Chinese Hacking, Mandiant and Cyber War

[Gary McGraw <gem () cigital com>]

hi sc-l,

No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week.  I 
believe it is important to understand the difference between cyber espionage and cyber war.  Because espionage unfolds 
over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty.  During 
the fog of a real cyber war attack, which is more likely to happen in milliseconds,  the kind of forensic work that 
Mandiant did would not be possible.  (In fact, we might just well be "Gandalfed" and pin the attack on the wrong enemy 
as explained here: 
http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare.)

Sadly, policymakers seem to think we have completely solved the attribution problem.  We have not.  This article 
published in Computerworld does an adequate job of stating my position: 
http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9

Those of us who work on security engineering and software security can help educate policymakers and others so that we 
don't end up pursuing the folly of active defense.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________