Re: [ISN] Experts: Cyberspace could be next target

From: InfoSec News (isnat_private)
Date: Thu Oct 11 2001 - 04:17:01 PDT

  • Next message: InfoSec News: "Re: [ISN] Re: dejavu, Re: Hijackers' e-mails were unencrypted"

    Forwarded from: "Jay D. Dyson" <jdysonat_private>
    On Wed, 10 Oct 2001, InfoSec News wrote:
    > SAN FRANCISCO For 3 years, a shadowy group of computer hackers has
    > broken into hundreds of computer networks and stolen thousands of
    > top-secret files on Pentagon war-planning systems and NASA technical
    > research.
    	If this is true, I am compelled to ask, "What has the DoD and NASA
    done to mitigate this threat?"  
    > A coordinated terrorist attack, experts say, could topple the Internet,
    > muting communications and e-commerce and paralyzing federal agencies and
    > businesses. 
    	Said "terrorist attack" could only succeed in an environment in
    which said federal agencies and businesses do not seek and implement
    meaningful security measures.  Sadly, this reality has been demonstrated
    time and again.
    	With the way things are now, the attackers wouldn't even need to
    be skilled intruders.  Note the ease with which scriptkiddies breach (and
    summarily deface) multiple websites.  Note the speed by which Code Red and
    Nimda propagated across the Internet.  Note the sheer volume of Microsoft
    Outlook-borne trojans and worms that clog our mail servers. 
    	Yet in all this, we focus only on the attackers, totally ignoring
    the common accomplice in all of this: uncaring (if not incompetent) system
    and network administrators.
    	Until such time that the cognizant parties who maintain our
    commercial, government and education sector systems and networks realize
    that security isn't just an option, we will be fighting a losing battle.
    This will be true no matter how many extreme and liberty-limiting laws our
    politicians pass.
    	Vince Lombardi once observed that the best defense is a good
    offense.  This stratagem is sound only when waging a battle with an
    opponent who bears the same limitations (defending a homeland) and risks
    (counterattack against their territory and people).
    	In the case of "cyber-terrorism," the attacker would most
    assuredly utilize breached U.S. servers for the attack on other U.S. sites
    in much the same way that the terrorists utilized our own commercial
    airplanes on September 11th.  With that in mind, against whom could the
    attacked sites level their offense?  The answer is plain: none. 
    	Furthermore, in the case of "cyber-terrorism," the mere notion of
    offensive counterattack is misguided at best.  Only nations allied with
    the West are as dependent on these technologies as is the United States.
    Our opponents have no "digital homeland" to defend.  Thus, we are left
    without a target against which we can launch reprisals.
    	With all of this in mind, the long-held axiom of "the best defense
    being a good offense" will avail us no benefit in the digital realm.  In
    this arena, an offense is of no use.  "Cyber-war" does not and will not
    adhere to the same principles and limitations of real-world war.
    	If anything, the lessons of the past five years should make one
    principle painfully obvious: the best defense is a *real* defense.
    - -Jay
      (    (                                                         _______
      ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
    C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) |    = |-'
     `--' `--'  `-- Peace without honor is life without living. --'  `------'
    Version: 2.6.2
    Comment: See for current keys.
    -----END PGP SIGNATURE-----
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 05:51:45 PDT