By Richard Power
August 23, 2010
All around the world, governments declare they are gearing up for cyber
war. I know, I know, to anyone who has been at this for any significant
length of time, many of the news stories we are reading today could
have, or should have, been written a decade ago, or more. The term
"Cyber war" seems to be on everyone's lips again. (Cue the theme music
for "Groundhog Day" - again!) In one way, it is hard to take it
seriously anymore; in another way, it is incredible that so many
governments sound like they are just getting started, again.
Nevertheless, even though the chest-beating seems to be a redux, and
much of the blustering rhetoric seems to be recycled, the reality on the
virtual ground in cyber space is that the capabilities (the offensive
ones, at least) have evolved over the last decade, and so have the
opportunities. Furthermore, the appetite to use them seems to have grown
Yes, something is going on in the shadows; indeed, a lot is going on in
the shadows. Meanwhile, in the corporate world, the focus has been on
implementing "conventional wisdom" defenses against a broad spectrum of
threats from phisher-kings and trophy-hunting hackers to dishonest
insiders and unscrupulous competitors. "Conventional wisdom" is never a
good guide; and certainly not in cyber security. Oh, of course, it is
the safe path in and out of the boardroom for that annual review; until
the manure actually hits the propellers. Then, well ...
The recent China-Google and Russian Spy Ring headlines drive home a
troubling truth: the water is deeper than ever, and rising every fiscal
quarter. It is no longer as simple as saying nation states attack nation
states or disgruntled employees are 80% of the problem, the reality is
much more complex. Over a decade ago, it became apparent that
determining where your internal network ended and the "outside world"
began was no longer as simple exercise; then some years ago, it became
apparent that the definition of an "insider" as an employee or an
ex-employee had also broken down.
Increasingly, lines are blurred; increasingly definitions are defunct.
When China moves against the U.S. government or some large corporate
entity (again), or vice versa, or some geopolitical dispute between
Russia and one of its former states boils over into the EU, or Latin
America or the Middle East erupt in hot cyber war, where will your
enterprise be? Will it be in the middle, or on one side or the other?
And which side is the right side to be on? I don't mean morally, I mean
tactically, and strategically. How can you possibly prepare? How can you
possibly justify putting time and grey matter into thinking through what
"prepared" would look like? Where is it all going?
Subscribe to InfoSec News - www.infosecnews.org