back to article Biden warns 'real shooting war' will be sparked by severe cyber attack

United States President Joe Biden has shared his view that a "real shooting war" could be sparked by a severe cyber attack. In remarks made on Tuesday at the Office of the Director of National Intelligence, Biden spoke of the need to "make sure that we're positioning ourselves to stay ahead of security challenges that will …


  1. Mike 137 Silver badge

    Not really news, Biden

    "We've seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world"

    We have indeed - for decades, and it gets worse rather than better as time passes. But there wouldn't be anything like such a scale of threat if we could persuade developers to write software that wasn't littered with rather obvious silly errors. There are no more than around half a dozen critical metal-level cock-ups that have kept getting perpetrated for some four decades, and with all their rigor, even OWASP only cite 10 common critical web development errors. That's (being generous) less than 20 things any developer should know about and avoid - but they don't and they don't. So we have fragile bug-riddled software that requires constant "updates", and for some bizarre reason we find that perfectly acceptable. Until we get breached.

    Until software development becomes a real engineering discipline (with global verified standards and rigorous oversight of compliance with them) we'll continue spiralling downward into the pit, as, on the one hand, we rely on software more and more in every aspect of our lives, and on the other it becomes less and less trustworthy.

    1. Potemkine! Silver badge

      Re: Not really news, Biden

      There are around 30,000 parts in a car. There are hundreds of thousands of lines of code in a software if you include the libraries, and millions if you include the OS. Software has a complexity that as few equivalence IRL. Add to this the speed of development and changes in IT, pushed by the Moore Law. Car parts are rarely new, screws are a tested, proven technology for long, we know a lot about the materials and how to make them safe and secure. It's totally different in IT. Everything is moving, and fast, and faster. The technology we use now will probably be obsolete in 10 years.

      Even if we improve methods to make software more reliant, it won't eliminate bugs and security breaches. It's way too complex: too many layers, too many interfaces. Look at the space industry, which tests, retests and tests again. It didn't stop Mars Climate Orbiter to crash because of a conversion error, or the first Ariane 5 to explode because of a float overflow.

      Of course, we have to code better. But we should always keep in mind the code will be defective and will enable cyberattacks. Improved software development is one layer of protection, but it cannot be the only one.

      1. DS999 Silver badge

        Its the ultimate assymetric warfare

        Those writing/maintaining the software have to get it right 100% of the time. The attacker only has to find one place they got it wrong.

        And the attacker doesn't need to be part of an army or even a group, he can be all alone and responsible to no one. He doesn't need to put himself at risk like a sniper or a terrorist planting IEDs. He can attack from the safety of his bedroom halfway around the world in a country that doesn't care what he does so long as he's not attacking their allies, and won't extradite.

        1. Clausewitz 4.0

          Re: Its the ultimate assymetric warfare

          I politely disagree.

          Such powers NEED to be part of the regular armed forces, the sole coordinators on the use of force.

          Otherwise it is just blood and chaos, and nobody wants that.

          People want safety and prosperity, force being used only when others are hurting you.

          1. DS999 Silver badge

            Re: Its the ultimate assymetric warfare

            I wasn't implying that a military doesn't need its own cyberwar capability, just that as far as DEFENSE goes it doesn't matter how big your forces are, a 400 lb guy on a bed in his basement could hit you and depending on where he was you'd have no recourse aside from traditional military attack (if you could find him and if you were willing to risk the greater conflict that might result)

      2. Mike 137 Silver badge

        Re: Not really news, Biden

        It still remains as a matter of fact that software development is the only branch of engineering (granting it that courtesy) in which practitioners are allowed to be entirely self-taught and don't have to be certified against any global objective standards.

        That alone needs to be fixed if things are to improve, as can be verified by no more than a cursory overview of the general quality of questions and answers at Stack Overflow.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not really news, Biden

          Complete waste of time. It would take micro seconds for the Indian community and others to produce false certifications. Unless you push them through an observed test as part of the interview it's guaranteed you will not get what is on the tin.

        2. BigSLitleP

          Re: Not really news, Biden

          I guess the corollary is still true that if someone puts "fact" in caps or bold, generally what follows is certainly not a fact.

        3. Lars Silver badge

          Re: Not really news, Biden

          "the only branch of engineering (granting it that courtesy) in which practitioners are allowed to be entirely self-taught and don't have to be certified against any global objective standards"

          See how easy it is to forget politicians

          1. Pascal Monett Silver badge

            Politicians have nothing to do with engineers.

            Actual engineers will answer your questions truthfully.

        4. Ken Hagan Gold badge

          Re: Not really news, Biden

          I'm not sure your analogy with engineering actually stands up.

          Real engineers don't do most of the work when building a bridge, but they supervise and they are on the line (in court) if it goes wrong. Insurers cover that risk as long as the "real engineer" has professional qualifications. In the end, it is all about money. The builder uses an engineer to off-load the risk, the enginer off-loads that risk to an insurer, and everyone keeps their fingers crossed that the bridge doesn't fall down.

          If it falls down the first time someone drives a heavy truck over it, everyone loses. However, if it falls down when someone wraps shaped charges around a pylon, everyone shrugs shoulders and the police chase after the terrorist.

          Some high-profile attacks on software feel like the latter case. The software was fit for its purpose, but an attacker just "changes the purpose" until the software is no longer fit. Expecting every software package to be resistant against crackers is like expecting bridges to be resistant to bombing. Maybe it can be done, I don't know, but it doesn't sound like it would be cheap and who is going to pay?

          I'm aware that some other attacks are just plain stupid. (Anything where key infrastructure is connected to an international network sounds ... rash.) But let's not pretend that qualifications can save us from an foreign adversary who is clearly practising for the next war.

          1. Cliffwilliams44 Bronze badge

            Re: Not really news, Biden

            While coding better software is important the real issue is that the weakest link in your security defense is your employees! Most of these current ransomware attacks are perpetrated through social engineering. Target someone in a position where they may have access to a large portion of a companies data, get them to perform some action through social media, email, even a phone call, i.e. either inadvertently or some time deliberately install malware on their devices and your in!

            They have not targeted a vulnerability in a program or operating system they have targeted a vulnerability in the Human Interface!

            We on the IT side tend to focus exclusively on the technical aspects of security and completely ignore the human factor!

      3. A random security guy Bronze badge

        Re: Not really news, Biden

        At one point in my life, I thought automotive companies would be worried about cyber attacks. The truth is that they are not.

        They buy cyberinsurance between $1-$10 per car. Maybe even less. Then they make a lot of noise.

        The only automaker serious about security is Tesla. And that is because they are a nice target. Teslas are a high end multiprocessor computers with a motor and a battery connected to their fleet management software.

        1. Pascal Monett Silver badge

          And they don't need hackers to cause accidents, they do that quite well on their own.

        2. Bronze badge
      4. Primus Secundus Tertius

        Re: Not really news, Biden


        Computer systems are, as you observe, the most complicated machines made by man. But the biological world is much more complex. First the complexity of proteins; then the bacterial cell; then the eucaryotic cell; then plants and animals; then what we call our brains. (That with which we think we think - Ambrose Bierce.)

        But nature proceeds by small changes, and takes a lot of time. Bugs crop up along the way, e.g. the human loss of the ability to synthesise vitamin C.

      5. Norman123

        Re: Not really news, Biden

        I am not a programmer or computer savvy person but I wonder if it would be possible to develop software to check program and hardware errors?

      6. Cliffwilliams44 Bronze badge

        Re: Not really news, Biden

        I know many won't like this but it is time to phase out writing software in C, C++. Rust may not be at the place where it can replace everything C based languages can do but that transition need to happen. There are too many inherent dangers coding in C, C++ that languages like Rust can mitigate. This won't stop dumbass programmer error but it will stop some of the common problems with C based programs because Rust will not let you compile with these vulnerabilities.

    2. Cliffwilliams44 Bronze badge

      Re: Not really news, Biden

      Bottom line, you can prevent all this with proper security measures and user training. The biggest problem is "That costs money" and Corporate leadership will not spend the money "until something bad happens"! It is much like "disaster recovery", they only want to spend on it AFTER an incident that loses data!

      Then there are the Security Professionals who spend more time selling FUD and crap products than actually protecting their clients.

      And there is the "internet generation" that will throw childish tantrums if you block social media on their corporate devices. They view this as an infringement on their "civil rights". Unfortunately most management doesn't have the courage to tell them no. Usually because they don't want their social media blocked. And then there IS management, who request exemption from every security measure you try to implement.

      Finally, people should only have access to what they need! Not what they think they need. As a senior IT employee do I have full access to our financial system? NO! and I don't want it. When someone requests access to something that is outside their job requirements the answer should be NO! No matter their position.

      1. Michael Wojcik Silver badge

        Re: Not really news, Biden

        Bottom line, you can prevent all this with proper security measures and user training

        That's very dubious, assuming someone pins you down on the "proper security measures" hand-waving.

        User training is important, but decades of experience with computing end users, and millennia with humans in general, show its limits. Even highly knowledgeable users regularly make errors. Cory Doctorow has a good blog post from years ago about how he got phished – working quickly, distracted by other things, entered credentials into a pop-up that looked legitimate without stopping to think about it.

        In fact, some studies show experienced, trained users are more likely to make security errors or bypass security mechanisms because they assume their knowledge serves as a compensating defense.

        "Proper security measures" is meaningless without definition, of course; but for any feasible set of specific, realistic measures, a security expert can likely construct an attack tree that bypasses all of them.

        Certainly there is a great deal that can be done, across the entire software lifecycle, from architecture through monitoring and defending in production. And certainly most people and organizations aren't doing most of those things, or do them poorly. But "prevent all this" is a fairy story.

    3. Alan Brown Silver badge

      Re: Not really news, Biden

      "We have indeed - for decades, and it gets worse rather than better as time passes. "

      MBA seagulls blow off any and all warnings about this stuff until it explodes in their faces

      The problem is that such individuals are so numerous and noisy that they effectively mask the problem UNTIL it's too big for them to cover up anymore

  2. Khaptain Silver badge

    Wholeheartedly agree with Potemkine.

    And never forget that the bad guys are not the coders but those that are doing the attacking. And the attackers are no longer script kiddies, it is at the governmental level and they have the budgets and capabilites to do far more than one might imagine..

    And don't forget the real issue here, Joe Biden is preparing for whatever war the USA had decided to start within the next 2 years.... Which undoubtedly they will....

    1. amanfromMars 1 Silver badge

      An Achilles Heel Trojan Horse Vulnerability for Foreign Export and Alien Exploitation

      And don't forget the real issue here, Joe Biden is preparing for whatever war the USA had decided to start within the next 2 years.... Which undoubtedly they will.... .... Khaptain

      One would have thought that being such a constant serial loser in such an enterprise that entertains and provides victims of war, would have them realising the error of their ways. The fact that it mightn't and/or doesn't must be a reflection on their lack of available in-house, actionable non self-destructive nationalised intelligence.

    2. A random security guy Bronze badge

      I wouldn't be that generous to the coders. The pushback I get when I point out obvious vulnerabilities would make you think I was stealing their first born. In fact developers HIDE their systems from security teams to prevent them from getting audited.

      I remember I found a vulnerable web server in a system once and requested it be replaced with a less vulnerable version. The team just moved it to a different port, well-known in fact, hoping that I would get fooled that they were running something else.

      1. Michael Wojcik Silver badge

        For many developers and development managers, security vulnerabilities are externalities. Fixing them is expensive, particularly in opportunity costs and cognitive load, and they have little or no direct return in market appeal (features, usability, etc). So they resist.

        The only fix is to turn those externalities into direct costs (e.g. with customer pressure to fix vulnerabilities or an SDLC with metrics that feed into KPIs), or make improving security a reward in itself by convincing developers of its importance (so fixes are psychologically rewarding). In-organization direct rewards (e.g. bounties) are too easy to game to be workable in many organizations.

    3. Anonymous Coward
      Anonymous Coward

      "...whatever war the USA had decided to start within the next"

      Regan did the exact same thing with his first year of speeches, which all foreshadowed the Star Wars project, increasing retirement age and the War On Drugs... all of which came to reality before he was out (many of his early foreshadowing quotes have been used on a TV showed called Jeopardy).

      Here is the line that lets you know, that you know, something greedy is being drawn up....

      "'re as informed as I am..."

      Yep, so when I'm informed something is starting, I'll be "right with my beloved president". So heart felt, so much spreading of fear for profit.

      People just refuse to see it, they just keep believing in it all way too much, but all 1st world politicians now have to be assumed to be corrupt.

    4. Cliffwilliams44 Bronze badge

      "Wag the Dog" as they say. No, this won't be an action against Russia and most certainly will not be against China as Slow Joe is far too "in bed" with the Chinese for that to happen.

      It will most likely be against Iran. Once he loses badly in the next election, which is at this point a veritable certainty. This will be the play used to regain his popularity.

      But I believe it will fail. The American public bit Left & Right has had enough of the endless wars in places where these wars make not a shred of change in the lives, politics and ideology of those living in these nations.

  3. amanfromMars 1 Silver badge

    The White House declares and outs itself ..... in a crazy directive

    Is Bidenesque FUD the new MAD and does Uncle Sam intend to be world leader in that too? Go for it Joe. You're a star in the making with the following high bar and low tide mark to overcome and improve upon ....

    "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." — President George W. Bush, Washington, D.C., August 5, 2004

    Is there something strange and deranging in the 1600 Pennsylvania Avenue NW, Washington, D.C. water supply/intelligence source provision ‽ .

    1. A random security guy Bronze badge

      Re: The White House declares and outs itself ..... in a crazy directive

      So the WH should stand down? What exactly are you proposing?

      1. amanfromMars 1 Silver badge

        Re: The White House declares and outs itself ..... in a crazy directive

        So the WH should stand down? What exactly are you proposing? .... A random security guy

        If they could cease and desist from scoring so many damaging own goals would be immediately quite helpful, A random security guy.

    2. Ordinary Donkey

      Re: The White House declares and outs itself ..... in a crazy directive

      Is there something strange and deranging in the 1600 Pennsylvania Avenue NW, Washington, D.C. water supply/intelligence source provision ‽ .

      No, there's something in the electoral process that ensures normalish people can't get elected.

      People thought Trump was an anomaly, when in fact he was just less subtle.

      1. Anonymous Coward
        Anonymous Coward

        Re: The White House declares and outs itself ..... in a crazy directive

        "People thought Trump was an anomaly, when in fact he was just less subtle."

        The new guy is just less of everything, especially the neurons... The media are propping him up for the moment but I get the feeling that that's not going to last for long now....

        We can see it in the press conferences that the media are starting to attack, just as they did with Trump, the difference being that Trump's was at least funny and laughable whereas with Biden it's just plain embarrasing..

        1. Rainer

          Re: The White House declares and outs itself ..... in a crazy directive

          Trump could at least wrangle with reporters and hold his ground.

          This guy...I cannot believe the media thought it was a good idea to have him elected.

          Though, I suspect they thought that Kamala being sworn in mid-term wasn't too bad either.

          I still have a bet with a co-worker that he won't make it to mid-term. Those drugs he gets to prop him up will stop working sooner or later or the side-effects will show.

          1. Sherrie Ludwig

            Re: The White House declares and outs itself ..... in a crazy directive

            I have been posting a wager on social media, which none of you trumpers have taken: I bet $1000 US dollars that Trump will NOT be "reinstated" or "returned to power" at the White House by Aug 13, as the pillow guy has been hollering. Hell, I'll give it to Aug. 31st. On August 31, we meet (loser pays their own way) and one of us walks away with ten $100 bills. Otherwise, all you trumpers concede, aver, and maintain you are gutless, inverted-weenie scum suckers who are desperately hoping there is someone dumber than you who might actually swallow that codswallop.

            So, Rainer, I'll take that bet about Biden making it to midterm. I'll even make it for that same $1000, same terms. I live in the US Midwest. Deal? Or do you concede,, aver,,,etc.?

            1. Ordinary Donkey

              Re: The White House declares and outs itself ..... in a crazy directive

              If you'll step outside your social media bubble for five minutes you'll find the vast majority of Trump supporters never made that claim in the first place, so I'm not surprised you don't have any takers.

              Online betting is illegal in my current location or I'd propose a counter-offer about the midterms. Or do you think that Trump is currently touring every electoral region in the USA as an inefficient means of making a few dollars?

              1. Sherrie Ludwig

                Re: The White House declares and outs itself ..... in a crazy directive

                @Ordinary Donkey

                Twitler's anointed, endorsed candidate just lost a runoff election for a Texas house seat (she is the wife of the late office-holder, usually a shoo-in for GOP voters) to another Republican, in a deep GOP area. I hope and pray this is another example of, as the book title has it, "Everything Trump Touches, Dies". He nearly killed the USA, by unchecked epidemic and then by attempted coup.

                Yes, I think {Twitler} is touring as an inefficient means of making a few dollars - he is using the slush fund of campaign dollars sent by his suckers, so it isn't costing him anything, AND he's getting the strokes his pathetic, yawning maw of an ego desperately needs. Besides, he is completely bollocks at being a businessman, so why should this be any different?

                1. Ordinary Donkey

                  Re: The White House declares and outs itself ..... in a crazy directive

                  Oof! You went full Hitler.

                  Might want to tone that down, these days it makes you sound dangerously unhinged.

                  I mean, it always did but without President Trump as a distraction more people are reacting negatively to it.

  4. A random security guy Bronze badge

    Cyber attacks must have consequence

    Nations will not behave if there are no controls. No government does. And neither do most people.

  5. Anonymous Coward
    Anonymous Coward

    The simple fact is that the US really WANTS war with China and will use any means to justify it. The madness is they think they can win.

    1. A random security guy Bronze badge

      The purpose of war isn't very obvious. In many respects the US lost the wars in Iraq, Afghanistan, Libya, etc. where they had various degrees of involvement. The US doesn't believe in colonialism. It believes in projection of power.

      Think about the destruction the US can cause and the number of leaders it can humiliate. There was Saddam Hussein, strutting around like a rooster. The US got to him.

      Would you like to pick a fight with the US? You know you are going to get hammered.

      The cost to the US? The lives of a large number of underpaid, underprivileged US soldiers and some cash that goes to the Military Industrial Complex.

      China has been a troublemaker in that region since Mao's time. None of its neighbors except for Pakistan like it.

      The stage is set. We don't know how the cards will play out.

      1. Anonymous Coward
        Anonymous Coward

        War = Economics

        Bidens current politics don't look as though they are doing anything to restart the economy so war will likely be his only solution.

        What we don't know yet is whether it will be a civil war or an external war...

      2. vtcodger Silver badge

        Slow Learners Syndrome

        Downvoted for arrogance and stupidity. Bad case of SLS (Slow Learner's Syndrome) there I think.

        BTW -- What makes the post author (and the American establishment) think that the US will be able to identify cyber-attackers well enough to target retaliation? Most likely any attack on the US will appear to come from someplace(s) other than their actual source. It'll very likely be like the still poorly understood 2016 attacks on US and Canadian diplomats in Habana and elsewhere(?) in 2016. Real most likely. But a mystery.

        If you ask me, the US and others would do well to start identifying their critical infrastructure and moving/keeping it off public networks. Even if that interferes with some folk's (planned) profits.

        1. Anonymous Coward
          Anonymous Coward

          Re: Slow Learners Syndrome

          One immediate response might be to drop the international Internet communication rate to 300 baud which would make infections much harder if they are coming in from outside - yes, it would have a severe effect on the economy (Amazon, Google, Facebook, Twitter, Instagram etc) but it would not be as bad as killing people in both countries ...

    2. achillesneil

      War with China

      I don't think China, or Iran for that matter, has ever been successfully invaded. They would be on a fools errand to try it.

      1. A random security guy Bronze badge

        Re: War with China

        Both have been successfully invaded and subjugated. China was treated brutally by the Mongol Empire. Iran/Persia has been subjugated multiple times.

        The country which has never been successfully invaded and subjugated has been Afghanistan.

  6. sitta_europea Silver badge

    Isn't Biden a Democrat?

    1. Anonymous Coward
      Anonymous Coward

      He tells his voters that but his accountant might tell a different story...

      It's ironic how rich democrats preach that Socialism is a good thing...

  7. Def Silver badge

    ...look what Russia is doing already about the 2022 elections and misinformation. It's a pure violation of our sovereignty.

    Pot, meet Kettle.

    Not so nice when it's not the US doing that to other countries, is it?

  8. sanmigueelbeer Silver badge

    Fight a war when you intend to win -- Never threaten to start a war when all chips are down.

    Joint Chiefs Seek A New Warfighting Paradigm After Devastating Losses In Classified Wargames

  9. codejunky Silver badge


    This is the guy (from the party) who thinks guns wont protect the people from the government and that US democracy was almost overthrown by a crowd wandering into a federal building. Forget a war the US needs to find the money for the $3tln 'infrastructure investment'.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021