Secure Coding mailing list archives
Re: [External] Chinese Hacking, Mandiant and Cyber War
From: Ali-Reza Anghaie <ali () packetknife com>
Date: Wed, 20 Feb 2013 13:10:55 -0500
It's "confused" intentionally - the money and control grab that can be accomplished through "war" FAR exceeds anything that comes under the context of espionage. It's all about increasing the perception that a State-level response is the only effective solution. RE: Policy makers - the biggest problem I've had with convincing anybody in those circles is they think attribution is equal when it comes to them. A Maltego graph finding a bit of information on them and tying it to a Facebook profile is absolutely convincing. No matter what else you say - after such a demonstration by an "expert" - they resolutely believe that all other attributions are just that exacting. The route I've been taking lately is trying to explain to people how ~little~ a State-funded attacker matters to them. Geopolitical attribution doesn't even matter until you get thousands of other sheep herded. Until then all the China-China-China is a distraction from much more baseline and broad issues in InfoSec. -Ali On Wed, Feb 20, 2013 at 10:47 AM, Goertzel, Karen [USA] < goertzel_karen () bah com> wrote:
I agree - and grow increasingly frustrated with those who insist on confusing "cyber war" with "cyber espionage" (and vice versa). But I've found it's quite easy to get them to understand the difference by simply asking them to drop the prefix "cyber" from each. Cyber war is simply war fought on an electronic battlefield with digital weapons. The general objectives are the same as physical warfare: disable/destroy the adversary's capabilities. In cyber espionage, by contrast, the objective is to obtain information that is held secret by the adversary. This said, espionage is never an end in itself - information must be used for something to have any value. Thus the (possible) source of confusion (other than that pesky "cyber" tag): one may undertake cyber espionage in aid of cyber war - just as one sends out spies to learn secrets to give one's side a strategic advantage in warfare (or soldiers to do reconnaissance before battle - which is a form of tactical espionage). The problem is that the origin of the cyber attacks involved may be the same, and the timing of the cyber attacks may be (near) simultaneous, so that in the heat of the moment, one might be forgiven for misconstruing as "cyber war" what is in fact "cyber espionage in aid of cyber war". But as the objectives of the two are quite different, the attack patterns are also very likely to be different. So there is no excuse for anyone with more than the most superficial level of understanding of "things cyber" to confuse one with the other. === Karen Mercedes Goertzel, CISSP Lead Associate Booz Allen Hamilton 703.698.7454 goertzel_karen () bah com "If you're not failing every now and again, it's a sign you're not doing anything very innovative." - Woody Allen ________________________________________ From: sc-l-bounces () securecoding org [sc-l-bounces () securecoding org] on behalf of Gary McGraw [gem () cigital com] Sent: 20 February 2013 09:34 To: Secure Code Mailing List Cc: Bruce Schneier; Ross Anderson Subject: [External] [SC-L] Chinese Hacking, Mandiant and Cyber War hi sc-l, No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week. I believe it is important to understand the difference between cyber espionage and cyber war. Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible. (In fact, we might just well be "Gandalfed" and pin the attack on the wrong enemy as explained here: http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare .) Sadly, policymakers seem to think we have completely solved the attribution problem. We have not. This article published in Computerworld does an adequate job of stating my position: http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706BE9 Those of us who work on security engineering and software security can help educate policymakers and others so that we don't end up pursuing the folly of active defense. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Chinese Hacking, Mandiant and Cyber War Gary McGraw (Feb 20)
- Re: [External] Chinese Hacking, Mandiant and Cyber War Goertzel, Karen [USA] (Feb 20)
- Re: [External] Chinese Hacking, Mandiant and Cyber War Ali-Reza Anghaie (Feb 20)
- Re: Chinese Hacking, Mandiant and Cyber War Jeffrey Walton (Feb 20)
- Re: Chinese Hacking, Mandiant and Cyber War Ali-Reza Anghaie (Feb 20)
- Re: Chinese Hacking, Mandiant and Cyber War Glenn Everhart (Feb 21)
- Re: [External] Chinese Hacking, Mandiant and Cyber War Goertzel, Karen [USA] (Feb 20)