You Will Anyway: Do You Want to Fight a Cyber War, Or Do You Want to Prevent One?

Sunday, April 6, 2014

Do You Want to Fight a Cyber War, Or Do You Want to Prevent One?

In February, the security firm Mandiant Corp. confirmed, with plenty of hard evidence, what we've known for a long time: Chinese cyberespionage is staggeringly rampant.

[...]

Given that today's existing defenses and countermeasures have proven largely ineffective in thwarting these attacks, many otherwise sane people have discussed the idea of going on the offensive and "hacking back" by booby-trapping honeypot data or setting loose malicious software. Distressingly, this sort of cyberoffense is being repackaged -- and camouflaged -- in a clever and, ironically, "newspeak" way under the rubric "active defense."

[...]

In order for active defense to work, somebody needs to find a security hole (most likely in software) and develop an exploit for that hole. Then, get this, they need to keep the hole secret so that the exploit they just developed continues to work.

[...]

Now imagine that the attacker is smart enough to capture and isolate the "hack back" code. Ye olde zero-day exploit now belongs to the enemy. Oops!

[...]

Another issue is figuring out whom to "hack back."

[...]

[The real attacker may be hiding] behind a common enemy of the nation-state or a corporation you're attacking. Attackers have been doing it for decades.

[...]

In the end, it's clear that cyberespionage, though reprehensible and certainly worthy of response, is not the same as cyberwar.

[...]

A cyberwar will not unfold over years, months or even days. A cyberwar attack is likely to unfold over minutes, seconds or split seconds. Cyberwar attacks will happen at super-human speed.

[...]

Imagine a cyberattack against the power grid. By hacking in and controlling about 50,000 smart meters, intentionally causing a 300-megawatt stability problem in the grid is well within the realm of possibility. Properly carried out, a stability problem like this could destroy key transformers in the grid, causing permanent damage that would take months, or years to repair.

[...]

The only way forward in computer security is to build systems with fewer vulnerabilities.

Gary McGraw at SearchSecurity

But…but…but…NSA! They positively RELY on vulnerabilities.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

"It takes only a bit of knowledge of history to realize how dangerous it is to think that the people who run the country know what they are doing." -- Howard Zinn

"It’s not about not having something to hide; it’s about having something to lose. What we lose when we’re under observation is our humanity...Rights are inherent to our nature, they’re not granted by governments, they’re guaranteed by governments. They’re protected by governments." -- Edward Snowden

"Terrorism is the willingness to kill large numbers of people for some presumably good cause.” -- Howard Zinn

"What we have is a foreign policy which is essentially a marketing strategy for selling weapons." -- Jill Stein

"We should always remember that the danger to societies from security services is not that they will spontaneously decide to embrace [Stasi style] mustache twirling and jackboots to bear us bodily into dark places, but that the slowly shifting foundation of policy will make it such that mustaches and jackboots are discovered to prove an operational advantage toward a necessary purpose.” ~ Edward Snowden

"America: just a nation of two hundred million used car salesmen with all the money we need to buy guns and no qualms about killing anybody else in the world who tries to make us uncomfortable." ~ Hunter S. Thompson

"Let me issue and control a nation's money and I care not who writes the laws." ~ Mayer Rothschild

"News is what somebody does not want you to print. All the rest is advertising." ~ LACUNA

"What matters in journalism isn't politics, which are as universal and inescapable as breathing. What matters -- along with a fundamentally adversarial attitude toward government, without which "journalism" is simply public relations -- is integrity, transparency, evidence, coherence, and principle. These are the principles on which we should evaluate the quality of journalism, and their absence is why some journalists are so desperate to get you to focus on something else." ~ Barry Eisler

"There is no inverse relationship between freedom and security. Less of one does not lead to more of the other. People with no rights are not safe from terrorist attack." ~ Molly Ivins

"The brain of our species is, as we know, made up largely of potassium, phosphorus, propaganda, and politics, with the result that how not to understand what should be clearer is becoming easier and easier for all of us." ~ James Thurber

"The highest patriotism is not a blind acceptance of official policy, but a love of one's country deep enough to call her to a higher plane....When you hold up your arm and swear to uphold the Constitution, you don’t say, 'Except in wartime.'" -- George McGovern

"I’ll believe that corporations are people when Texas executes one." ~ Bill Moyers

"When did hope become a political dynamic? Hope is right below wishful thinking and right above performing a rain dance on the scale of activity." ~ Rich Hall

Life, as Explained in "Rosencrantz & Guildenstern Are Dead"

GUILDENSTERN: What a fine persecution---to be kept intrigued without ever quite being enlightened.

------
ROSENCRANTZ : The only thing that makes it bearable is the irrational belief that somebody interesting will come on in a minute.

------
GUILDENSTERN: But for God's sake what are we supposed to do?!

PLAYER: Relax. Respond. That's what people do. You can't go through life questioning your situation at every turn.

GUILDENSTERN: But we don't know what's going on, or what to do with ourselves. We don't know how to act.

PLAYER: Act natural. You know why you're here at least.

GUILDENSTERN: We only know what we're told, and that's little enough. And for all we know it isn't even true.

PLAYER: For all anyone knows, nothing is. Everything has to be taken on trust; truth is only that which is taken to be true. It's the currency of living. There may be nothing behind it, but it doesn't make any difference so long as it is honoured. One acts on assumptions.

------
GUILDENSTERN : We act on scraps of information... sifting half-remembered directions that we can hardly separate from instinct.

------
PLAYER: Life is a gamble, at terrible odds-if it was a bet you wouldn't take it.