Forwarded from: "Jay D. Dyson" <jdysonat_private> -----BEGIN PGP SIGNED MESSAGE----- On Wed, 10 Oct 2001, InfoSec News wrote: > SAN FRANCISCO For 3 years, a shadowy group of computer hackers has > broken into hundreds of computer networks and stolen thousands of > top-secret files on Pentagon war-planning systems and NASA technical > research. If this is true, I am compelled to ask, "What has the DoD and NASA done to mitigate this threat?" > A coordinated terrorist attack, experts say, could topple the Internet, > muting communications and e-commerce and paralyzing federal agencies and > businesses. Said "terrorist attack" could only succeed in an environment in which said federal agencies and businesses do not seek and implement meaningful security measures. Sadly, this reality has been demonstrated time and again. With the way things are now, the attackers wouldn't even need to be skilled intruders. Note the ease with which scriptkiddies breach (and summarily deface) multiple websites. Note the speed by which Code Red and Nimda propagated across the Internet. Note the sheer volume of Microsoft Outlook-borne trojans and worms that clog our mail servers. Yet in all this, we focus only on the attackers, totally ignoring the common accomplice in all of this: uncaring (if not incompetent) system and network administrators. Until such time that the cognizant parties who maintain our commercial, government and education sector systems and networks realize that security isn't just an option, we will be fighting a losing battle. This will be true no matter how many extreme and liberty-limiting laws our politicians pass. Vince Lombardi once observed that the best defense is a good offense. This stratagem is sound only when waging a battle with an opponent who bears the same limitations (defending a homeland) and risks (counterattack against their territory and people). In the case of "cyber-terrorism," the attacker would most assuredly utilize breached U.S. servers for the attack on other U.S. sites in much the same way that the terrorists utilized our own commercial airplanes on September 11th. With that in mind, against whom could the attacked sites level their offense? The answer is plain: none. Furthermore, in the case of "cyber-terrorism," the mere notion of offensive counterattack is misguided at best. Only nations allied with the West are as dependent on these technologies as is the United States. Our opponents have no "digital homeland" to defend. Thus, we are left without a target against which we can launch reprisals. With all of this in mind, the long-held axiom of "the best defense being a good offense" will avail us no benefit in the digital realm. In this arena, an offense is of no use. "Cyber-war" does not and will not adhere to the same principles and limitations of real-world war. If anything, the lessons of the past five years should make one principle painfully obvious: the best defense is a *real* defense. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee."-. >====<--. C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) | = |-' `--' `--' `-- Peace without honor is life without living. --' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO8R5oblDRyqRQ2a9AQGS9gP/e5D5k9fItwBQb6N2Jf0hYknw+iqTpgRB RrPMXM8nmTa8iJq2z1JD+lrhd8wzhLq6TvwRma9gh0HECT3XO/E3ISozKKfVXqHA ygI6B4Xo/c7mljpIdM6B2vZOq1xpvsD42SluSIDP5Gi+nQYjjsEDdZyx3qZqN60U TVRdF3BCjzg= =Bu/c -----END PGP SIGNATURE----- - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 05:51:45 PDT