Secure Coding mailing list archives

Re: [External] Chinese Hacking, Mandiant and Cyber War

From: "Goertzel, Karen [USA]" <goertzel_karen () bah com>
Date: Wed, 20 Feb 2013 15:47:08 +0000

I agree - and grow increasingly frustrated with those who insist on confusing "cyber war" with "cyber espionage" (and 
vice versa). But I've found it's quite easy to get them to understand the difference by simply asking them to drop the 
prefix "cyber" from each. Cyber war is simply war fought on an electronic battlefield with digital weapons. The general 
objectives are the same as physical warfare: disable/destroy the adversary's capabilities. 

In cyber espionage, by contrast, the objective is to obtain information that is held secret by the adversary. This 
said, espionage is never an end in itself - information must be used for something to have any value. Thus the 
(possible) source of confusion (other than that pesky "cyber" tag): one may undertake cyber espionage in aid of cyber 
war - just as one sends out spies to learn secrets to give one's side a strategic advantage in warfare (or soldiers to 
do reconnaissance before battle - which is a form of tactical espionage). 

The problem is that the origin of the cyber attacks involved may be the same, and the timing of the cyber attacks may 
be (near) simultaneous, so that in the heat of the moment, one might be forgiven for misconstruing as "cyber war" what 
is in fact "cyber espionage in aid of cyber war". But as the objectives of the two are quite different, the attack 
patterns are also very likely to be different. So there is no excuse for anyone with more than the most superficial 
level of understanding of "things cyber" to confuse one with the other. 

===
Karen Mercedes Goertzel, CISSP
Lead Associate
Booz Allen Hamilton
703.698.7454
goertzel_karen () bah com

"If you're not failing every now and again,
it's a sign you're not doing anything very innovative."
- Woody Allen

________________________________________
From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on behalf of Gary McGraw [gem () cigital com]
Sent: 20 February 2013 09:34
To: Secure Code Mailing List
Cc: Bruce Schneier; Ross Anderson
Subject: [External]  [SC-L] Chinese Hacking, Mandiant and Cyber War

hi sc-l,

No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week.  I 
believe it is important to understand the difference between cyber espionage and cyber war.  Because espionage unfolds 
over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty.  During 
the fog of a real cyber war attack, which is more likely to happen in milliseconds,  the kind of forensic work that 
Mandiant did would not be possible.  (In fact, we might just well be "Gandalfed" and pin the attack on the wrong enemy 
as explained here: 
http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare.)

Sadly, policymakers seem to think we have completely solved the attribution problem.  We have not.  This article 
published in Computerworld does an adequate job of stating my position: 
http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9

Those of us who work on security engineering and software security can help educate policymakers and others so that we 
don't end up pursuing the folly of active defense.

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

Chinese Hacking, Mandiant and Cyber War Gary McGraw (Feb 20)
- Re: [External] Chinese Hacking, Mandiant and Cyber War Goertzel, Karen [USA] (Feb 20)
  - Re: [External] Chinese Hacking, Mandiant and Cyber War Ali-Reza Anghaie (Feb 20)
- Re: Chinese Hacking, Mandiant and Cyber War Jeffrey Walton (Feb 20)
  - Re: Chinese Hacking, Mandiant and Cyber War Ali-Reza Anghaie (Feb 20)
- Re: Chinese Hacking, Mandiant and Cyber War Glenn Everhart (Feb 21)