http://www.csoonline.com/article/604663/how-your-business-can-avoid-being-collateral-damage-in-a-cyber-war By Richard Power CSO August 23, 2010 All around the world, governments declare they are gearing up for cyber war. I know, I know, to anyone who has been at this for any significant length of time, many of the news stories we are reading today could have, or should have, been written a decade ago, or more. The term "Cyber war" seems to be on everyone's lips again. (Cue the theme music for "Groundhog Day" - again!) In one way, it is hard to take it seriously anymore; in another way, it is incredible that so many governments sound like they are just getting started, again. Nevertheless, even though the chest-beating seems to be a redux, and much of the blustering rhetoric seems to be recycled, the reality on the virtual ground in cyber space is that the capabilities (the offensive ones, at least) have evolved over the last decade, and so have the opportunities. Furthermore, the appetite to use them seems to have grown apace. Yes, something is going on in the shadows; indeed, a lot is going on in the shadows. Meanwhile, in the corporate world, the focus has been on implementing "conventional wisdom" defenses against a broad spectrum of threats from phisher-kings and trophy-hunting hackers to dishonest insiders and unscrupulous competitors. "Conventional wisdom" is never a good guide; and certainly not in cyber security. Oh, of course, it is the safe path in and out of the boardroom for that annual review; until the manure actually hits the propellers. Then, well ... The recent China-Google and Russian Spy Ring headlines drive home a troubling truth: the water is deeper than ever, and rising every fiscal quarter. It is no longer as simple as saying nation states attack nation states or disgruntled employees are 80% of the problem, the reality is much more complex. Over a decade ago, it became apparent that determining where your internal network ended and the "outside world" began was no longer as simple exercise; then some years ago, it became apparent that the definition of an "insider" as an employee or an ex-employee had also broken down. Increasingly, lines are blurred; increasingly definitions are defunct. When China moves against the U.S. government or some large corporate entity (again), or vice versa, or some geopolitical dispute between Russia and one of its former states boils over into the EU, or Latin America or the Middle East erupt in hot cyber war, where will your enterprise be? Will it be in the middle, or on one side or the other? And which side is the right side to be on? I don't mean morally, I mean tactically, and strategically. How can you possibly prepare? How can you possibly justify putting time and grey matter into thinking through what "prepared" would look like? Where is it all going? [...] _______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Aug 24 2010 - 00:52:38 PDT
This archive was generated by hypermail 2.2.0 : Tue Aug 24 2010 - 00:55:15 PDT