Re: Experts: Cyberspace could be next target

[InfoSec News <isn () c4i org>]

Forwarded from: "Jay D. Dyson" <jdyson () treachery net>

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 10 Oct 2001, InfoSec News wrote:

> SAN FRANCISCO For 3 years, a shadowy group of computer hackers has
> broken into hundreds of computer networks and stolen thousands of
> top-secret files on Pentagon war-planning systems and NASA technical
> research.

        If this is true, I am compelled to ask, "What has the DoD and NASA
done to mitigate this threat?"  

> A coordinated terrorist attack, experts say, could topple the Internet,
> muting communications and e-commerce and paralyzing federal agencies and
> businesses. 

        Said "terrorist attack" could only succeed in an environment in
which said federal agencies and businesses do not seek and implement
meaningful security measures.  Sadly, this reality has been demonstrated
time and again.

        With the way things are now, the attackers wouldn't even need to
be skilled intruders.  Note the ease with which scriptkiddies breach (and
summarily deface) multiple websites.  Note the speed by which Code Red and
Nimda propagated across the Internet.  Note the sheer volume of Microsoft
Outlook-borne trojans and worms that clog our mail servers. 

        Yet in all this, we focus only on the attackers, totally ignoring
the common accomplice in all of this: uncaring (if not incompetent) system
and network administrators.

        Until such time that the cognizant parties who maintain our
commercial, government and education sector systems and networks realize
that security isn't just an option, we will be fighting a losing battle.
This will be true no matter how many extreme and liberty-limiting laws our
politicians pass.

        Vince Lombardi once observed that the best defense is a good
offense.  This stratagem is sound only when waging a battle with an
opponent who bears the same limitations (defending a homeland) and risks
(counterattack against their territory and people).

        In the case of "cyber-terrorism," the attacker would most
assuredly utilize breached U.S. servers for the attack on other U.S. sites
in much the same way that the terrorists utilized our own commercial
airplanes on September 11th.  With that in mind, against whom could the
attacked sites level their offense?  The answer is plain: none. 

        Furthermore, in the case of "cyber-terrorism," the mere notion of
offensive counterattack is misguided at best.  Only nations allied with
the West are as dependent on these technologies as is the United States.
Our opponents have no "digital homeland" to defend.  Thus, we are left
without a target against which we can launch reprisals.

        With all of this in mind, the long-held axiom of "the best defense
being a good offense" will avail us no benefit in the digital realm.  In
this arena, an offense is of no use.  "Cyber-war" does not and will not
adhere to the same principles and limitations of real-world war.

        If anything, the lessons of the past five years should make one
principle painfully obvious: the best defense is a *real* defense.

- -Jay

  (    (                                                         _______
  ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) |    = |-'
 `--' `--'  `-- Peace without honor is life without living. --'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO8R5oblDRyqRQ2a9AQGS9gP/e5D5k9fItwBQb6N2Jf0hYknw+iqTpgRB
RrPMXM8nmTa8iJq2z1JD+lrhd8wzhLq6TvwRma9gh0HECT3XO/E3ISozKKfVXqHA
ygI6B4Xo/c7mljpIdM6B2vZOq1xpvsD42SluSIDP5Gi+nQYjjsEDdZyx3qZqN60U
TVRdF3BCjzg=
=Bu/c
-----END PGP SIGNATURE-----



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.