U.S.'s Biggest Gasoline Pipeline Halted After Cyberattack(washingtonpost.com) |
U.S.'s Biggest Gasoline Pipeline Halted After Cyberattack(washingtonpost.com) |
https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-p...
It would prevent inadvertent connections between the Internet and the critical infrastructure network.
Everyone from the facility managers to the private equity owners assumed that the plant’s computer network was “air-gapped” -- a term referring to computers that aren’t connected to the internet or another unsecured network. But when Mission Secure installed monitoring devices to check, they discovered that a worker on the night shift was connecting his Roku device to the internet to watch episodes of “CSI: Miami.”
https://www.bloomberg.com/news/articles/2021-05-12/colonial-...
So stuff like this wouldn't happen.
Too much focus always on the “hackers” and never the obvious security lapses solved by diverting executive pay to more bodies and training to cover them, but oh well right?
What reason would we have to blame the company for poor security hygene? what possible outcome could we hope for when in 2021 nearly every Solarwinds customer renewed their license after the hack.
Please.
> Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.
It's hard to get the full story from a single article, and larger publications like the Washington Post tend to focus on the most recent statements from federal agencies and corporations rather than details that you and I find more interesting. Sometimes I wish that newspapers would do more of a synopsis of news stories a month or so after the fact to give more context and "lessons learned" or "what impact has this had?". I would prefer that much more to the "breaking news" approach.
[0] https://www.bloomberg.com/news/articles/2021-05-13/colonial-...
I'd wager a guess that their current IT team was worked to the bone on profit-focused projects, but will be 100% blamed internally by the execs.
It's almost like this arrangement was by design...
No one cares about that type of work that’s why. It’s ridiculous but true.
The global chip shortage for replacement parts if they are needed seems like a strategic coincidence. Definitely an evolving story.
It may not have been a targeted attack.
Tangent - Also interesting, the WaPo article [0] bears little resemblance to itself from only hours ago [1]. The article has grown by about 50%, while contents have come and gone. That's my favorite application for archive dot is - Seeing the timelapse of iterative releases, watching journalism bend and sway in the current of its own response. I'm not making any judgements, the internet is already sloshing with useless hot takes about journalism and media. It's just fascinating to see the modern editorial process at work, out in the open.
[0] https://www.washingtonpost.com/business/2021/05/08/cyber-att...
It's certainly a security incident but until we know more it's hard to say the infrastructure was specifically targetted for an 'attack'
The greatest movie of all time, btw.
Based on a true story, though it's debated endlessly. Clifford Stoll's Cuckoo's egg deals with the same material.
- The Godfather
- Chariots of Fire
- Dr. Strangelove
- Das Boot (original German version)
- About Time
- Who Framed Roger Rabbit?
- Tron
Knowing what is happening now with critical infrastructure, through the internet, can be done in a completely safe manner. It is a solved problem.
Monitoring systems are usually separate and often have their dedicated network too, but they still need some sort of network connection to your critical infrastructure to do their job (monitoring).
Is it not possible to develop protocol or device that operates outside of the web but functions like the'two-man' rule used to launch nuclear bombs?
Of course, Macros works in macOS too if the user has installed Microsoft Office
1) blame the lack of computer security in our infrastructure, and work on improving that
2) blame cybercurrencies, and try to eliminate them
Any bets on which one our government will choose?
Environmentalists used to chain themselves to trees. Would the same physical actions work for climate change?
Its difficult to see the public being opposed to this when coal infrastructure is on the edge of irrelevancy anyway and easily replaced.
https://www.msn.com/en-us/news/us/eight-months-later-colonia...
To me the only reasonable survival strategy is redundancy, but I have no idea how we can reach there.
[1] https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...
You are proposing that we attack them with explosives, are you fine with them retaliating in kind?
What if you lived next to some hackers targeting a foreign country, would you think it's acceptable to get blown up for their actions?
At least not with the 100% confidence that politicians would want before the US military starts dropping JDAMs on buildings.
I would give fairly even odds that something like this is the work of an organization nation state, and also even odds that it's the work of some underemployed teenagers in a basement.
The entire war machine will grind to a halt without oil. It would be one of the first thing to attack.
https://en.wikipedia.org/wiki/Category:2020s_conflicts
Remember when Russia invaded and seized part of Ukraine a few years ago? https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Ru...
Edit: it's also not the point of my post. The US invests in its military partially under the pretense of existential threats (basically, commies invading the mainland). That is undermined by having an laughably easy to cripple defense.
Some critical infra is air gapped though. Other systems implement SIS systems in parallel with general process systems to mitigate catastrophic failure further.
About that infrastructure security... this forum has gone over in detail the situation of infrastructure security in quite a bit of detail as other stuff has happened.
It's easy to say "you need to isolate your critical network from your office network" but that costs dollars and time and letting things fall to shit is free 'till the time comes and then other people the price rather than you.
The privately held, Georgia-based company is owned by CDPQ Colonial Partners L.P., IFM (US) Colonial Pipeline 2 LLC, KKR-Keats Pipeline Investors L.P., Koch Capital Investments Company LLC and Shell Midstream Operating LLC.
All the best names of neoliberalism!
If you don't realize what you are getting into, you may regret it because you will get a K-1 at tax time.
I don't know if it's any more of a tax dodge than an REIT.
The market is literally saying they are undervalued.
The flogging will continue until bug bounties improve.
It's eerily similar to "burn it all down" https://en.wikipedia.org/wiki/Accelerationism, which, itself is on the rise and burning from both ends.
I infer your point to be that more attacks might cause the victims to step up their defenses. It's a cat and mouse game. Always has been in all realms.
"It'll get worse before it gets better." I've been hearing that for decades. I'm starting to wonder, due to what appears to be a decline in civility. Following the rules only works if we all do. Those who eschew the rules have an obvious advantage.
Where has integrity gone? We are tearing ourselves apart and justifying it ... or coming to terms with it I suppose, by saying it'll be better some day.
Well... when... exactly? By what measure will we know?
I know Stephen Pinker, Hans Rosling, and various folks say it's the best time to be a human. Okay. Sure. I see the math. I'd like to see them update their charts for data out over the past year.
But ... anecdotally, none of that math seems to percolate down to my community. The people around me are in constant fear. I just saw a woman walking down the road, all by herself, I had clear vision for a mile and so no one else but her... and she was wearing a mask.
She was afraid. She was anxious. Regardless of the relative safety that exists today, or the belief that it'll be safer tomorrow because of the lack of said safety, the people around me aren't feeling it.
They're buying guns because red people are coming for them... or the blue people already are. Or the government will. There is literally no milk at the store because of an HDPE shortage prompting the grocer to put a Force Majeur notice on the dairy fridge door.
Trust has broken down. Fear of our own neighbors is up. Crime is up. Poverty is up. Suicide is up. Cyber crime is up. Inflation is up. The Gini coefficient is up.
I really have trouble believing that making it worse real fast, or even reporting more of it, is going to make it better.
I don't see it.
I expect after a few major crises involving mass casualties or major economic losses the federal government will mandate that private industry completely disconnect certain critical infrastructure control systems from the public Internet. Basically the same approach used by SIPRNet.
To shutdown a pipeline, it's not a management console issue, hence why I'd speculate it's in the ICS devices themselves, which probably use uClinux toolchains on SoCs from one or two large vendors. I did some smart meter and ICS security work in the 00's, and there were a few vendors who would be strategic targets. The attack tools available now are unbelievably better, while the attack surface is pretty much the same due to the long lifecycles of ICS components, and considering today we've got cheap SDRs and gnuradio blocks for most wireless protocols, AVR tools, buspirate and the good/greatfet, ghidra/ida, and python for reverse engineering, the vulnerability research on this stuff moves way faster than the industry ability to respond.
If this is a serious attack, the only way to respond will be if they are very lucky, it's a worm and they can stand up a honeynet with spare gear to catch a sample and any good infosec firm can pull it apart. But if it's an active APT group, there's probably a political solution, as given what's possible, this would seem to be just a shot over the bow.
I bet there is a layer of windows XP machines involved in a legacy control system. XP machines that weren't supposed to connect to the internet somehow have malware on them. It doesn't even have to do anything. Simply the detection of anything in such circumstances is enough to warrant them being shut down.
I've said it a thousand times, all the security in the world will not defend a SCADA system if someone left TeamViewer running somewhere.
Don't mean to pick on TeamViewer. It could be any number of packages, but I think security minded people get an idea of the type of attack vectors I'm talking about.
A shutdown is a huge deal and means they’re taking this extremely seriously.
The appropriate analogy is more like a nuclear reactor. They require some system controls to stay functional and healthy (water temp increases in loop x, increase motor speed of pump y, if already at or exceeding speed z, set off an alarm).
These controls need constant monitoring in a control station somewhere, sometimes tuning or fixing if there is a bug or issue somewhere, etc.
A lot of the cost of a nuclear plant is trying to cover every possible scenario and being compliant with endless regulations for stuff like this (and everything else).
That most non-nuclear plants don’t want to deal with the hassle and expense shouldn’t surprise anyone. That non-nuclear plants often don’t even TRY to cover basic cases SHOULD dismay and surprise people. These issues have been well known and publicized for literally 30 years.
A reason safety guys in these industries have the saying ‘regulations are written in blood’ is often not because no one sees the danger. Rather, until the body count reaches a certain point, no one can justify the expense to require it be fixed.
Yes. It's called Threshold Cryptography and it generalizes 'two-man' rule to require that N of M authorized users agree to an action.
But it's not really necessary here. What's needed for infrastructure is to get it off the internet and to quit using insecure operating systems and languages.
According to some sources, it's been done before:
>CIA plot led to huge blast in Siberian gas pipeline
>Thomas Reed, a former US Air Force secretary who was in Ronald Reagan's National Security Council, discloses what he called just one example of the CIA's "cold-eyed economic warfare" against Moscow in a memoir to be published next month.
>Leaked extracts in yesterday's Washington Post describe how the operation caused "the most monumental non-nuclear explosion and fire ever seen from space" in the summer of 1982.
>Mr Reed writes that the software "was programmed to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds".
https://www.telegraph.co.uk/news/worldnews/northamerica/usa/...
Would be nice to have separate data lines, running fiber optics sealed in pressurized conduits for double tamper detection. The military actually does this for their critical infra.
At least German Telekom has been doing this for ages for the trunk cables serving entire areas with analog phone service - although not for tamper detection as an anti-spionage measure, but rather to detect and pinpoint damage to the cables, e.g. from excavators, tree growth or splice seals degrading.
https://www.wired.com/story/how-30-lines-of-code-blew-up-27-...
That lab tends to specialize in cybersecurity and infrastructure.
https://www.wired.com/2011/10/idaho-national-laboratory/
The critical infrastructure part of the lab:
You mean like a pandemic? ;)
The state of computer security is unacceptable and needs to be fixed. Today its profit-motivated extortionists, but anything they can do is also an option for spy agencies, and is it really that hard to imagine anti-oil activists pulling the same stunt some day?
On the other hand, crypto is the thing behind the profit motive. If crypto is impractical (if there were no way to convert it to real currency), the profit incentives for these attacks (and mining, for that matter) break down.
I realize this isn't a popular opinion around here, but we should probably do both.
Get out of here with this.
I’m not saying I support government action here but we should be honest about the situation.
The U.S. government has been addressing computer security in infrastructure for a long time.
One argument you can make is to partly defund the surveillance-based departments and agencies and put together a cybersecurity agency who is tasked with hardening the country's systems. I have no idea how someone would build a legislative and personnel firewall to protect it from the existing need to peep through keyholes, it's probably not possible.
3) blame Russia/China
Additionally, if there was a whiff of malicious software or unintended access I would imagine they would want to make sure it didn't get into other systems. That would involve isolating and possibly shutting down machines and equipment.
I guess we'll see when they release more information. I would imagine that we'll get more details since this is critical infrastructure.
No need for firmware vulnerabilities in VxWorks when there are internet connected windows pcs.
Peer-to-peer threats from a world power perspective seem to be less bullets and more code. Any cyber warfare would just end in both parties destroying critical infrastructure until there's none left. War of attrition, skipping completely past the military and affecting the civilian population directly.
There are devices called data diodes that provide unidirectional network topology, but not all time series data interfaces can work with them.
All in all, I agree that total air gap is obviously the best way to mitigate network attack vectors, but sometimes not practical. No controlling device should be at level 3 or 4 though (business or enterprise level).
There is no shortage of labor for jobs paying high 6-figures … :-)
That’s why international attacks are more prevalent and bold: they’re not as easily traceable. However, that also comes with its downsides: if the USG wants, it might just use lethal force against you.
So ultimately the people who tend to do this repeatedly end up being state owned or state protected actors, who are likely offered some sort of protection by their State from retribution by the USG.
I was trying to explain that having a separate monitoring infra and network group wouldn't work as a replacement for unidirectional network setup, because you sill need to open network access between critical infra and the monitoring system in your design, which will expose it to the internet.
So like you said, you still need to have an unidirectional network in place.
I replied to a comment on a dupe post regarding PAT, in which analysis is done on process data and fed back into the process to increase efficiency or yield. Obviously there are varying levels of criticality where the risk vs the business reward might not be worth it though.
You can sent the status of the log out through the data diode, along with a copy of the data.
letters of marque for the nation-state actors. bounty hunters for the criminals. There's a lot of options, I suspect using the financial systems to stop bad guys is probably going to miss the mark and produce emergent unintended consequences.
I.E. it's going to get bloody.
There’s a bunch of games played.
That's what I was referring to about the K-1; you pay taxes on the income of the partnership even if you didn't sell any shares.
For an smaller scale individual, the paperwork is a pain unless the entity is designed to be used by an individual.
If the owner has an IT department they usually don’t want to be responsible for it either since locking things down leads to weird issues with legacy proprietary SCADA systems.
There is no out of the box secure solution available yet. Rockwell certainly makes an attempt with their factory talk directory but I highly doubt that isn’t easily worked around somehow.
Luckily I’ve pushed enough over the years that we at least include A/V software as mandatory.
I’ve been able to carve out a nice space within my company bridging the IT/OT divide. It’s been particularly good recently since the bigger companies are dictating good cyber practices, but rely on integrators and vendors to implement.
I don’t think there will ever be an out of the box solution unless a system stands on its own, which is becoming increasingly harder with modernization and reliability efforts. Add on top of that privileged access, remote monitoring and support, automated (kind of) patching, etc. you have to interface with the IT side a bit.
OpSec - it's not just a buzzword, it's the Way.
Cryptocurrency is a bunch of people thinking their bets are more important than the government's control levers of monetary and fiscal policy. They'd rather make a quick buck and disregard the fact that this takes away our government's sovereignty. Our government's ability to bail out the economy, protect its most vulnerable.
It's more important that the Winklevosses and early supporters get all the economic upside, and it's just fine if the US dollar slides into the abyss. Lower income folks surely won't get screwed by this.
Nevermind the fact that cryptocurrency is destroying the environment. That's just a minor detail.
Cryptocurrency is selfishness and hubris.
All the smart people working on this insanity would be doing the planet much better if they were working on fixing social media or making tools for cancer researchers. I'm not for telling people what to do with their lives, but this observation seems pretty obvious to me.
How did the bailouts in 2008 help the vulnerable people who were subjected to predatory loans and lost their homes?
> Nevermind the fact that cryptocurrency is destroying the environment. That's just a minor detail.
Can you back this up with any data? Just went through a paper published on this topic by a couple of environmental researchers and the methodology was quite awful, and the authors did not understand mining.
I'm happy to discuss any data you have.
I'm a bit pessimistic because you don't sound open to the idea that cryptocurrencies have any value at all.
They didn't but they kept the banking infrastructure alive. What I never understand however is that the government doesn't give that bailout money in exchange for newly issued shares which they then sell for a profit once the bank is back on its feet.
This isn't true. For every person buying Bitcoin thinking they are hedging themselves against inflation there is someone who sells Bitcoin because they think the exact opposite. So this doesn't take the government's sovereignty because someone ends up with a lot of USD at the other end and you can still apply things like negative interest rates on accounts with huge balances.
Ironically Bitcoin is a very poor inflation hedge because of its periodic bubbles and extreme volatility. The bubble can pop exactly the moment inflation goes up and ruin the "hedge" until the next bubble exceeds the current all time high again.
We don’t want to cure cancer (don’t know how). We want to free the world of the tyranny of central banking, debt-based economies and theft of savings through inflation. It is a noble endeavor. Selfishness is continuing along the old broken road. There are new, better ones.
You've been living the last 20 years under the tyranny of lack of fiscal stimulus. The biggest problem with the Fed is that it's the job of the government to distribute the money fairly for everyone and since Obama nobody did the necessary fiscal stimulus but this is changing thanks to Biden.
>debt-based economies
That just means more unemployment than necessary.
> and theft of savings through inflation.
What about theft of future potential through deflation? Does the future generation really owe you more than you worked for yourself?
>It is a noble endeavor.
Noble as in for the aristocracy, who have inherited and did nothing with their wealth but grew it anyway?
>Selfishness is continuing along the old broken road.
Biden has already left the old broken road.
I prefer a society where passengers are free to chit chat with the pilots when they aren't busy. Where children who might be interested in being a pilot can see a cockpit in the air and how it's done.
I remember reading about the history of security in ancient Rome. The lengths to which normal citizens had to go to to protect their homes. I don't want that. No one wants that. No one wanted that then either.
It's a distraction from productivity. It's a constant worry factor that consumes brain waves that could be spent making all our lives better.
Instead, we have to divert our attention to those who want to make it worse.
One can't just tell russians/chinese/iranians "we have open and free society do please don't hack into our electric grid" and expect it to work.
And yeah... we exactly can say that. We do it all the time. We almost blew up the world because Russia sent some missiles to Cuba.
There's no reason the digital war can't have physical repercussions. If a foreign nation invades our digital properties, we drop a bomb on their electric plant.
Simple as that.
I hope that one day every device on the OT network has a yubikey and all messages are signed so that no unauthenticated access is possible.
Luckily a lot of our customers use PI, so we install the PI OPC interface on the application layer and only PI ports need to be opened to the next level.
Even more so the vendor we work with, Emerson, even has IPD firewalls to go between the DCS computers (engineering, historians, operator stations) and the I/O (what we refer to as level 2). The price tag can really jump when you implement all these security features, but an argument can easily be made that it's worth it when you consider some of our customers run batches that can be worth $500K or more per batch.
The military's role isn't to provide peace and justice for citizens, it's to kill people and destroy things. That's not an insult to the military, that's what soldiers will tell you; we need to be realistic about it. They should not be operating around civilians in peacetime (except in special circumstances).
What would be an example of a civil liberty violated by for instance standing up a large Brigade or service of tech soldiers who secure, patch, work to shore up our critical infra and services? + a lot of funding; we already prop up the lockheads of the country.
I agree that it seems our Gov. can't be trusted not to intrude into our communications and other civil liberties.
But this is more about industrial control, supply chains, the foundation of software etc.
The gov didn't react or try to stop speech attacks on digital platforms even though they knew it was happening. They didn't even report it was happening because of I think naive political concerns.
Personally I liken it to missile defense and other existing programs which we spend a HUGE amount of money on.
Not securing our infrastructure could have even bigger consequences.
We're already in a growing cold war, personally I think decent potential to go hot within a decade.
Even looking at the little publicly reported easy hacks the, let alone the unknown advanced capabilities of state actors, the first salvo attacks will probably wipe out a huge portion of both sides infrastructure and basic digital necessities to function in our society. At least we're getting more serious about defending space because the military has their owned assets up there.
Maybe MAD would focus these attacks on military targets but I don't trust these nation states, or perhaps our own, to limit the radius. And maybe it's not even possible with how inter connected things are.
What happens when the military believes an attack is coming from a private citizen? Can they spy on or take action against that person? Can that alleged attacker's computer be seized? On what evidence? What if the military determines that effective security means surveilling a wide area before an attack, or collecting all citizen data to have a source to search for clues in case of an attack? What if they determine, which some already agree, that the best defense is a good offense?
I'm of a mind that the security should be a regulation, and the infrastructure operators have to meet it. The NIST can develop standards and techniques, but the safety of infrastructure is part of the cost of doing business. Your plant can't be a menace to the community due to risk of explosion, pollution, etc. - it seems no different. The operators have gotten away with buying cheap, crappy IT for years. It's time to invest seriously in rigorous, quality engineering.
We have some shades of that happening already, but I imagine a future where instead of sending young people to die,warring nations wreck each others economies remotely... which again isn't too far from current day.
While there'd still be casualties it wouldn't be nearly as barbaric as current wars, more developed nations would finally have as much skin in the game as disadvantaged ones, etc.
The way I see it, the best way to discourage war is to make it unprofitable. If war just becomes directly hurting each other's ability to make money I could see war, or erm excuse me armed conflicts, getting a lot more unattractive.
https://en.wikipedia.org/wiki/A_Taste_of_Armageddon
People marked as casualties had to report to the disintegration chamber.
War will always be a bad thing, but putting people on the ground in a foreign land with the mission to kill others has always amplified the horrors of war many many times over.
Taking out power in half the US for a day would kill thousands, but it's the equivalent of an all out attack on the US.
Compare that to if another country were to physically commit to an all out attack and it's easy to see why this would make future wars look like minor skirmishes compared to what's happened in the past
Right now it is profitable for us to go to war. Contracts are signed, jobs are created, it is good for powerful wealthy people for the country to be at war. And if you're powerful enough the risk of retaliation is so low that it's all gain and no cost (outside of human cost which is never enough apparently)
With this type of war the equation would be switched. Going to war directly harms wealthy benefactors, who as a result of their wealth hold political influence.
We're already seeing that aren't we? Espionage at companies like Boeing and Lockheed Martin. It's not harming any "normal person" but it's directly hurting the pocketbooks of powerful people. It creates incentive to avoid conflict in a way that (unfortunately) young men and women dying doesn't seem to have done in the past
I would be into a non-military branch. it baffles me we haven't funded this. Regulations are also a good first step, but don't seem enough alone. though HIPA and SOC seem fairly ok at least with low level stuff.
If we're going to spend $2T on infra throw at least $100 billion on this, some more to pay to onshore more critical chip & manufacturing. But Republicans are stuck on cars.
> Simple as that.
Do you think people would support a nuclear war ( because if the US bombs Russia or China, the response could very well be nuclear) as a response to hacking? And are you aware that the US is one of the most active countries on the cyber warfare front? ( Snowden, the various NSA toolkit leaks, etc.) Should Iran respond with bombs when Israel and maybe the US sabotage it's nuclear industry? Should Russia respond with nukes when the US disrupts GRU operations?
Not gonna happen. Because: a) that would almost surely mean all-out war (in case of Russia/China - with country that has nukes), started by US b) dropping a bomb on electric plant of country that has at least some air defense (and I think it's safe to assume Russia/China/Iran have plenty of that) is not simple
There are many differences. I already mentioned locality and scale. Another is that it's possible to make secure software (aka math) that precludes undesirable behavior a priori, whereas such thing is impossible in the real world.
> Digital borders exist all over the net. We use them every day to secure all sorts of things
Erm, how do you square these two sentences?
I took your first comment to be arguing against software security in general, presumably in favor of more post-facto enforcement when people violated authorization boundaries.
Your response then seemed to focus on mitigating the cross-jurisdictional issues that make post-facto enforcement hard, by having some sort of software-based security enforcement at a "border", and then relying on post-facto enforcement inside of that.
Now you seem to be supporting software-based security in the form of firewalls everywhere?
If we continue along this trend to even more local, we'll get to fewer firewalls (because they aren't that good of a technology), with security pushed out to the edges. Which is where best practices seem to be headed (BeyondCorp, etc), but is directly antithetical to your initial comment.
I think the difference in our viewpoints might be that I don't think it would just be power our for a day.
I think it would be far far worse.
Explosions, power out for months. Exploding a pipeline much harder to repair.
cutting off chip supply with the precipitating attack on Taiwan so we can only access our onshore capacity, if there isn't a cleanroom breach taking weeks or months to recover. Or say an attack on ASML.
sewer services going out or changing the mix to make water not or less safe. Damns.
It's just such a huge amount of our day to day lives; even very simple out of date XP hacks take a while to patch, let alone something like the supply chain chip attack Bloomberg reported and never retracted - which is still weird in my mind and something I could totally see as a current reality on both sides with a long history of similar 3 letter behavior from US.
At that point where we're being attacked with pipelines exploded we'd be getting bombed.
It's a lot easier to fix a contaminated water treatment facility than a pile of rubble. Same for every other form of technology.
It's almost tautological, the system controls malfunctioning at worst can only destroy the system, conventional warfare defaults to destroying the system.
Of course they'd end up printing money via some L2/L3 and we get the same deal. If we actually followed through, we'd get permanent deflation which is an obvious disaster even without accepting the Keynesian arguments against it (I find that part of Keynesian thinking to be mostly false).
In an economy, where everything is scarce and people can't get enough of the things that they need. The US and EU economies are not like that. Turkey is like that, Zimbabwe is like that, Argentina is like that, Venezuela is like that.
In the US the only scarcity exists in housing and it is purely self inflicted. All inflations are caused by scarcity or shortages, solve the shortage and you solve the inflation. Covid won't be here forever, any shortages it causes won't be permanent but it may take years to recover if you are pessimistic.
I'm not much of a crypto cultist (which is the latest trend here on HN, to tag anybody that defends crypto with that to shut down conversation), however it's extraordinarily obvious at this point how cryptocurrencies can help you evade inflation in eg USD or evade the debt damage to the US economy. Bitcoin for its part is global and not primarily dependent on the condition of the US economy, and it's likely to become increasingly global and even less dependent on the US over time.
> Don't you still need to pay for goods and services in the same debt-based economy
Of course. This is a case where crypto is even better than gold. It's particularly trivial to convert in and out of traditional fiat.
Surely you understand enough about cryptocurrencies at this point to know how easy that is. And it appears likely to keep getting easier, given the effort companies like Coinbase, Robinhood and Square are putting into it (check out what Square did in its latest quarter courtesy crypto).
> How does the flavor of money change whether someone needs to go into debt?
The parent said debt based economies. The US has an economy and government system that is increasingly drowning in debt (check out the corporate balance sheets in the US; nationally it's horrific; that situation has been spurred on by the Fed's forever low interest rates, which encourages corporations to take on ever greater sums of debt because it's artificially cheap, which will ultimately lead to zombies ala Japan). The Federal answer to that is to print ever increasing sums of fiat USD, because there are no foreign buyers left that can absorb tens of trillions in new US government debt. The Fed unavoidably becomes the primary buyer of the US Government's debt (this is where a nation begins eating itself; that began for the US over a decade ago now as a trickle, that trickle is picking up pace). Once upon a time not so long ago it was a huge deal that China held a trillion dollars of US government debt, now that sum is a joke, a mere portion of one spending program this week or next. That's how quickly the US is imploding fiscally.
How does Bitcoin help you with that if you're stuck in a debt based economy? Well it's very obvious. The Fed will keep printing aggressively to fund the US Government's finances. And the Fed will have to hold interest rates as low as possible forever now, because the US Government can't afford its debt any longer at normal interest rates (3% * $40 trillion = bye bye social security or medicare or the US military). That need by the US to inflate massively, to constantly debase the rapidly expanding monster pile of debt, can be hedged via gold, sometimes via high quality stocks, and possibly via crypto (pick the one/s you think will endure).
And as this all gets worse, the tax hikes have to keep getting worse, which will choke off growth, which accelerates the stagnation and makes everything that much worse. All in all, the average rate of growth in the US economy will keep sinking toward zero.
Given enough time, somewhere between 10 and 20 years depending on how wild the clowns in DC get with spending, they'll have to begin directly debasing the USD to accomplish their goals (they'll promptly educate the public on how it's economically beneficial to devalue their currency), it won't be enough to do it slowly. There's nothing novel about any of this, we already know exactly what the playbook looks like, see: Japan. The US will be able to maneuver a little better than Japan has courtesy of having the global reserve currency (although at the rate they're destroying things, that global reserve position will drop out even faster than it was otherwise going to).
The only way Bitcoin & Co aren't useful given where the US is obviously going at this point, is if the powers that be get so desperate about the context that they outlaw crypto or otherwise make it very impractical (artificially add enormous cost to owning it, via tax or regulation).
I don't know if the gradual, typically controlled and predictable inflation of fiat currencies is worse than constant value fluctuations due to speculators in cryptocurrencies, but that's obviously for each individual to determine for themselves.
I am also curious, is it impossible for new BTC (for example) to be minted? Is it possible to change that? My understanding is yes. If so, it sounds like someone could play the same role as the fed there if they really wanted to.
And what happens to the value in the event of a fork of BTC that attempts to make BTC actually useful as a currency instead of just as a commodity? Is this an additional vector of instability in the value of the "currency"?
Yes, the national debt is increasing, but from 2000 to 2020, the percent of federal debt owned by the Fed increased from ~11% to ~18%. [0] That is hardly uncontrolled money printing. Private investors are still buying the bulk of treasuries despite the low interest rates, because they're extremely safe investments. I do believe that inflation will pick up a bit, especially for assets vs. consumables, but I don't buy the idea that we'll see anything much worse than what was going on in the 70s or 80s.
As far as the size of the debt, we're close to where we were in terms of debt to GDP ratio after World War II, but the cost to the country in terms of GDP of maintaining the debt has held fairly stable throughout modern history. [1] Considering the historically unprecedented impact of COVID-19 and the cost of dealing with the crisis, a temporary bump in debt is totally unsurprising to me, especially with how cheap it is to borrow.
I don't have a strong opinion on whether crypto will hold value well over decades or not, but I find arguments that crypto's rise is inevitable because the collapse of the USD is inevitable to be particularly unfounded.
[0] https://fredblog.stlouisfed.org/2018/04/whos-buying-treasuri... - expand and compare Q4 2000 to Q4 2020. [1] https://fred.stlouisfed.org/series/FYOIGDA188S
Yes, that is what happens when your currency is the world reserve currency. Every nation exports their products to you but they never want to import anything from you. Therefore you run into a domestic unemployment problem and you must take on an increasing amount of debt just to keep your economy stable. That's the "exorbitant privilege" the privilege to be forced to take on debt.
It's called a privilege because smart leaders recognize that you can have your cake and eat it too but neither Obama nor Trump have taken advantage of that, all they did was let the disadvantages outweigh the benefits. Trump merely wanted to reduce the disadvantages by starting a trade war with China.
>that situation has been spurred on by the Fed's forever low interest rates,
Those low interest rates aren't spurred by government debt. They are spurred by low inflation, if possible the interest rates would be at -1% or deeper but things like treasury bonds, cash and in theory Bitcoin prevent interest rates below 0%.
>which encourages corporations to take on ever greater sums of debt because it's artificially cheap, which will ultimately lead to zombies ala Japan).
Yes, those corporations are supposed to grow their business and employ people, even if those companies are useless to society, because the beneficial effects of employment will completely outweigh the downsides of zombie companies. However, inflation never came and unemployment is taking forever to shrink. (precovid of course)
>The Federal answer to that is to print ever increasing sums of fiat USD, because there are no foreign buyers left that can absorb tens of trillions in new US government debt.
There are lots of foreign buyers for USD though which drags inflation way down.
>The Fed unavoidably becomes the primary buyer of the US Government's debt (this is where a nation begins eating itself; that began for the US over a decade ago now as a trickle, that trickle is picking up pace).
This argument makes sense when the debt is fueled by Trump style tax cuts because you are ruining your ability to pay the debt back in the future, I mean, how are you supposed to pay the debt back if not by raising taxes above previous levels?
If you spend it on one time stimulus the risk of the debt growing only exists until the economy has recovered. If you spend the money on infrastructure you can actually net a greater return in the future.
>Once upon a time not so long ago it was a huge deal that China held a trillion dollars of US government debt, now that sum is a joke, a mere portion of one spending program this week or next. That's how quickly the US is imploding fiscally.
It's a huge deal in the sense that it obligates the Fed to increase the money supply and the government to increase debt as mentioned in my first point. China buying US government debt IS the problem, in the sense that it forces the US government to go into more debt. If China is actively hurting the US economy, it is doing so by buying US debt which means it is not importing products from the US, which means China is not creating jobs in the USA. If China ever decides to unwind its US debt only good things will happen to the US economy.
Not interested.
It's not my job to protect my house from a foreign military that might want to come into it and steal things from me.
Nor should I install radar systems to alert me to enemy aircraft. That's why the USA spends the better part of a trillion dollars on the military.
That's my government's job and they should do that job. That's what I'm saying.
If a foreign government sent boats full of marauders to our shores to steal from people's homes and stores, you think the government would look the other way?
I don't. I think they'd blow the boats up and kill the marauders.
You've got a good point about general fear and trust breakdown with your top level comment (although not your inference from someone wearing a mask alone outside, there are many good reasons for that such as the possibility of coming up on someone, not wanting to fiddle with it while going between places you need it, etc.)