felt it was important to bring this to light.
Now the transit authority is trying to cover up their embarrassment by making the students into scapegoats, just like when idotic city officials over-reacted to the Aqua Teen Hunger Force ads and tried to accuse the artists who installed them of terrorism. Public officials will always try pull strings and change the rules to hide their own stupidity and incompetence.
"They are telling a terrific tale of widespread security problems, but they still have not provided the MBTA with credible information to support such a claim," says Joe Pesaturo, a spokesman for the MBTA. "It's that simple." <-- doesn't that already sound problematic?
and the defcon reastraining order, I'm beginning to wonder if those guys went to the seamingly arrogant and pompous MBTA first.
wait, did I just say something derogatory about a transit authority?
I will blindly say that the 3 folks from MIT played it NICE!!
Here is a quote from this article(granted it is from MIT Technology Review, hehe):
"MiFare sold a lousy product to customers who didn't know how to ask for a better product," he says. "That will never get fixed as long as MiFare's shoddy security is kept secret." He adds, "The reason we publish vulnerabilities is because there's no other way for security to improve."
and
"The industry should view the MIT students' work as a free service that could ultimately lead to better security. Although there has been plenty of academic research on the security of RFID, he says, little has yet made its way into products. "The core of the problem is still industry's belief that they should build security themselves, and that what they've built themselves will be stronger if they keep it secret," Nohl says."
In this particular instance, I biasedly side with Teller (I just happened to have ran the ez-pass so many times that I got POUNDS of notices in the mail...still unresolved which is a nightmare, good thing I don't need an ezpass where I live now).
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Early this month, The New York Times published a report about how, during the initial invasion of Iraq, the United States decided not to engage in wide-ranging cyberwarfare against Saddam Hussein’s regime.
My last blog post on Internet Evolution summoned forth a few interesting technical solutions that, unfortunately, just will not work in the real world.
"Twitter Docs Hack Exploits Stupidity Vuln," screams a headline from The Register. The short version: A hacker was able to breach the personal email of a Twitter Inc. administrator, and used the same password to breach that administrator's Google (Nasdaq: GOOG) account. There's nothing new or noteworthy in the attack: People have been hijacking access credentials since about five minutes after they were first invented. What's new is the scathing condescension that’s applied to the victims of these attacks.
Whenever you hear the government declare war on an abstract concept, you know the effort is doomed to fail. The War on Poverty didn't do much to lift people from their dire straits; the War on Drugs didn't do much to blunt the scourge; the War on Terror is underway and the results are decidedly mixed; soon a War on Disease is going to be announced.
"Torpig" is the kind of name that makes you think the people who name malware need some good lessons in marketing. It sounds more like an opening band for Metallica than it does one of the more successful botnets in history.
While Google introduces its new Chrome OS (which I'm hearing will be widely available in one year? Did I mishear that?), IBM announced 10 new products today to help companies using IBM System z mainframe technology.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
The release of Microsoft's newest OS raises the question of the company's relevance in an era when Google dominates applications and search, and Apple runs circles around Redmond with its gadgets and user interfaces.
When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
Earlier this year, Heartland Payment Systems was breached by Russian hackers who had also hit 300 other financial institutions. The scope of the Russian operation is mind-blowing and points to a new era in cyber attacks.
More companies are trolling social networks to find and vet potential job candidates. Beware the pitfalls of blurring the line between personal and professional lives.
Industry initiatives and government stimulus funds are giving enterprise software vendors a great opportunity to help build out and manage smart grid technologies.
The problem with telepresence is that it's not universally accepted, because video calling isn't. While we can all do video calling, we also apparently worry too much about how we look. If we want HD telepresence in our future, we have to dress down, mess up our hair, and dive into our online life.
The US loses about $20 billion a year on pirated software, movies, and music. But public policy can help stem the tide of digital theft. For example, France has recently passed a 'three strikes and you’re out' law, whereby if after two warning letters an individual continues to download pirated software then his Internet access will be cut off. US policy makers should consider adopting similar policies.
Financial management planning does not need to include Voodoo economics, but it does help to tap into the knowledge base of your team through some sort of real-time system. We explore your options.
When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
The successor to the BlackBerry Bold 9000 – the Bold 9700 – will be available soon in the US. Is it worth upgrading? Reiter's got one, and offers advice.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
