Schneier on Security: Terrorist Risk of Cloud Computing.
Bruce Schneier gets it COMPLETELY right, (about Rob Enderle being completely wrong,) when he says:
“…the main point of the article, which seems to imply that terrorists will someday decide that disrupting people’s Lands’ End purchases will be more attractive than killing them. Okay, that was a caricature of the article, but not by much. Terrorism is an attack against our minds, using random death and destruction as a tactic to cause terror in everyone. To even suggest that data disruption would cause more terror than nuclear fallout completely misunderstands terrorism and terrorists.”
There is a common logical error people make when trying to asses risk: planning without thinking. Making invalid assumptions without proper analysis. Nowhere is this as obvious as when people discuss protecting things from terrorist attack. Terrorism ignites all manner of fear in people, even without the “terrorists” having to actually DO anything. Fear is indeed the mind-killer here as people toss away all logic and let their imaginations run wild, conjuring up all manner of fearful outcomes. They literately lose their minds and lose the ability to think clearly.
Of course Rob Endlerle is a proven idiot and is obviously incapable of thinking. He merely lobs grenades and trolls for flames wherever he writes, always constructing bizarro arguments on assumptions and fallacies. Schneier rightly points out one of these fallacies when he scoffs at Enderle’s statement: “The Twin Towers, which were destroyed in the 9/11 attack, took down a major portion of the U.S. infrastructure at the same time.” The U.S.A.’s infrastructure suffered virtually zero damage on 9/11. In the grand scheme of things the 9/11 attack was less than a pinprick in our national skin. The air transport system was back to normal within a week. The stock exchange was trading again in a few days. More people die falling off ladders each year in the USA than those killed on 9/11/2001.
The point of terrorism is found right there within its name: terror. Shock. Outrage. Fear. Paralysis. Over-reaction. That is what terrorists want. Their aim is to provoke maximal emotional reaction with minimal effort. Therefore terrorists attack specific targets chosen for maximum shock and outrage. They attack symbols. They attack people. They seek to have visibility. They don’t attack infrastructure. In the case of 9/11 infrastructure was the weapon, not the target.
Nation-States engaged in warfare attack infrastructure. The fastest way to disable an enemy is to destroy their means of communications, transportation, and manufacture. This is how warfare has been conducted since the mid-20th century. Technology allowed the expansion of the battlefield into entire continental “theaters of war” and technology allowed warring nations to attack each others’ technology. This is the natural evolution of conflict that began when our ancestors first beat each other with rocks.
The error that Enderle, and so many others make is mistaking terrorism for warfare. Terrorism is NOT warfare. The purpose of attacking infrastructure is to weaken the opponent so as to make warfare easier. The destruction of infrastructure allows the next logical step in warfare: the attacker destroying their enemy and/or invading their enemies territory. Terrorists are not interested in those steps. They are not seeking to invade or destroy. They merely want to inflict maximum emotional damage at minimal cost. Osama bin Laden spent very little money to execute the 9/11 attacks. Sure, it may have been over a million dollars but it provoked a trillion+ dollar response. THAT is the point of terrorism.
Datacenters, Telecommunications Infrastructure, Carrier Hotels, Long-Haul Fiber-Optic Circuits, and by extension, “Cloud Computing” will never be terrorism targets. Ever. They have no emotional value. Their disablement or even destruction provokes no visceral emotional reaction or outrage (except in the people like myself who must build and maintain them of course!) Ask yourself this: If the 9/11 hijackers flew those planes into One Wilshire, The Westin Building, and the Google Datacenter in The Dalles, Oregon would we be fighting wars in two middle-eastern countries today? The answer is: “No.” In fact it may not have even been seen as a terrorist act at first, instead being seen as a random set of accidents. It would not have been seen live on TV around the world, and people would not have even been affected much technically and certainly not emotionally. Today it would be one of those dimly recalled events of yesteryear. “Oh, remember when those plane crashes made the Internet slow for a few hours?”