But…but…but…NSA! They positively RELY on vulnerabilities.In February, the security firm Mandiant Corp. confirmed, with plenty of hard evidence, what we've known for a long time: Chinese cyberespionage is staggeringly rampant.
[...]
Given that today's existing defenses and countermeasures have proven largely ineffective in thwarting these attacks, many otherwise sane people have discussed the idea of going on the offensive and "hacking back" by booby-trapping honeypot data or setting loose malicious software. Distressingly, this sort of cyberoffense is being repackaged -- and camouflaged -- in a clever and, ironically, "newspeak" way under the rubric "active defense."
[...]
In order for active defense to work, somebody needs to find a security hole (most likely in software) and develop an exploit for that hole. Then, get this, they need to keep the hole secret so that the exploit they just developed continues to work.
[...]
Now imagine that the attacker is smart enough to capture and isolate the "hack back" code. Ye olde zero-day exploit now belongs to the enemy. Oops!
[...]
Another issue is figuring out whom to "hack back."
[...]
[The real attacker may be hiding] behind a common enemy of the nation-state or a corporation you're attacking. Attackers have been doing it for decades.
[...]
In the end, it's clear that cyberespionage, though reprehensible and certainly worthy of response, is not the same as cyberwar.
[...]
A cyberwar will not unfold over years, months or even days. A cyberwar attack is likely to unfold over minutes, seconds or split seconds. Cyberwar attacks will happen at super-human speed.
[...]
Imagine a cyberattack against the power grid. By hacking in and controlling about 50,000 smart meters, intentionally causing a 300-megawatt stability problem in the grid is well within the realm of possibility. Properly carried out, a stability problem like this could destroy key transformers in the grid, causing permanent damage that would take months, or years to repair.
[...]
The only way forward in computer security is to build systems with fewer vulnerabilities.
Gary McGraw at SearchSecurity
Sunday, April 6, 2014
Do You Want to Fight a Cyber War, Or Do You Want to Prevent One?
Labels:
China,
cybersecurity,
espionage,
hackers,
Internet,
NSA,
technology
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment