Re: Quick Review: Cyberwar as a Confidence Game by Martin C. Libicki

[Chris Eagle <cse.lists () gmail com>]

On 3/21/2011 10:48 AM, Ron Gula wrote:
> I'm not sure I agree. Technically, sure, you can hack into things and
> take them out. However, comparing hacking to a cruise missile is a
> stretch. I can patch my systems today and your cyber-attack tomorrow is
> foiled. Or maybe I switch from Mac to Windows. A Tomahawk cruise missile
> is just as effective against a Russian radar system or a French one.

I think this confuses a lot of issues. You generally can only patch
against my attack if you know something of my attack which I am not
likely to share before I use the attack. Even if you do patch, it
doesn't render my attack obsolete across the entire domain. If my attack
fails, I try a new attack. Your patch or your alternate platform are
just defenses I need to circumvent with careful mission planning. And a
Tomahawk may not be as effective against a Russian radar system if they
have a defense against Tomahawks, while the Tomahawk may be very
effective against the French if they have no defense.

The issues you point out are more closely related to time scale in the
cyber domain.  It's likely that a defense against a cyber attack can be
developed and deployed much faster than a defense against a more
conventional threat.  In this regard, the decision to burn an 0day to
achieve an effect may be much harder to make than the decision to use a
tomahawk which have been in use for decades and still remain effective.
As a result, "cyber" weapons are likely to have a much shorter shelf
life than conventional/nuclear weapons because of the problems you cite.
That makes them no less useful while they remain fresh.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave